New to https, looking for info on how it is setup with a hosted site.
Hello, I am trying to set up a secure subdomain on my site. It is hosted on an Apache server. Uses Cpanel for the interface. I have set up a subdomain that redirect to the part of the site I want secured, and have created and installed my certificates, just looking for what else needs to be done on my end and what I can expect the provider to do. TIA sly- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: ssl trouples
Phil Ehrens wrote: Markus wrote: Phil Ehrens wrote: Markus wrote: Made all the ca.key and the server.key and sign it via sign.sh everthing looked good so far. then the misery begins. ./configure --with apache... --with-ssl --with-mm --with-crt=/var/local/certs --with -key=/var/local/private --prefix=../apache_1.3.35 --enabled-shared-ssl Error: cannot find SSL x.509 certificated file /var/local/certs It wants the path to the cert, not to the directory containing the cert. I wonder why they didn't use --with-cert for the option name?! I put that path in, however it still doesn't work. I put it in like this: the certs and keys are in /usr/local/certs and /usr/local/private. and i put in/usr/local/certs and /usr/local/private It wants something like: /usr/local/certs/httpdcert.pem ^^ | filename of cert __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] Ahh now it works :) Thanks.. Except httpd dosent start up anymore.. but this we do tommorow :)
SSL_CLIENT_XXX is null
I don't know if my first mail hit the list. Sorry for the duplicate if it was the case Hi all, First of all, thanks for the very good job with openssl. It really rocks !! Now my question: I'm trying to setup strong authentication via client certificate (belgian eid). You can see my apache config NameVirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCertificateKeyFile /etc/apache2/ssl/apache.pem SSLVerifyClient optional_no_ca SSLVerifyDepth 5 SSLCACertificateFile /etc/apache2/ssl/BelgiumRootCA.pem SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +CompatEnvVars #SSLUserName SSL_CLIENT_S_DN_CN RequestHeader set SSL_CLIENT_DN %{SSL_CLIENT_DN}e RequestHeader set SSL_CLIENT_S_DN %{SSL_CLIENT_S_DN}e RequestHeader set SSL_CLIENT_S_DN_CN %{SSL_CLIENT_S_DN_CN}e RequestHeader set SSL_CLIENT_S_DN_S %{SSL_CLIENT_S_DN_S}e RequestHeader set SSL_SERVER_S_DN %{SSL_SERVER_S_DN}e RequestHeader set SSL_PROTOCOL %{SSL_PROTOCOL}e RequestHeader set MyHeader "coucou" Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel info CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 I've a small PHP script that dumps all the HTTP headers. All the HTTP headers about the cient (SSL_CLIENT_XXX) contain (null) while SSL_SERVER_S_DN and SSL_PROTOCOL are successfully populated. What's wrong with what I've done. I use my belgian eid on other website so the root cause is not at the client side. I also include my error.log that can maybe help you. It looks ok expect for the timeout but I don't know if I have to care about it. [Mon May 22 15:23:12 2006] [notice] Apache/2.0.54 (Ubuntu) PHP/5.0.5-2ubuntu1.2 mod_ssl/2.0.54 OpenSSL/0.9.7g configured -- resuming normal operations [Mon May 22 15:23:20 2006] [info] Connection to child 0 established (server localhost.localdomain:443, client 127.0.0.1) [Mon May 22 15:23:20 2006] [info] Seeding PRNG with 136 bytes of entropy [Mon May 22 15:23:20 2006] [info] Initial (No.1) HTTPS request received for child 0 (server localhost.localdomain:443) [Mon May 22 15:23:27 2006] [info] Connection to child 0 closed with standard shutdown(server localhost.localdomain:443, client 127.0.0.1) [Mon May 22 15:23:27 2006] [info] Connection to child 1 established (server localhost.localdomain:443, client 127.0.0.1) [Mon May 22 15:23:27 2006] [info] Seeding PRNG with 136 bytes of entropy [Mon May 22 15:23:27 2006] [info] Initial (No.1) HTTPS request received for child 1 (server localhost.localdomain:443) [Mon May 22 15:23:27 2006] [info] Subsequent (No.2) HTTPS request received for child 1 (server localhost.localdomain:443) [Mon May 22 15:23:42 2006] [info] (70007)The timeout specified has expired: SSL input filter read failed. [Mon May 22 15:23:42 2006] [info] Connection to child 1 closed with standard shutdown(server localhost.localdomain:443, client 127.0.0.1) Thanks in advance for your help François __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: ssl trouples
Markus wrote: > Phil Ehrens wrote: > > >Markus wrote: > > > > > >>Made all the ca.key and the server.key and sign it via sign.sh everthing > >>looked good so far. > >> > >>then the misery begins. > >> > >>./configure --with apache... --with-ssl --with-mm > >>--with-crt=/var/local/certs --with -key=/var/local/private > >>--prefix=../apache_1.3.35 --enabled-shared-ssl > >> > >>Error: > >>cannot find SSL x.509 certificated file /var/local/certs > >> > >> > > > >It wants the path to the cert, not to the directory containing > >the cert. I wonder why they didn't use --with-cert for the > >option name?! > > > I put that path in, however it still doesn't work. I put it in like this: > the certs and keys are in /usr/local/certs and /usr/local/private. > and i put in/usr/local/certs > and /usr/local/private It wants something like: /usr/local/certs/httpdcert.pem ^^ | filename of cert __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: ssl trouples
Phil Ehrens wrote: Markus wrote: Made all the ca.key and the server.key and sign it via sign.sh everthing looked good so far. then the misery begins. ./configure --with apache... --with-ssl --with-mm --with-crt=/var/local/certs --with -key=/var/local/private --prefix=../apache_1.3.35 --enabled-shared-ssl Error: cannot find SSL x.509 certificated file /var/local/certs It wants the path to the cert, not to the directory containing the cert. I wonder why they didn't use --with-cert for the option name?! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] I put that path in, however it still doesn't work. I put it in like this: the certs and keys are in /usr/local/certs and /usr/local/private. and i put in/usr/local/certs and /usr/local/private or do i understand something wrong, sorry but im a complet unic newbie Any other suggestions?
