Re: Nowhere talks about RPMS installation. Is it possible?
Thanks for your answers, Andrew Lietzow and Owen Boyle. I have discover that my virtualhost was defined wrongly. (On the port 433!!!) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Creating client certificates ?
here is what i did to generate client sertificates. be aware of the clientakey.pem and clienta.pem are two different files. 1. openssl req -new -out clienta.csr -keyout clientakey.pem Enter the details for the certificate, i.e common name being the client/employee, \ "Joe Bloggs". 2. openssl x509 -req -in clienta.csr -out clienta.pem -CA YOUR_SERVERS_CERTIFICATE \ -CAkey YOUR_SERVERS_PRIVATE_KEY -CAcreateserial -days 365 -outform PEM 3. openssl pkcs12 -export -in clienta.pem -out clienta.p12 -inkey clientakey.pem \ -name "Joe Bloggs" Distribute clienta.p12 (rename clienta.p12 to Joe_Bloggs.p12) to client/employee. Haldor. On Thu, 4 Apr 2002 01:43:05 +0200 (MEST) [EMAIL PROTECTED] wrote: >[EMAIL PROTECTED] wrote: >> >> Hello modssl users ! >> >> I managed to set up an ssl aware web server. >> Although I searched the web and also the list >> archive I haven't been able to create a client >> certificate which is signed by my own CA for >> client authentication. >> >> Could someone describe the process of creating >> such a certificate in detail ? > > >Thank you Owen for your answer but you misunderstood >my question. >And you Maik misunderstood my question, too. >I, of course, read the FAQ and all the other available docs >but they say nothing about creating client (!) certificates ! >The process of creating a server certificate is sufficiently >documented in the FAQ and it was no problem for me to >create it. > >My question is: How can I create client (!) certificates for > client authentication to the server and not > server certificates ?! > >Anyone ? > >-- >GMX - Die Kommunikationsplattform im Internet. >http://www.gmx.net >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Creating client certificates ?
When a client browser reaches an SSL-secured page, the browser checks to see whether the 'server' certificate is trusted. In Internet Explorer 5.5, you can view a list of trusted certificates from: (Menu) Tools|Internet Options... -> Content TAB | Certificates.. BUTTON. You should be able to view all installed certificates. These certificates have either been pre-installed, or installed when visiting an SSL-site and agreeing to download. This is how a 'client' certificate exists. An easy way of getting hold of the 'client certificate' that you yourself have signed (mine is attached) is by going to your own site and agreeing to trust your site (!). The certificate would then be installed on your machine. Then view all installed certificates (explained above for IE), and Export the certificate. Doing all this allows you to pass on a copy of your certificate to someone, and tell them to Import it into their trusted list. I feel it's all a bit unneccesary, but now you should be "able to create a client certificate which is signed by my own CA for client authentication." ! Shiraz -Original Message- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 12:43 AM To: [EMAIL PROTECTED] Subject:Re: Creating client certificates ? [EMAIL PROTECTED] wrote: > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? Thank you Owen for your answer but you misunderstood my question. And you Maik misunderstood my question, too. I, of course, read the FAQ and all the other available docs but they say nothing about creating client (!) certificates ! The process of creating a server certificate is sufficiently documented in the FAQ and it was no problem for me to create it. My question is: How can I create client (!) certificates for client authentication to the server and not server certificates ?! Anyone ? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] designlinks.cer Description: application/x509-ca-cert
a perl directive don't work with ssl
What have i to put into the virtual host $RewriteEngine="on"; unless ($?) { $RewriteRule = '^/(img/.*) http://barra.es/$1'; push @RewriteRule , ('^/(pdf/.*) http://barra.es/$1'); push @RewriteRule , ('^/(docs/.*) http://barra.es/$1'); } push @RewriteRule , ('^/(dat/.*) /serveis/$1'); __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Performance Issue
Definetly, Cliff. I'll send it to you ASAP. Thank you. On Mon, 2002-04-01 at 17:48, Cliff Woolley wrote: > On Mon, 1 Apr 2002, Alex wrote: > > > I am experiencing exactly the same issue after upgrade of couple of > > servers in our web-farm from Sol.2.6 to Solaris 8 (running on Sun Enterprise). > > We are using Apache 1.3.9 on Solaris 2.6, Apache 1.3.23/mod_ssl 2.8.7 on > > Solaris 8. > > > > Please, let me know if you find something that explains such a high load > > and a way to eliminate it. > > As I mentioned the last time (and never got a response): > > To help track this down, can you do a before-and-after run of the > following: > > truss -c > lockstat -CP sleep 5 > > and email the outputs of both from the old version and the new version to > me? > > Thanks, > Cliff > > -- >Cliff Woolley >[EMAIL PROTECTED] >Apache HTTP Server Project > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > -- Denis A.V.Jr. - [EMAIL PROTECTED] Systems Engineer - ICQ 2524962 Universo Online perl -e 'print "computers are like air-conditioners: they stop working when you open windows ", pack("c*",hex "3A",sqrt(2025),(unpack(c,"=")-20),10);' __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
test installed certificates
hi, i don't know if this list is the best for my question, my deepest apologies if not is there a way to know thanks to apache and/or modssl if a given root ca is installed on the client side (browser) ? what i want to avoid is a page like : *** click here to install our root CA ___ *** if the given file is already installed thanks all __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache Server:Https mode
Hi, I have successfully installed apache with mod_ssl setup. But i was not able to get the page in https mode. (mod_ssl.c is also enabled.)How can i run this in https mode with a security certificate. Mahesh Mahalingam __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Question about errors browsers give on non-validated keys
Hi, my work bought a certificate from thawte, and it is for travelguides.com. I installed the cert and modssl is working with no problems, except when I click on a link that goes to a secure (https) part of the site, different browsers pop up this message: Netscape: travelguides.com is a site that uses encryption to protect transmittedinformation. However, Netscape does not recognize the authority whosigned its Certificate. Although Netscape does not recognize the signer of this Certificate, you maydecide to accept it anyway so that you can connect to and exchangeinformation with this site. This assistant will help you decide whether or not you wish to accept thisCertificate and to what extent. Opera: This sites certificate chain is incomplete and the signer is not verified, continue? IE: says something about it is sign but on the wrong domain. My question is, it is signed for travelguides.com but I have tried putting the https listening on secure.travelguides.com and just regular travelguides.com and I still get this prompt. How do I get rid of it? Thanks
APache mod-ssl problems.
Hi, I have installed APache 1.3.24 with openssl and mod_ssl last versions. The problem that I have is in apache conf. file. I have httpd and httpsd running and 2 diffetent config files accordingly to httpd or httpsd I also have 3 sites using ssl. My problem is that apache sees the certificate for only the first site defined in the config file, and when I go to the other two sites it takes the certificate from the first site only. I doesn't recognize the certificate I made for it in his config virtual host section. Any idea how to fix this? Thanks, Ovi __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Question about errors browsers give on non-validated keys
On Thu, Apr 04, 2002 at 08:19:20PM -0800, Cliff wrote: > > Opera: This sites certificate chain is incomplete and the signer is not verified, >continue? > This looks like you might have to get a CA certificate chain from Thawte and put it in http://www.modssl.org/docs/2.8/ssl_reference.html#ToC12 vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]