x.509 on Apache
Title: RE: Apache 2.039 Hi: I am try to config Apache 1.3.26 with SSL. I create a certificate and Apache server runs. But when I try visit the website from windows browser (IE5.x or Netscape 6.x), it can not visit the website. I have referenced some document, but none of really solve the problem. Any one has good document or instruction for that? Steve
error while signing the csr
Hi , I want to create a ssl server certificate for an intranet server (apache 1.3.14). I carefully follow the instruction of the documentation which comes with mod-ssl : I created a private key for the server: # openssl genrsa -des3 -out server key 1024 I created a csr with the previous generated key # openssl req -new -key server.key -out server.csr As it is for an intranet server, I decided to use my own certificate authority , I first created a private key for the ca : # openssl genrsa -des3 -out ca.key 1024 I created a self signed certificate with this key : # openssl req -new -x509 -days 365 -key ca.key -out ca.crt Then I used the sign.sh script : # ./sign.sh server.csr Everything 's all right untill he asks me to commit : 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt - CA cert server.crt: [] error 18 at 0 depth lookup:self signed certificate [...] error 7 at 0 depth lookup:certificate signature failure Did I do sth wrong ? what's the meaning of these two errors message? Thanks for your help :) -- Philippe, [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: x.509 on Apache
Are using OpenSSL 0.9.6d ? If, so...Please upgrade to OpenSSL 0.9.6e, then I think you can visit the website by using https protocol ! "Bao, Xiliang" wrote: Hi:I am try to config Apache 1.3.26 with SSL. I create a certificate and Apache server runs.But when I try visit the website from windows browser (IE5.x or Netscape 6.x), it can notvisit the website. I have referenced some document, but none of really solve the problem.Any one has good document or instruction for that?Steve
Re: error while signing the csr
Hello, Many users they recommend to use apache 1.3.26 and OpenSSL 0.9.6d ( I suggest to use 0.9.6e, because I was fail to compile and install 0.9.6d, but I want to know is it a bug about apache 1.3.26 and OpenSSL 0.9.6d really from other user ) ! Edward. Philippe Marsalle wrote: Hi , I want to create a ssl server certificate for an intranet server (apache 1.3.14). I carefully follow the instruction of the documentation which comes with mod-ssl : I created a private key for the server: # openssl genrsa -des3 -out server key 1024 I created a csr with the previous generated key # openssl req -new -key server.key -out server.csr As it is for an intranet server, I decided to use my own certificate authority , I first created a private key for the ca : # openssl genrsa -des3 -out ca.key 1024 I created a self signed certificate with this key : # openssl req -new -x509 -days 365 -key ca.key -out ca.crt Then I used the sign.sh script : # ./sign.sh server.csr Everything 's all right untill he asks me to commit : 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt - CA cert server.crt: [] error 18 at 0 depth lookup:self signed certificate [...] error 7 at 0 depth lookup:certificate signature failure Did I do sth wrong ? what's the meaning of these two errors message? Thanks for your help :) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: error while signing the csr
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 www.google.com search: error 7 at 0 depth lookup:certificate signature failure the first is: http://lists.openna.com/archives-openna-users/2002-February/msg00028.html not more not less (RTFM google) or die(i'm too lame, adios); - -- maumar -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9U6PY4Q/49nIJTlwRAnDHAJ0V7JUqM6MIWlDuNUdXQzSlaBc8HwCff9RH EgE64xQ3Mbuq7vaLlaY6IMQ= =MQQ7 -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Thu, 8 Aug 2002, Cliff Woolley wrote: Upgrade to 0.9.6e. Make that 0.9.6f, released today. :) --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: Make that 0.9.6f, released today. :) That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 09 August 2002 04:27 pm, Cliff Woolley wrote: On Thu, 8 Aug 2002, Cliff Woolley wrote: Upgrade to 0.9.6e. Make that 0.9.6f, released today. :) g, just a few minutes ago.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9U9M/4Q/49nIJTlwRAgh9AJ9RVLUm+8WXtqAkgDNTij/fJnTvdQCfVRko S0+auy1Me02md2SuHyvmDA4= =gl4i -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache 2.039
