Using ols PEM pass phrase
Hi, My problem is that i changed the PEM pass phrase during a recompile when i did the "make certificate " command. But i try to start the ssl enabled apache server with the new pass phrase it does not accept it but the old one works. Also when i did make install the following messages came out .. make[2]: Leaving directory `/usr/local/apache/conf/ssl.crt' [PRESERVING EXISTING CSR FILES: /usr/local/apache/conf/ssl.csr/*] [PRESERVING EXISTING PRM FILES: /usr/local/apache/conf/ssl.prm/*] [PRESERVING EXISTING KEY FILES: /usr/local/apache/conf/ssl.key/*] === [config] Do i have to change these directories. Any help will be appreciated Regards Nazia __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
No common encryption algorithms
Further to the previous message, I got curl and tried that too: it reads things fine. I also uprated (Fortified) the Communicator from 40 to 128 bits and it didn't help at all. -- I think men who have a pierced ear are better prepared for marriage. They've experienced pain and bought jewelry. -- Rita Rudner __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problems changing PEM to DER
Hi, we have an inhouse CA which uses Netscapes CMS. Unfortunately CMS only accepts DER encoded certificates AFAIK. So I tried to change my generated PEM certificate to DER but I only get an error msg. System: apache 1.3.6 + mod_ssl 2.3.5 + openssl 0.9.3a on linux 2.0.36/libc6 key generated with: openssl genrsa -des3 -out server.key 1024 (I use a passphrase on that key) certificate request generated with: openssl req -new -days 730 -config sslconfig.cnf -key server.key -out server.csr Trying to change the encoding (as mentioned in http://www.modssl.org/docs/2.3/ssl_faq.html#ToC28) I get an error message: unable to load certificate 117:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:566: What can I do to change the encoding? Thanks for your help Klaus -- Klaus Rothert [EMAIL PROTECTED] RSA 2048-0xF4ADF0F5 3E6B FD10 299B AE61 DE69 533A 1F60 1925 Q: What machine runs NT best? A: A slide projector. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Using ols PEM pass phrase
As the output suggests, the files in these dirs have been preserved. If you want to use new keys and certs you need to copy the newly generated there by hand. Nazia Fazili schrieb: Hi, My problem is that i changed the PEM pass phrase during a recompile when i did the "make certificate " command. But i try to start the ssl enabled apache server with the new pass phrase it does not accept it but the old one works. Also when i did make install the following messages came out .. make[2]: Leaving directory `/usr/local/apache/conf/ssl.crt' [PRESERVING EXISTING CSR FILES: /usr/local/apache/conf/ssl.csr/*] [PRESERVING EXISTING PRM FILES: /usr/local/apache/conf/ssl.prm/*] [PRESERVING EXISTING KEY FILES: /usr/local/apache/conf/ssl.key/*] === [config] Do i have to change these directories. Any help will be appreciated Regards Nazia __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Holger Reif Tel.: +49 361 74707-0 SmartRing GmbH Fax.: +49 361 7470720 Europaplatz 5 [EMAIL PROTECTED] D-99091 ErfurtWWW.SmartRing.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] I/O error during security authorization (PR#210)
Full_Name: Dario Castagnino Version: 2.2.4 OS: Linux 2.0.36 Submission from: (NULL) (200.1.228.95) We are using Mod_ssl Open_ssl with Apache server 1.3.4. We are having problems when we try to use the post method to communicate to programs via CGI. When the browser tries to make the post, it pops a window saying: an I/O error ocurred during security authorization. We do not get the error when we use GET method. We tried to solve it by changing the executables permissions so that everybody can execute, read and write on them. After that the error persisted on some programs , but not all of them. Also on the programs that worked, it also failed from time to time. The error_logs of the apache shows nothing about the problem. Also if we try the same applications with no ssl (apache without ssl) there are no problems at all. Any help on this will be appreciated __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl 2.3.6 install
On Mon, Jul 19, 1999, Daniel Reichenbach wrote: I tried to install mod_ssl 2.3.6 on Win98, following install.win32 and it didn`t work. I can`t figure out why. When I start the configure.bat with configure.bat --with-apache=..\apache_1.3.6 --with-ssl=C:\Programme\OpenSSL my DOS-Box says "Command not found". But which could it be? I have Win98, Visual Studio 97 (with SP3), Perl 5.003_07 from ActiveState, Cygwin32 B20. Perl, VS97 and Cygwin32 are all in the PATH variable. What could this be? I tested the same thing under WinNT Server with the same progs installed and it works !? Could anyone help me??? Perhaps "perl" is not in PATH? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Problems changing PEM to DER
On Wed, Jul 21, 1999, Rothert, Klaus wrote: certificate request generated with: openssl req -new -days 730 -config sslconfig.cnf -key server.key -out server.csr Trying to change the encoding (as mentioned in http://www.modssl.org/docs/2.3/ssl_faq.html#ToC28) I get an error message: unable to load certificate 117:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:566: What can I do to change the encoding? The above command generates a CSR, not a cert, and you try to read and convert it as a cert. You've to first generate a cert out of your CSR. Either by an explicit openssl x509 command or at least by using the -x509 option of openssl req. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: htaccess with SSL
On Thu, Jul 15, 1999, Jim Tay wrote: [...] the discussion board. When I access the discussion board on the SSL-enabled site, it just goes straight into the site without the popup appearing. [...] SSLOptions +FakeBasicAuth [...] I thought using the FakeBasicAuth option would do it, but it's not working. Do I need to use the SSLRequire directive? It seemed too complicated for a newbie like me to tackle. I've looked through the manual and searched the mailing list but I haven't been able to find a solution that works for me. Do you have any ideas? The FakeBasicAuth fakes the username/password with the details in a existing client cert. So when it "goes straight into the site" I guess you used a client certs which DN fulfilled the basic auth or the basic isn't applied at all. Then perhaps check the AllowOverride directives and related things of mod_auth. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: file-descriptor bug in mod_ssl 2.3.5 (shared memory) ?
