Re: [Feature Request] Handling attempts at SSL name based hosting
Bill Moran [EMAIL PROTECTED] wrote [EMAIL PROTECTED] wrote: Is there any milage in having mod_ssl abort a start up if you try and configure it with name based virtual hosting ? I don't even know if mod_ssl is able to determine this detail of configuration but since it's definitely not what you want to to do, failing to start and printing a link to the relevant FAQ might reduce some of the posts to this list ? Why is it "not what you want to do"? You can still have named-based virtual hosts, but not in SSL mode. Presumably its wouldnt complain about any name based stuff, only SSL name-based stuff. Eg, if there is a section VirtualHost AA.BB.CC.DD:PP SSLEngine on ... /VirtualHost then die with an error if there is a NameVirtualHost AA.BB.CC.DD:PP directive. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
FAQ: Failed to generate temporary 512 bit RSA private key
A modest proposal: Since "Failed to generate temporary 512 bit RSA private key" is such an FAQ on this list (even though it's in the FAQ ;-), perhaps some defensive coding might be order that detects possible errors earlier and so gives a more informative error message? An easy one would to die with an error if there are no random sources defined in the conf file . This for example can happen with the mod_perl test suite's default httpd.conf Harder would be to cause an error like the the above to be logged as "Failed to generate temporary 512 bit RSA private key: insufficient entropy available from the random source(s) " or similar? [ There are probably good reasons why this cant be done; if so, I'll just shut up and go away :-) ] Dave M. * Dave Mitchell, Operations Manager, * Fretwell-Downing Facilities Ltd, UK. [EMAIL PROTECTED] * Tel: +44 114 281 6113.The usual disclaimers * * Standards (n). Battle insignia or tribal totems __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: verisign certs (the battle continues)
Aha! Finally an opportunity to contribute a small thing. (And thanks to all whose contributions have moved my projects forward!) I have a Thawte certificate on a FastTrack 2.0 server and asked Thawte about converting. They first pointed out that it's not the certificate I need to convert but rather the CA's signiture of the certificate. They then pointed me to this URL http://www.thawte.com/support/server/fasttrack.html#movepvky which points to another URL that tells of a very complicated dance involving a copy of Netscape Navigator 3 AND 4. I decided to spend US$45 at Equifax instead. It was money well-spent. Good luck. David Mitchell coop-cdc.com Rob Genovesi wrote: ... Now, time for the next issue: I have 2 verisign certs that I have already installed under Netscape Enterprise Server on another machine. I'm trying to figure out how to move these two verisign (Secure Sever ID) certificates onto my new server, which is now running Apache 1.3.12, ModSSL 2.6.4 and OpenSSL 0.9.5a. Netscape seems to create db files for both the key and the cert. The are binary files and I can't extract any useful info using "strings" (this is typically a good sign)... __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