Title: RE: Apache 2.039 Followed your instruction, finally got every configuration done. But server won't start with following message in error_log, [Fri Aug 09 11:49:29 2002] [warn] Init: PRNG still contains not sufficient entropy! [Fri Aug 09 11:49:32 2002] [error] Init: Failed to generate temporary 512 bit RSA private key Configuration Failed Thanks. -Original Message- From: Daniel Lopez [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 2:09 PM To: [EMAIL PROTECTED] Subject: Re: Apache 2.039 Have a look at http://www.apacheworld.org/ty24/site.chapter17.html That is a chapter I have online that explains step by step how to build Apache 2 with SSL support. When I run configure --with-ssl=$directory_of_open_ssl, it complained that it can't find ssl toolkit library. Did I do anything wrong? Thanks. Wei -Original Message- From: Cliff Woolley [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 1:50 PM To: [EMAIL PROTECTED] Subject: Re: Apache 2.039 On Thu, 8 Aug 2002, Tony Jarriault wrote: I'm search openssl for Apache 2.039, where can i find it, please ? I assume you mean mod_ssl, not openssl. mod_ssl is bundled with Apache 2.0.x -- check your copy of Apache 2.0 and you'll find that it's already there (caveat: we do not distribute binaries of mod_ssl, only source code). OpenSSL is the same regardless of what mod_ssl you use and is available at www.openssl.org. --Cliff PS: Can we PLEASE add this to the FAQ or even the main modssl.org site? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) I guess today was the day for releases. Apache 2.0.40 is now out as well. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: On Fri, 9 Aug 2002, Cliff Woolley wrote: That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) I guess today was the day for releases. Apache 2.0.40 is now out as well. Any word on if this compiles on those older linux kernels as the previous release was a total dud in that realm? Thanks, Ron DuFresne -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
This is a security fix release for those using apache in Cygwin environments! quote Date: Fri, 9 Aug 2002 22:07:52 +0100 (BST) From: Mark J Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED], Full Disclosure [EMAIL PROTECTED], Vuln-Dev [EMAIL PROTECTED] Subject: [Full-Disclosure] Apache 2.0 vulnerability affects non-Unix platforms -BEGIN PGP SIGNED MESSAGE- For Immediate Disclosure === SUMMARY Title: Apache 2.0 vulnerability affects non-Unix platforms Date: 9th August 2002 Revision: 2 Product Name: Apache HTTP server 2.0 OS/Platform: Windows, OS2, Netware Permanent URL: http://httpd.apache.org/info/security_bulletin_20020809a.txt Vendor Name: Apache Software Foundation Vendor URL: http://httpd.apache.org/ Affects: All Released versions of 2.0 through 2.0.39 Fixed in: 2.0.40 Identifiers: CAN-2002-0661 === DESCRIPTION Apache is a powerful, full-featured, efficient, and freely-available Web server. On the 7th August 2002, The Apache Software Foundation was notified of the discovery of a significant vulnerability, identified by Auriemma Luigi [EMAIL PROTECTED]. This vulnerability has the potential to allow an attacker to inflict serious damage to a server, and reveal sensitive data. This vulnerability affects default installations of the Apache web server. Unix and other variant platforms appear unaffected. Cygwin users are likely to be affected. === SOLUTION A simple one line workaround in the httpd.conf file will close the vulnerability. Prior to the first 'Alias' or 'Redirect' directive, add the following directive to the global server configuration: RedirectMatch 400 \\\.\. Fixes for this vulnerability are also included in Apache HTTP server version 2.0.40. The 2.0.40 release also contains fixes for two minor path-revealing exposures. This release of Apache is available at http://www.apache.org/dist/httpd/ /quote and SNIP Thanks, Ron DuFresne On Fri, 9 Aug 2002, Cliff Woolley wrote: On Fri, 9 Aug 2002, Cliff Woolley wrote: That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) I guess today was the day for releases. Apache 2.0.40 is now out as well. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, R. DuFresne wrote: Any word on if this compiles on those older linux kernels as the previous release was a total dud in that realm? Probably no change. But FWIW, I believe one of our developers tried it on an older kernel and it worked fine for him... if you could provide access to a box it fails on to one of the core dev team, that might help. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