Re: ssl trouples
Markus wrote: > Made all the ca.key and the server.key and sign it via sign.sh everthing > looked good so far. > > then the misery begins. > > ./configure --with apache... --with-ssl --with-mm > --with-crt=/var/local/certs --with -key=/var/local/private > --prefix=../apache_1.3.35 --enabled-shared-ssl > > Error: > cannot find SSL x.509 certificated file /var/local/certs It wants the path to the cert, not to the directory containing the cert. I wonder why they didn't use --with-cert for the option name?! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
ssl trouples
Made all the ca.key and the server.key and sign it via sign.sh everthing looked good so far. then the misery begins. ./configure --with apache... --with-ssl --with-mm --with-crt=/var/local/certs --with -key=/var/local/private --prefix=../apache_1.3.35 --enabled-shared-ssl Error: cannot find SSL x.509 certificated file /var/local/certs but those buggers are there ca.key server.key ca.crt server.crt any hint would be welcome __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Jean-Pierre Guilloteau est absent.
Je serai absent(e) du 20/05/2006 au 29/05/2006. Je répondrai à votre message dès mon retour. Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88. Cordialement. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
SSL_CLIENT_XXX is null
Hi all, First of all, thanks for the very good job with openssl. It really rocks !! Now my question: I'm trying to setup strong authentication via client certificate (belgian eid). You can see my apache config NameVirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCertificateKeyFile /etc/apache2/ssl/apache.pem SSLVerifyClient optional_no_ca SSLVerifyDepth 5 SSLCACertificateFile /etc/apache2/ssl/BelgiumRootCA.pem SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars +CompatEnvVars #SSLUserName SSL_CLIENT_S_DN_CN RequestHeader set SSL_CLIENT_DN %{SSL_CLIENT_DN}e RequestHeader set SSL_CLIENT_S_DN %{SSL_CLIENT_S_DN}e RequestHeader set SSL_CLIENT_S_DN_CN %{SSL_CLIENT_S_DN_CN}e RequestHeader set SSL_CLIENT_S_DN_S %{SSL_CLIENT_S_DN_S}e RequestHeader set SSL_SERVER_S_DN %{SSL_SERVER_S_DN}e RequestHeader set SSL_PROTOCOL %{SSL_PROTOCOL}e RequestHeader set MyHeader "coucou" Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel info CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 I've a small PHP script that dumps all the HTTP headers. All the HTTP headers about the cient (SSL_CLIENT_XXX) contain (null) while SSL_SERVER_S_DN and SSL_PROTOCOL are successfully populated. What's wrong with what I've done. I use my belgian eid on other website so the root cause is not at the client side. I also include my error.log that can maybe help you. It looks ok expect for the timeout but I don't know if I have to care about it. [Mon May 22 15:23:12 2006] [notice] Apache/2.0.54 (Ubuntu) PHP/5.0.5-2ubuntu1.2 mod_ssl/2.0.54 OpenSSL/0.9.7g configured -- resuming normal operations [Mon May 22 15:23:20 2006] [info] Connection to child 0 established (server localhost.localdomain:443, client 127.0.0.1) [Mon May 22 15:23:20 2006] [info] Seeding PRNG with 136 bytes of entropy [Mon May 22 15:23:20 2006] [info] Initial (No.1) HTTPS request received for child 0 (server localhost.localdomain:443) [Mon May 22 15:23:27 2006] [info] Connection to child 0 closed with standard shutdown(server localhost.localdomain:443, client 127.0.0.1) [Mon May 22 15:23:27 2006] [info] Connection to child 1 established (server localhost.localdomain:443, client 127.0.0.1) [Mon May 22 15:23:27 2006] [info] Seeding PRNG with 136 bytes of entropy [Mon May 22 15:23:27 2006] [info] Initial (No.1) HTTPS request received for child 1 (server localhost.localdomain:443) [Mon May 22 15:23:27 2006] [info] Subsequent (No.2) HTTPS request received for child 1 (server localhost.localdomain:443) [Mon May 22 15:23:42 2006] [info] (70007)The timeout specified has expired: SSL input filter read failed. [Mon May 22 15:23:42 2006] [info] Connection to child 1 closed with standard shutdown(server localhost.localdomain:443, client 127.0.0.1) Thanks in advance for your help François __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]