RE: how to generate an authoritive CA Certificate?
Hi there There is nothing wrong with your certificate, the browser is correctly picking up that it isn't from a trusted source. If you were to import the certificate on to your client machine and add it on to the list of trusted certificates by your client machine, then that message will go away. I personally, for testing purposes, just say ok when that message pops up, and proceed and proceed as normal. Cheers Jose -Original Message-From: zhaoxd [mailto:[EMAIL PROTECTED]]Sent: 10 September 2002 08:05To: [EMAIL PROTECTED]Subject: how to generate an authoritive CA Certificate? hello,everybody: Glad to talk to you! I happen to be a learner,so,if I have some problems let you feel bad,patient to me,please! When I constructed my web station through apache,I met with some problems! I made the CA Certificate by myself,and issued a server.crt for my web server using this CA,but I found an unexpected warning happened when I tried to connect my apache server through MSIE&netscape.There is a warning message which says my certificate is not issued by Trusted CA. I think the CA generated by myself must be have some problems.My question is:can guys make CA by themselves? If so,the steps I generate my CA are: 1.create a RSA private key for my CA: $openssl genrsa -des3 -out ca.key 1024 2.create a self-signed CA Certificate (X509 structure) with the RSA key of the CA. $openssl req -new -x509 -day 365 -key ca.key -out ca.crt 3.sign the certificate of my server using sign.sh provided by mod_ssl/pkg.contrib/ $sign.sh server.csr Then I got my server.crt issued by my CA Certificate. Is there any problems during the process I generate CA? Any help are appreciated!:) zhaoxd
httpd.conf
Wondering if some kind soul could help me. I already have 3 name based virtual hosts set up correctly. Now I'm in the process of creating a SSL host which I have successfully done. The problem I am having is that all the normal virtual hosts as a result have been SSL readable as well. Where as they once were ok http://localhost, they are now also viewable as https://localhost also which I do not want. My SSL section is below along with 1 virtual host : # This is for mod_ssl. SSLEngine off ServerName localhost DocumentRoot /path ServerAdmin root@localhost ServerSignature email ## ## SSL Virtual Host Context ## # Apache will only listen on port 80 by default. Defining the virtual server # (below) won't make it automatically listen on the virtual server's port. Listen 443 # SSL Session Cache: # The cache speeds up processing of multiple parallel requests from # the same client. SSLSessionCache shm:/var/cache/ssl_gcache_data(524288) ServerName secure DocumentRoot /path/to/secure ServerAdmin root@localhost ServerSignature email SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key http://www.sold.com.au - SOLD.com.au - Find yourself a bargain! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
how to generate an authoritive CA Certificate?
hello,everybody: Glad to talk to you! I happen to be a learner,so,if I have some problems let you feel bad,patient to me,please! When I constructed my web station through apache,I met with some problems! I made the CA Certificate by myself,and issued a server.crt for my web server using this CA,but I found an unexpected warning happened when I tried to connect my apache server through MSIE&netscape.There is a warning message which says my certificate is not issued by Trusted CA. I think the CA generated by myself must be have some problems.My question is:can guys make CA by themselves? If so,the steps I generate my CA are: 1.create a RSA private key for my CA: $openssl genrsa -des3 -out ca.key 1024 2.create a self-signed CA Certificate (X509 structure) with the RSA key of the CA. $openssl req -new -x509 -day 365 -key ca.key -out ca.crt 3.sign the certificate of my server using sign.sh provided by mod_ssl/pkg.contrib/ $sign.sh server.csr Then I got my server.crt issued by my CA Certificate. Is there any problems during the process I generate CA? Any help are appreciated!:) zhaoxd
"undefined symbol: X509_free" when starting apache 2.0.40 with mod_ssl
