Re: getting rid of Snake Oil stuff
Joe Auty wrote: Okay, it seems that after restarting apache without the CACertificate directives in there that sign.sh script now works without yielding the error I copied into my last email... I've got myself a netmusician.crt file... what do I do with it now to replace the dummy SnakeOil stuff? You put your new .crt and .key in the conf/ssl.crt and conf/ssl.key directories and change the names in the SSLCertificateFile and SSLCertificateKeyFile directives. Then you give the server a full restart (graceful won't reload certs). (I hope that you guys don't object to the CC) Except that we get every mail twice... Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
GENRSA error!!
Hi all, I would like to know why I have this type of error, during key generating... My action is: /opt/apache/ssl/bin/openssl genrsa -des3 -out vpn.key 1024 and I receive: warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus 23897:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:538: 23897:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182: Can you help me??? Thanks in advance, Marco.
Apache ModSSL 1.3.22
Hello, i just get some errors if i try to load the Apache Modul ssl. I copied the 2 ddl's in the WINNT\SYSTEM32 and put the code in the httpd.conf Now he told me he cant load the Apache Modul SSL into the Server ... Im using a XP Server with Apache 1.3.22 PHP 4.1.1 MySQL 4.00 and ActivePerl. I hope i can find the answer here. Thanks for help Grosswig
Question
Hello, I am a new user of modssl and several questions. I am trying to build modssl and would like to know once I got it installed how can I tell if it is properly installed or working? Is there some sort of compiler flag that I can implement? Natisha __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache modssl last release ...
Hello, i just installed the mod_ssl for Apache. First it workes fine, but i cant tell how, the Apache shuts down the mod_ssl ... i cant reach the mod_ssl url if i open a new browser window. my config file loos so : .. ... LoadModule AddModule. . ... BindAddress design-4-you.ath.cx VirtualHost www.design-4-you.ath.cx ServerAdmin [EMAIL PROTECTED] DocumentRoot E:/Server/www/ ServerName www.design-4-you.ath.cx ErrorLog E:/Server/logs/www.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/www.design-4-you.ath.cx-access_log common ScriptAlias /cgi-bin/ E:/Server/www/cgi-bin/Directory E:/Server/www/ AllowOverride All/Directory/VirtualHost VirtualHost server.design-4-you.ath.cx ServerAdmin [EMAIL PROTECTED] DocumentRoot E:/Server/logs/ ServerName www.design-4-you.ath.cx ErrorLog E:/Server/logs/server.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/server.design-4-you.ath.cx-access_log commonDirectory E:/Server/logs/ AllowOverride All/Directory/VirtualHost VirtualHost mysql.design-4-you.ath.cx ServerAdmin [EMAIL PROTECTED] DocumentRoot E:/Server/phpmyadmin/ ServerName mysql.design-4-you.ath.cx ErrorLog E:/Server/logs/mysql.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/mysql.design-4-you.ath.cx-access_log commonDirectory E:/Server/phpmyadmin/ AllowOverride All/Directory/VirtualHost #SSLMutex semSSLRandomSeed startup builtinSSLSessionCache dbm:C:/Apache/logs/ssl_gcache_dataSSLSessionCacheTimeout 600SSLProtocol all#SSLVerifyClient requireSSLVerifyDepth 10 #SSLOptions +FakeBasicAuth -StrictRequire SSLLog logs/SSL.logSSLLogLevel warn VirtualHost ssl.design-4-you.ath.cxServerAdmin [EMAIL PROTECTED]ServerName design-4-youDocumentRoot E:/Server/secure/ErrorLog E:/Server/logs/secure.design-4-you.ath.cx-error_logCustomLog E:/Server/logs/secure.design-4-you.ath.cx-access_log commonSSLEngine OnSSLCertificateFile conf/ssl/www.design-4-you.ath.cx.certSSLCertificateKeyFile conf/ssl/www.design-4-you.ath.cx.key/VirtualHost -- by the way, im using windows 2000 professional Apache/1.3.22 (Win32) mod_ssl/2.8.5 OpenSSL/0.9.6b PHP/4.1.1 I hope u can help me ... mybe tell me how the order should be in the httpd.conf that mod_ssl works correct ...
