Re: secure to nonsecure
** Reply to note from Darian Ong [EMAIL PROTECTED] 11 Jun 00 22:26:25 MDT Hello all, I am writing a cgi script to process a HTML FORM in the secure mode. After the FORM is processed, I need to redirect the user to a non- secured page. I have my virtual host setup like this: VirtualHost ip_address:80 ... Redirect ^/secure/(.*) https://mysite/secure/$1 ... /VirtualHost VirtualHost ip_address:443 ... Redirect ^/unsecure/(.*) http://mysite/unsecure/$1 ... /VirtualHost I process the FORM with a script process.cgi under the secure directory and the result of this script is a simple HTML page that contains: html script language="Javascript" function redirectPage(){ document.location.href="https://mysite/unsecure/showpage.cgi"; } /script body onload="redirectPage()" /body /html However, after the script process.cgi is executed and the above HTML page is returned to the browser, I got this warning message from my browser: Warning! You have requested an insecure document that was originally designated a secure document (the location has been redirected from a secure to an insecure document). The document and any information you send back could be observed by a third party while in transit. How can I switch from a secure mode to an insecure mode without such warning from the browsers? You can't. The way I do it is make the next page you re-direct to secure. On that page you can have non-secure links that don't have the warning. The user can select a non-secure link, and things are ok, but if the user asks for a secure page, you have to send a secure result. Trying to redirect to a non-secure page is a no-no, as is trying to include images from a non-secure source. You (on the server side) can not make the choice to drop secure mode, you have to let the user do it. Rick Widmer Internet Marketing Specialists http://www.developersdesk.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
How can I create certificates and keys using *.bat files? Please help.
I need to be able to create keys and certificates using *.bat files? How can I do that? Derke Derek DeMoroChief Technical OfficerBallotDirect(650) 799-8490
IE 5 cipher negotiation
Hello, There is problem with export versions of IE 5 (with 56 bit key). Cipher negotiation depends on URL type. With any URL which points to the server (alias name, IP) EXCEPT correct one (same as CN field), connection works well. Problem appears only in few versions of IE (ca 5.00.20xx - 5.00.28xx). I have latest mod_ssl/open_ssl/apache with SGC enabled cert. I really need HELP. --- Piotr Sloniowski __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] starting httpd (PR#395)
Full_Name: Version: 2.4.10 OS: AIX/unix Submission from: (NULL) (195.212.29.99) When i try to start up apache httpd webserver it comes back with the message :httpd could not be started and when i look into my errorlog i see the following entry [Tue Jun 13 10:56:43 2000] [error] mod_ssl: Init: Failed to generate temporary 512 bit RSA private key I did a make certificate and that worked fine. But when i do a openssl -noout -text -in server.key then i see that the keys that are made are 1024 keys could this have something to do with it? and else how can i solve the problem? thanks in advance, __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE 5 File Download Problems
Hi Chris. The directive KeepAlive is very important, mainly on sites that serves static resources. This directive allows you control the persistency of connections. If your site have little dynamic content, I really believe that you must activate KeepAlive and adjust the directive MaxKeepAliveRequest. Some versions of browsers (Netscape or MS IE) have problems with KeepAlive, however thhe newset ones donĀ“t. You must be careful when using Keep Alive with downloading to avoid a few clients to use all the Web Server Resources for many time. I would like to know what the presented explanation by the list. Bye. Danilo. From: "Chris Pomerantz" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IE 5 File Download Problems Date: Mon, 12 Jun 2000 19:11:28 -0700 I am trying to allow users to download a zip file from my web site. I have disabled keep alive just as the faq stated, which by the way made my life much easier by fixing numerous problems. No thanks to Microsoft. If I use Internet Explorer I am unable to download the file, a message pops up saying: Internet Explorer cannot download "the file". Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later. I am downloading the file through a refresh header command using php4. I've tried both relative and complete URL's. This works with Navigator and over straight HTTP no SSL. Any ideas? Thanks, Chris Pomerantz __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: How can I create certificates and keys using *.bat files? Please help.
--- Derek DeMoro [EMAIL PROTECTED] wrote: I need to be able to create keys and certificates using *.bat files? How can I do that? Are you using OpenSSL? It has a command-line interface that can be executed from a *.bat; check out http://www.openssl.org/docs/apps/genrsa.html Paul = __ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [BugDB] failed to generate temporary key? (PR#396)
On Tue, Jun 13, 2000 at 11:08:32PM +0200, [EMAIL PROTECTED] wrote: Full_Name: Kushal Dave Version: 2.6.4 OS: Solaris Submission from: (NULL) (206.241.2.105) When I start apache using apachectl, with or without SSL, it quits, and in the error_log, I find a message saying "mod_ssl: Init: Failed to generate temporary 512 bit RSA private key". Any idea why it's doing this? I remember seeing something about setting a random seed or something but now I can't seem to find it...Thanks so much for any help. It's in the FAQ: http://www.modssl.org/docs/2.6/ssl_faq.html#entropy vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]