Get cert values
Hi, Is there a way to get these X509 Certificate values: - Subject Key Identifier: - Authority Key Identifier: i am actually able to get DN, Serial, with ssl_var_lookup(), but i didn't find how to do with SKI and AKI regards, Estrade Matthieu _ Envie de discuter en live avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSLCryptoDevice Directive
Hi, To know the version of mod_ssl running, you can read the logs at the apache startup, or do a connection with nc or telnet on your webserver and do a HEAD request. The server will answer sending the Server header with the server version. You need the --enable-rule=SSL_EXPERIMENTAL The directive SSLCryptoDevice is provided by mod_ssl. without the SSL_EXPERIMENTAL rule, it doesn't provide the directive. So you have to recompile mod_ssl with it. regards, Matthieu Estrade Tyler Walden wrote: I am attempting to get a CryptoSwift PCI harware accelerator engine working with: OpenSSL 0.9.7a modssl 2.8.12 apache 1.3.27 When adding the 'SSLCryptoDevice cswift' line to my httpd.conf I receive the following: Starting httpd: /opt/apache/bin/httpd -DPHP4 -DSSL Syntax error on line 1024 of /opt/apache/conf/httpd.conf: Invalid command 'SSLCryptoDevice', perhaps mis-spelled or defined by a module not included in the server configuration. I have tried placing the directive in the global ssl options and in the If module mod_ssl.c and get the same error. I assume that possibly apache is still using an older verison of mod_ssl somehow. I know since openssl 0.9.7 the engine code is built in so you don't need the --enable-rule=SSL_EXPERIMENTAL anymore or is that incorrect? Is there an easy way to determine what version of mod_ssl Apache is actually loading? Any help would be great! Thanx! _ Envie de discuter en live avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Upgrade to 2.0.44 ?
Hi, In apache 2.0, mod_ssl is buit in, so to enable it when you compile, just do: httpd-2.0.44#./configure --prefix=path --enable-ssl --with-ssl=path-to-openssl like ./configure --prefix=/usr/local/apache --enable-ssl --with-ssl=/usr/local/openssl/bin/openssl if you want to use SSL crypto hardware, you have to enable it with CFLAGS=-DSSL_EXPERIMENTAL -DSSL_ENGINE keep your configure script, and whe you will want to upgrade your apache 2.0 to next version, just launch the script and make to rebuild the new apache. and will not overwrite old install... It's easier with apache 2.0 :) regards, E.M Ron McKeever wrote: Hello, I currently have mod_ssl-2.8.12-1.3.27.apache that I installed and downloaded from mod_ssl.org. I'm looking at going to 2.0.11 apache. I know with other versions of mod_ssl/apache when I upgraded I did the following: Give mod_ssl-2.8.new the Apache 1.3.new *source* directory for its --with-apache= argument. Then when you configure apache, tell it to *install* to the same location that 1.3.old is currently installed using --prefix= (eg /usr/local/apache) and use the same directory structure (using --with-layout= ) that you used before, if any. Then when you run 'make install' from the Apache 1.3.new source directory, it will overwrite your 1.3.old installation. Do I do the same thing with upgrading to apache 2.0.44? Since mod_ssl is built-in to the new apache version I was thinking it might be different. Thanks Ron __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] _ GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321 (prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné. Règlement : http://www.ifrance.com/_reloc/sign.sms _ Envie de discuter en live avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Problems with a SSL conf.
SSLVerifyClient is for verify the client certificate in SSLv3 So maybe try to setup SSLProtocol SSLv3 I did that earlier and it's working fine m.e Pierre-Yves Jaquenoud wrote: Hi, I'm using a Apache webserver version 2.0.43 and mod_ssl (the latest version). I configured the ssl.conf file and i start the webserver with the command apachectl startssl. If i enable the following configuration instruction into the ssl.conf file : SSLVerifyClient require i can't connect to to my server and i received a strange composite error into the error_log file: [Wed Nov 27 11:55:17 2002] [error] Spurious SSL handshake interrupt [Hint: Usual ly just one of those OpenSSL confusions!?] [Wed Nov 27 11:55:17 2002] [error] SSL Library Error: 336105671 error:140890C7:l ib(20):func(137):reason(199) What's wrong I'm not sure to pass the right certificate to the client. How have i to proceed? Someone has maybe an example using an Apache webserver and a MSIE 6.0 client? With my best regards. P-Yves __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE : Apache 2 +SSL
Maybe try to add ./configure --enable-ssl --with-ssl=path-to-openssl -Message d'origine- De : [EMAIL PROTECTED] [mailto:owner-modssl-users;modssl.org] De la part de Christopher Chaduka Envoyé : Monday, November 11, 2002 3:35 AM À : [EMAIL PROTECTED] Objet : Apache 2 +SSL I searched through some archives and found out Apache 2 comes with mod_ssl code included, and that to enable SSL/TLS support in Apache 2, one has to compile OpenSSL first, then compile Apache 2 and --with-ssl=/path/to/openssl I did exactly that. Isn't the default configuration file I get supposed to have some SSL directives in there? Am I brain dead? What am I missing? -- Christopher Chaduka Webmaster/Systems Administrator Technical Department M-Web Zimbabwe Tel: +263 4 25 Fax: +263 4 708055 Mobile: +263 11 600994 http://www.mweb.co.zw __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ Modem offert : 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Haut débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: How to run SSL and Non-SSL pages with same daemon...