[BugDB] apache/tomcat/mod_ssl 304 error (PR#660)
Full_Name: Version: 2.8.5 OS: Solaris 2.8 Submission from: (NULL) (199.46.199.231) Configured the mod_ssl with ./configure \ --with-apache=../apache_1.3.22 \ --with-ssl=/usr/local/ssl \ --prefix=/usr/local/apache \ --enable-shared=ssl \ --enable-module=most \ --enable-shared=max \ --enable-rule=SSL_SDBM \ --with-crt=/usr/local/ssl/misc/WebServer/server.crt \ --with-key=/usr/local/ssl/misc/WebServer/server.key \ I also created and installed mod_jk (part of tomcat) after making and installing apache with mod_ssl. I am running tomcat 3.3a. ...since version 4.0 does not support load balancing... reloading the http://hostname/examples/jsp/index.html page periodically will give a strange result. The top part of the page contains the results header from the previous request. This seems to only occur with Netscape 4.7x and not IE 5.x The following is the page when the problem occurs. Error: 304 Location: /examples/jsp/index.html HTTP/1.1 304 Not Modified Date: Tue, 15 Jan 2002 22:55:08 GMT Server: Apache/1.3.22 (Unix) mod_jk/1.1.0 mod_ssl/2.8.5 OpenSSL/0.9.6b Content-Length: 121 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Content-Type: text/html Error: 304 Location: /examples/jsp/index.html I have been able to determine that the error does not occur with non-tomcat pages with ./apachectl startssl and also does not occur at all with ./apachectl start (instead of startssl). Even tomcat works without the mod_ssl enabled. It seems that the combination of using tomcat and mod_ssl have created a unique condition on 304 errors. If you hold the shift down, the problems disappears since there are only 200 error codes returned. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Broken link on your website
Title: InternetSeer I noticed that your page: http://www.modssl.org/docs/2.8/ssl_faq.html contained a link to: http://www.wassenaar.org/. The page at http://www.wassenaar.org/ cannot currently be accessed because of the following error: Time Out. We last examined your page on 08-28-2001. If your page has not been updated since 08-28-2001, your link is most likely currently broken. No one likes broken links on their website so we thought youd like to be the first to know. WHO ARE WE? Were Internetseer.com, the worlds largest FREE website monitoring service. One recent subscriber wrote the following; You did an awesome job identifying to me that our site went down and tracking it until it came back up again. HOW CAN OUR SERVICE BE FREE? Our service is supported by advertisers and subscribers who purchase additional services, but our basic service is FREE. Activating a free website monitoring account could not be easier. Click here for auto sign-up. WHAT DO YOU GET FOR FREE? Well monitor your site once every hour, 24 hours a day, seven days a week for free. You can even have multiple people notified when we detect an error. In addition, youll receive a website performance report every week showing uptime percentages, average connect times, helpful links to others sites and of course promotions from our advertisers. You can cancel your free subscription at any time. This message is not spam because we are not trying to sell you a service. We are simply advising you that a link on your website is currently broken due to the error listed above. If you would like to subscribe to our free website monitoring service, please click here. If you do not wish to receive any further email messages from us, click here to cancel, or reply to this message with the word "cancel" in the subject line. We sincerely hope that youll become one of InternetSeers 850,000 plus satisfied subscribers. Sincerely, Cindy Jordan Web Site Analyst InternetSeer.com "Free Website Monitoring" http://www.internetseer.com ##[EMAIL PROTECTED]##
Re: Apache modssl last release ...