On Fri, Jul 16, 1999, [EMAIL PROTECTED] wrote: (Solaris 2.5.1, apache 1.3.6, mod_ssl 2.3.5) Do you have losts of virtual hosts? No, just the SSL ist defined as VirtualHost on Port 443. BTW, we will try 2.3.6 and then check again. With 2.3.6 I've fixed a leak related to memory and fds: *) Fixed memory leaks on restarts related to shared memory session cache: the MM object wasn't removed at all. So even when you have only a few vhosts, but do lots of restarts, the problem can occur with 2.3.6 versions. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl-2.3.5-1.3.6
On Fri, Jul 16, 1999, John Lange wrote: We'll there is at least 3 of us with this problem now. (see my message subject: "Constant seg fault in child processes"), (also Michael Ed's problem seems to be similar), so I don't think its just a case of one machine not being configured correctly. It's been mentioned that a core dump should be provided. Where do I look for them? [...] Me again... I just followed the US instructions in mod_ssl-2.3.5-1.3.6 with the optional mm-1.0.9 instructions. I've got the snake oil certificate in place. When starting the httpd server: ./httpd -f /home/www/www/conf/httpd.conf -DSSL it presents me with a dialog to enter a pass phrase and I do... at this point everything seems fine. It returns a successful return code. ...but there are no servers running... It does create a pid file and all of the log files and and: -rw-r--r-- 1 root root 675 Jul 14 21:26 ssl_engine_log -rw--- 1 www root0 Jul 14 21:26 ssl_mutex.14477 -rw-r--r-- 1 root root0 Jul 14 21:26 ssl_request_log -rw--- 2 www root12288 Jul 14 21:26 ssl_scache.dir -rw--- 2 www root12288 Jul 14 21:26 ssl_scache.pag the ssl_engine_log is: [14/Jul/1999 21:26:23] [info] Server: Apache/1.3.6, Interface: mod_ssl/2.3.5, Library: OpenSSL/0.9.3a [14/Jul/1999 21:26:23] [info] Init: 1st startup round (still not detached) [14/Jul/1999 21:26:23] [info] Init: Initializing OpenSSL library [14/Jul/1999 21:26:23] [info] Init: Loading certificate private key of SSL-aware server www.mankato.msus.edu:443 [14/Jul/1999 21:26:23] [info] Init: Requesting pass phrase via builtin terminal dialog [14/Jul/1999 21:26:25] [info] Init: Wiped out the queried pass phrases from memory [14/Jul/1999 21:26:26] [info] Init: 2nd startup round (already detached) [14/Jul/1999 21:26:26] [info] Init: Reinitializing OpenSSL library You mean there is really _NOTHING_ the Apache error log? I cannot believe this, even on a core dump there would be an error. BTW, try to start the server with option -X and look whether it really returns immediately. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL variables running APACHE on Windows NT 4.0
On Mon, Jul 19, 1999, Ruetzel, Arnold wrote: I wrote my own module which is loaded by Apache at startup time. This module has to access the SSL variables in the "URI to filename translation" phase, but the variables are not available at this phase. Does anybody know what I have to do to make the SSL variables available to me in the "URI to filename translation" phase ? Is there a way to make use of mod_ssl's API's to get my hands on the SSL variables and how would that be done? When you looked into mod_rewrite, you would have found: #ifdef EAPI ap_hook_use("ap::mod_rewrite::lookup_variable", AP_HOOK_SIG3(ptr,ptr,ptr), AP_HOOK_DECLINE(NULL), result, r, var); #endif A similar call in your module will give you the results. PS: A note for Ralf Engelschall: Do you have any plans to change mod_ssl to make the SSL variables available right from the start, that is before the post_read_request or header_parser handlers are being called. Hmmm... mod_ssl currently does it in the "correct/intended" phase. But sure, it shouldn't harm to provide them earlier. I've to admit that I currently forgot what the reason was that have not done this already. I'll think about this again Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]