I have openssl 0.9.6g installed in /usr/local/ssl. My ld.so.conf has: /usr/local/ssl/lib as the first line. When I try to start apache I get: Syntax error on line 235 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: undefined symbol: X509_free [root@d1 /usr/local/apache2/bin] ldd apache2 libaprutil.so.0 => /usr/local/apache2/lib/libaprutil.so.0 (0x40015000) libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x40032000) libdb.so.3 => /lib/libdb.so.3 (0x40038000) libexpat.so.0 => /usr/local/apache2/lib/libexpat.so.0 (0x40072000) libapr.so.0 => /usr/local/apache2/lib/libapr.so.0 (0x4008f000) libm.so.6 => /lib/libm.so.6 (0x400aa000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x400c7000) libnsl.so.1 => /lib/libnsl.so.1 (0x400f5000) libresolv.so.2 => /lib/libresolv.so.2 (0x4010b000) libdl.so.2 => /lib/libdl.so.2 (0x4011a000) libpthread.so.0 => /lib/libpthread.so.0 (0x4011f000) libc.so.6 => /lib/libc.so.6 (0x40132000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) [root@d1 /usr/local/apache2/bin] ldd ../modules/mod_ssl.so libc.so.6 => /lib/libc.so.6 (0x40031000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x8000) I configured apache with: ./configure --enable-ssl=shared --enable-info=shared --enable-include=shared -- Joseph Shraibman [EMAIL PROTECTED] Increase signal to noise ratio. http://xis.xtenit.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
hang in cgid_init
Hi, I'm having trouble apache 2.0 (HPUX) to work with SSL. When started with ssl enabled, the server seems to wait on an accept() call. Wondering whether this is due to a misconfiguration or because apache was not compiled with ssl options. Appreciate any help on this Raj 0xc01f6030 in _accept_sys+0x10 () from /usr/lib/libc.2 (gdb) bt #0 0xc01f6030 in _accept_sys+0x10 () from /usr/lib/libc.2 #1 0xc01feb58 in accept+0xb8 () from /usr/lib/libc.2 #2 0xc4a27044 in cgid_server+0x32c () from /vol1/rrajaman/install_16002/hpapache2/modules/mod_cgid.so #3 0xc4a275f8 in cgid_init+0x178 () from /vol1/rrajaman/install_16002/hpapache2/modules/mod_cgid.so #4 0x3734c in ap_run_post_config+0x7c () #5 0x3db94 in main+0x8fc () __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: non-repudiation
You need to make sure that Apache only accepts connections from presenters of client certificates (which your CA has copies of.) I think this is documented in mod ssl. TIA Chuck Lyon UTS Enterprise Systems University Park PC 417A Florida International University Miami, FL 33199 Sonu Kishore <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/09/2002 06:49 AM Please respond to openssl-users To: openca-users <[EMAIL PROTECTED]>, pala <[EMAIL PROTECTED]>, michael <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Michael Bell <[EMAIL PROTECTED]> cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: non-repudiation I have successfully issued ca certificate, web server certificate and client certificate. how can i use the issued certificate for non-repudiation. I want user "x" to access my web site with a certificate issued to him for accessing the web site. no one else should be able to access my site using other users web access certificates. my web site is configured with apache & tomcat on linux 7.1 redhat please guide me ..it's urgent regards sonu __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
non-repudiation
I have successfully issued ca certificate, web server certificate and client certificate. how can i use the issued certificate for non-repudiation. I want user "x" to access my web site with a certificate issued to him for accessing the web site. no one else should be able to access my site using other users web access certificates. my web site is configured with apache & tomcat on linux 7.1 redhat please guide me ..it's urgent regards sonu __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Error Code -12281
Hi, I recently tried installing mod_ssl with my apache server on a Debian unstable system. I've got my keys and everything in place, but when I try to access https://zoidian.com i get the following error: zoidian.com has sent an incorrect or unexpected message: Error Code: -12281 That's from Mozilla. When I try curl https://localhost I get the following: curl: (35) SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol And when I try openssl s_client -connect localhost:443 -state -debug i get: CONNECTED(0003) SSL_connect:before/connect initialization write to 0809A270 [0809A2B8] (124 bytes => 124 (0x7C)) - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .zQ... . 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .f.. 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...e..d. 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`. 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ..@. 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 68 bf 32 a8 h.2. 0060 - 08 cd 08 82 06 dc 2d 6d-9b c0 fe 4e 9b e8 4d f2 ..-m...N..M. 0070 - 5d 73 ce 40 96 25 f0 42-9f 27 64 16 ]s.@.%.B.'d. SSL_connect:SSLv2/v3 write client hello A read from 0809A270 [0809F818] (7 bytes => 7 (0x7)) - 0a 3c 21 2d 2d 20 42 .