maybe let your httpd for your non-ssl pages, and do a virtualhost on port 443 to handle ssl pages or one Vhost for port 80 and one Vhost for 443 Mike Smith wrote: Hello, I am upgrading to the Apache Httpd 2.0 web server from 1.3.x and cannot find any Apache-SSL package, so I'm assuming that SSL support is now only done through mod_ssl in httpd-2.0. I compiled it with openssl support and it appears ready to go, but I've got a question. I've got both secure and non-secure pages that I want to serve up with this web server...how do I do that with 2.0? Currently, I run two separate daemons...httpd and httpsd each with separate config files, DocumentRoot's, etc. How do I serve up both SSL and non-SSL pages with the same server daemon? I want them to have separate DocumentRoot's too so that my web-based mail users can just type server-name/mail, instead of server-name/secure/mail. How can I assign certain directories to be picked up by mod_ssl while others are just non-encrypted pages? Also, I saw that with the 1.3.x chain of httpd servers, I could use mod_jk to get my server to send requests for certain directories to the Jakarta Tomcat container, but I don't see this functionality anymore in 2.0! I need this server to also be smart about which pages are JSP or Java Servlets and therefore get redirected to my Tomcat package. HELP?!?! I've been fumbling around the Apache documentation for weeks now and can't find any direction on this! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] ___ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w ___ Haut Débit: Modem offert soit 150,92 euros remboursés sur le Pack eXtense de Wanadoo ! Profitez du Haut Débit à partir de 30 euros/mois : http://www.ifrance.com/_reloc/w __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache 2.0 OpenSSL error
Hi, for few days, i am stressing my apache 2.0.40 with reverse proxy with a tools named Silkperformer. i have a really strange error, coming up often on some basic requests: the request is http://web2.test.com/manual/images/pixel.gif [Wed Sep 18 12:24:04 2002] [error] SSL error on reading data [Wed Sep 18 12:24:04 2002] [error] SSL Library Error: 336151579 error:1409441B:lib(20):func(148):reason(1051) I tested httpd-2.0.36 and i have the same error, so i tried with openssl 0.9.6g and 0.9.6d and the error is still here ! I tested with apache 1.3.26 and i don't get the error. If i force the client to do HTTP/1.0 on httpd-2.0.36, i still have the errors. If i benchmark with others product, depending on the product, i have or not the error I found on google 2 e-mails talking about the same error i have, but it's on apache 1.3 so i don't understand at all. I will try to find more information about the context of the error. If someone have an idea, Matthieu Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros d'économies ! Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot + 1 mois de jeu en réseau offert ! Clique ici : http://www.ifrance.com/_reloc/mail.etudiant __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL error
Hi, I am running apache 2.0.40 + SSL + mod_proxy I have many error when i benchmark my server with stress tools (silkperformer): [Tue Sep 17 19:36:03 2002] [error] SSL Library Error: 336151568 error:14094410:lib(20):func(148):reason(1040) [Tue Sep 17 19:36:03 2002] [error] SSL error on reading data If someone have an idea, best regards, Estrade Matthieu Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros d'économies ! Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot + 1 mois de jeu en réseau offert ! Clique ici : http://www.ifrance.com/_reloc/mail.etudiant __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Cryptoswift + Apache 2.0
Hi, I am actually running Apache 2.0 with mod_proxy (reverse-proxy) and SSL, on a Linux Redhat 7.2 dual AMD athlon 2Ghz MP with 1GB RAM. I am using an hardware accelerator Rainbow Cryptoswift 600. (for 600 TPS). When i benchmark the server without the reverse proxy with a local document, i have 560 TPS. When i benchmark the server with reverse proxy, i have 9 TPS... During all the test, the cryptoswift is blinking a little... and my cpu are only 5% loaded... I tried to install mod_cache and run memory cache... but it seems not well working with the RP. If someone have the same problem or ideas about mine Best regards, Matthieu Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros d'économies ! Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot + 1 mois de jeu en réseau offert ! Clique ici : http://www.ifrance.com/_reloc/mail.etudiant __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Some help
Hi, To compile your apache with this flags, --enable-rule is not working for me, so i did it like: bash# CFLAGS=-DSSL_EXPERIMENTAL -DSSL_ENGINE ./configure regards Estrade Matthieu Le jeu 02/05/2002 à 20:16, Frederic DONNAT a écrit : Hi All, I quite new to mod-ssl and apache 2.0.x, so i have a few question. With Apache 1.3.x, i was use to call openssl engine througth mod-ssl, with some compilation condition (--enable-rule=SSL_ExPERIMENTAL), and http.conf modification (SSLCryptoDevice ...). My problem comes with new Apache 2.0.x! Am i right if i try to compile mod-ssl with the same rule adding --enable-rule=SSL_ExPERIMENTAL when doing ./configure for apache? If i do not misundersand, we can have compilation directive for module (as mod-ssl) from apache configuration script? Should i be able to use an openssl engine using the same SSLCryptoDevice ...? Thanks in advance. Regards Fred __ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTPD_ROOT
Hi Since this morning, i have installed the last mod_ssl because of the overflow bug post on all security forum, The last one i used was 2.8.6 When i compile mod_ssl (version 2.8.7) on my redhat linux 7.2, with prefix=/mypath, the HTTPD_ROOT in the Makefile is still /usr/local/apache. All the others path modifications are updated, like apache is installing all conf files in /mypath/conf, but it still search the conf file in /usr/local/apache Is you have any ideas Thanks, Estrade Matthieu