Example, Installation
I'm a newbie to SSL. I followed the directions on http://www.modssl.com/example/ to do a simple test install on a RH 6.1 box. After everything installed apparently without problems, I viewed: /usr/local/apache_1.3.12/conf/ssl.key/README.KEY and tried to run $ openssl rsa -noout -text -in server.key receiving Problem:bash: openssl: command not found: OK, so I fiddled a bit and realized that the real command should have been $ /usr/local/openssl-0.9.5a/apps/openssl rsa -noout -text -in \ >>/usr/local/apache_1.3.12/conf/ssl.key/server.key and yes, that worked. I finished on http://www.modssl.com/example/, and under the heading "Fire up your SSL-Aware Apache and Try it Out" $ /usr/local/apache/bin/httpd -DSSL resulted in bash: /usr/local/apache/bin/httpd: No such file or directory Can someone tell me what's wrong? I can't even find a directory fragment of '*bin/httpd'. Thanks --- Eric Moore __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Installation Directory - Linux
Running RHL 6.1 I'm probably blind and missing the paragraph completely in the documentation... Is there a particular directory where one puts the MOD_SSL and OPEN_SSL tars for decompressing and running 'makes'. Thanks JANLU (Just Another New Linux User) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Installation Directory - Linux
Jay, Thank you very much. I will follow your very precises directions. One last stupid question: Do you put the BUILD_APACHE directory at the root or in one of the directories like /usr/lib/BUILD_APACHE? Eric Jay Jarvinen wrote: >Eric Moore wrote: >> >> Running RHL 6.1 >> >> I'm probably blind and missing the paragraph completely in the >> documentation... >> >> Is there a particular directory where one puts the MOD_SSL and OPEN_SSL >> tars for decompressing and running 'makes'. >> >> Thanks >> >> JANLU (Just Another New Linux User) > >Nowhere in particular, but you'll need to know where you untarred >Apache. > >I usually do it like this: > >--o BUILD_APACHE > | > |--o TARBALLS > | |-- apache...tar.gz > | |-- mod_perltar.gz > | |-- mod_ssltar.gz > | `-- openssltar.gz > | > |--o apache_1.3.9 > |--o mod_perl-1.21 > |--o mod_ssl-2.4.10-1.3.9 > `--o openssl-0.9.4 > >.. Where the last 4 are the actual directories. (nevermind the version >#'s) > >The 'INSTALL' doc in the mod_ssl tarball is very easy to follow, even >for mod_perl, php, etc.. > >The only thing I'd add to it would be a note for mod_perl'ers using >Apache::DBI, adding this to the "mod_perl" sample installation: > >--- INSTALL Fri Mar 3 18:38:07 2000 >+++ INSTALL.new Fri Mar 3 18:39:10 2000 >@@ -521,7 +521,9 @@ > APACHE_SRC=../apache_1.3.x/src \ > USE_APACI=1 \ > PREP_HTTPD=1 \ >- DO_HTTPD=1 >+ DO_HTTPD=1 \ >+ PERL_CHILD_INIT=1 \ >+ PERL_STACKED_HANDLERS=1 > $ make > $ make install > $ cd .. > > >-Jay J --- Eric Moore Miami, Florida __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Certificate questions...
It seems there is restraint of trade since only a few 'selected' companies can get on the CA root of IE and Navigator. To pay USD 300 every couple of years to prove you exist is silly. The price of domaine registration is coming down, why not certs since there is more e-commerce? In the U.S. the cert only proves you have a DUNS number, a phone number, and a fax'd copy of a state registration. Every scam artist has those. EM Karl Denninger wrote: >Well, I understand that, but it seems that people (including Thawte, >Microslug and Nutscrape) are missing the point. > >There are to separate things that secure web servers do. > >1. Authenticate who you're talking to, so that when you engage in > commerce you have some indication that the merchant you think you're > dealing with is really who you're dealing with. > >2. Encrypt the data so that it cannot be intercepted between the > sending and receiving machines. > >These are NOT the same function, and needing one of them does not imply >needing the other. > >Yet, in today's world, you cannot have one without the other, which means >that to get EITHER you must pay someone. > >Contrast this with PGP for email, in which I can publish a public key and >once you obtain it you're able to receive an encrypted communication from >me and decode the traffic. My generation of that key pair does not require >that it be "certified" by any third party. --- Eric Moore Miami, Florida __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]