[ Falk Großwig ] wrote: Hello, i just installed the mod_ssl for Apache. First it workes fine, but i cant tell how, the Apache shuts down the mod_ssl ... i cant reach the mod_ssl url if i open a new browser window. VirtualHost ssl.design-4-you.ath.cx ServerAdmin [EMAIL PROTECTED] ServerName design-4-you DocumentRoot E:/Server/secure/ ErrorLog E:/Server/logs/secure.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/secure.design-4-you.ath.cx-access_log common SSLEngine On SSLCertificateFile conf/ssl/www.design-4-you.ath.cx.cert SSLCertificateKeyFile conf/ssl/www.design-4-you.ath.cx.key /VirtualHost So this is your SSL VH? First, you need: Listen 443 before the VH so apache listens to port 443, which is where SSL works. Second, you need to define port 443 in the VH, i.e. VirtualHost ssl.design-4-you.ath.cx:443 Third, you need to start apache with SSL. In unix, the command is: # apachectl startssl or (more primitively) # ./httpd -DSSL check the docs for the appropriate command under windows. Rgds, Owen boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Question
Natisha Greenway wrote: Hello, I am a new user of modssl and several questions. I am trying to build modssl and would like to know once I got it installed how can I tell if it is properly installed or working? Is there some sort of compiler flag that I can implement? You need to create an SSL virtual host in httpd.conf and restart apache in SSL mode. Look in the mod_ssl docs for the directives you need to use to define an SSL VH rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache modssl last release ...
[ Falk Großwig ] wrote: Hello, i just installed the mod_ssl for Apache. First it workes fine, but i cant tell how, the Apache shuts down the mod_ssl ... i cant reach the mod_ssl url if i open a new browser window. VirtualHost ssl.design-4-you.ath.cx ServerAdmin [EMAIL PROTECTED] ServerName design-4-you DocumentRoot E:/Server/secure/ ErrorLog E:/Server/logs/secure.design-4-you.ath.cx-error_log CustomLog E:/Server/logs/secure.design-4-you.ath.cx-access_log common SSLEngine On SSLCertificateFile conf/ssl/www.design-4-you.ath.cx.cert SSLCertificateKeyFile conf/ssl/www.design-4-you.ath.cx.key /VirtualHost So this is your SSL VH? First, you need: Listen 443 before the VH so apache listens to port 443, which is where SSL works. Second, you need to define port 443 in the VH, i.e. VirtualHost ssl.design-4-you.ath.cx:443 Third, you need to start apache with SSL. In unix, the command is: # apachectl startssl or (more primitively) # ./httpd -DSSL check the docs for the appropriate command under windows. ...which would be apache -D SSL Fourth, your apache needs to be compiled with the -EAPI flag, otherwise mod_ssl will not work. if you use a binary distribution, this is most probably not the case. AFAIK there is no such distribution for 1.3.22 /win32. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Message counts in Apache
We're implementing a network services database where key applications on the system update counters for messages in and messages out that can then be examined by the system operators. What exactly a message is depends on the application, but in Apache I assume this will be HTTP GET/PUT/POST requests. In a quick look at the Apache code, I see the function increment_counts in http_main.c. Would this be the best place to add the message counter? The message counts are kept on a port and protocol basis. How do I distinguish between the different ports that may be configured in httpd.conf, like a Listen 443 for example? Regards, Evan Jennings TPF Development, IBM Corp. Poughkeepsie NY (845) 435-1918 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
can reverse proxy send server cert onwards
I am using a reverse proxy built with apache 1.3.19 with mod_rewrite and mod_proxy, and mod_ssl 2.8.2. The connection looks like: ClientProxy Application --- --- - SSL connect 1 - SSL connect 2 - SSL connection 1 uses client and server certs (SSLVerifyClient require). I also need to use client and server certs on SSL connection 2 (i.e. the connection initiated by mod_proxy). But when the application Apache server requires a client cert (SSLVerifyClient require) it does not receive a cert from the proxy. Is there a way to configure mod_ssl / mod_proxy to send a cert on SSL con 2? The cert does not need to be related to the cert on SSL connection 1, and I also don't need to forward any fields from the client cert as HTTP headers. Here are some relevant config statements from the proxy SSLCertificateKeyFile ${crtdir}/${hostname}.key SSLCertificateFile${crtdir}/${hostname}.crt SSLCertificateChainFile ${crtdir}/ubs-ca.crt SSLCACertificateFile ${crtdir}/conextradeCA-qa1.crt SSLVerifyClient require RewriteEngineOn RewriteRule ^/(xcc)$ https://${appl}/$1 [P,L] RewriteRule .* - [F] Thanks Ian -- Ian Beselin (BH-I5EW-MF9) [EMAIL PROTECTED] +41 1 236 1629 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]