Re: https://www.openssl.org/ ?
Kari Hurtta wrote: https://www.openssl.org/ goes to https://www.engelschall.com/title/ What is this? -- /"\ | Kari \ / ASCII Ribbon Campaign | Hurtta X Against HTML Mail | / \ | __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] According to Network Solutions for openssl.org: egistrant: OpenSSL (OPENSSL-DOM) 9-14 Cheap St Newbury, RG14 5DD ENGLAND Domain Name: OPENSSL.ORG Administrative Contact, Billing Contact: Hostmaster, C2 (CH1196) [EMAIL PROTECTED] C2Net Software, Inc. 1440 Broadway, Suite 700 Oakland, CA 94612 +1-510-986-8770 (FAX) +1-510-986-8777 Technical Contact: Network Operations Center (NOC144-ORG) [EMAIL PROTECTED] Red Hat, Inc. P.O. Box 13588 Research Triangle Park, NC 27709 US 919-547-0012Fax- 919-547-0024 Fax- - 919-547-0024 Record last updated on 10-Jan-2001. Record expires on 19-Dec-2002. Record created on 19-Dec-1998. Database last updated on 10-Apr-2001 21:16:00 EDT. Domain servers in listed order: NS1.REDHAT.COM 199.183.24.210 NS2.REDHAT.COM 216.148.218.250 NS3.REDHAT.COM 63.240.14.66 And for the engelschall.com: Registrant: Engelschall (ENGELSCHALL-DOM) Weblinger Weg 28 Dachau, Germany 85221 DE Domain Name: ENGELSCHALL.COM Administrative Contact, Technical Contact, Billing Contact: Engelschall, Ralf S (RSE5) [EMAIL PROTECTED] Engelschall Silnerstr. 28 Dachau Germany 85221 DE +49-8131-56085 Record last updated on 04-Jun-2000. Record expires on 01-Jul-2001. Record created on 30-Jun-1996. Database last updated on 10-Apr-2001 21:16:00 EDT. Domain servers in listed order: NS-1.ECRC.DE 141.1.1.1 WWW.ECRC.NET 194.112.98.217 begin:vcard n:Nichols;Thomas x-mozilla-html:FALSE org:CitX Corporation;Engineering adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Network Engineer x-mozilla-cpt:;0 fn:Thomas Nichols end:vcard
Re: Client Certificate Netscape Constantly Prompts
It's under Security, Navigator. Default is Ask Every Time. David Price wrote: This looks to me like a small problem but after a day and a half of searching I have not found many references nor a solution. I would appreciate if anybody could point me in the right direction. I am attempting to control access to portions of our web server via client certificates that are self signed. I have been successful up to a point and I am able to access the directory as intended. I have set up a CA, generated a client certificate, imported the certificate etc With IE I get prompted once to pick the applicable client certificate. After selecting the appropriate certificate I am not prompted again for subsequent page views. With Netscape 4.76 I am prompted for every page view. Is there a way to suppress re-prompting ? Is there a way to have the browser know which client cert to use or at least remember the correct cert between sessions ? Thanks in advance for any and all assistance. Dave __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] begin:vcard n:Nichols;Thomas x-mozilla-html:FALSE org:CitX Corporation;Engineering adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Network Engineer x-mozilla-cpt:;0 fn:Thomas Nichols end:vcard
Re: Message status - undeliverable -- That server
That server isn't even pingable today. Ben Laurie wrote: Thanks for telling us, we hadn't noticed. Stephen Theby wrote: please fix this email error. thanks...it is replying to the group. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, January 10, 2001 2:08 PM To: [EMAIL PROTECTED] Subject: Message status - undeliverable The message that you sent was undeliverable to the following: RShyamsundar __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate Chaining
Hi Steve. I think I can help you on this one. Give me a call at 215-538-3535 and ask for Tom Nichols. Steve wrote: Hello All, I have a question regarding the use of certificates in IE 5+ and Netscape 4.7+. We have written a small customised SSL web server using OpenSSL, etc... This web server is only to be made available to employees of the customer company, using SSL to secure the link and a login mechanism to validate users. Up until now we have always tested it using a self-signed cert/key pair, but soon we will be installing it in several customer sites which leads us to the question: Can we apply for a certificate from a CA and us it to sign the certificates for our customers, ie. can we chain the certificates in a hierarchical manner? If we couldn't do this, what would be the issues to consider about issuing certificates to our customers signed only by us, bearing in mind that the trust issue is simpler for us as all parties already have a stronger trust by being collegues etc... I understand that the browser will bitch a bit about untrusted certificates but that they can be accepted/trusted after the first use. I would also assume that the certificates of the CA's have been hard-wired into their EXE's so that installing our certificate into the browser a new CA is impossible? I'm guessing on this one. Any light-shedding would be appreciated, TIA, Stephen. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl and IE5.0 on MacOS
We also found this to be a problem. When we called Apple, they confirmed it is a MICROSOFT PROBLEM. Netscape works okay. We tested IE 4.5 and up on IMACS and it doesn't know how to handle certificates at all. We tried RSA, Verisign, attempts to go to https://americanexpress.com resulted in all kinds of errors. Now, if you wonder why all this is, I believe it's because Apple and Microsoft have been competitors for years...you know, the old Bill/Steve crap. Frank Martini wrote: Yes.. we're seeing the same thing.. both with Macs and the Palm.net service (the service that Palm VIIs use to connect to sites). I'll eMail you a link off-line. Frank -- Frank Martini Voice: 713/621-1917 Cadence Development FAX: 713/621-1960 5075 Westheimer, Ste. 1266 [EMAIL PROTECTED] Houston, Texas 77056 http://www.CadenceDevelopment.com/ > From: Nick De Roeck [EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Tue, 1 Aug 2000 10:11:57 +0200 > To: [EMAIL PROTECTED] > Subject: openssl and IE5.0 on MacOS > > Hi all, > > can anyone pass me some url's to servers running openssl-0.9.5a, as I > suspect that IE5.0 on Mac may be incompatible with this openssl > version and NOT with f.i. 0.9.3a. > > Also does anybody know why https://www.modssl.org is running openssl-0.9.3a ?? > > kind regards, > > nick. > __ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Specifying seprate Document roots for SSL VirtualHosts
They work just fine, and I've been running them for months. The ONLY thing that does not resolve correctly are the certificates, and I have a few ideas as to how to correct that without any changes to the apache-ssl or openssl code..Be patient. "Leland V. Lammert" wrote: Tom, The virtual hosts you have configured will not work. You must have a unique IP/Port combination for EACH SSL server. Use a separate IP for your hosts [or port] and everything will be copasetic. Lee At 01:03 PM 7/27/00, you wrote: I can be more specific: Here's how I have it set for several virtual hosts: VirtualHost 10.10.10.10:443 SSLEnable SSLCertificateFile /usr/local/apache/certificate_location server1.pem /VirtualHost VirtualHost 10.10.10.10:443 SSLEnable SSLCertificateFile /usr/local/apache/certificate_location server2.pem /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Specifying seprate Document roots for SSL VirtualHosts
I can be more specific: Here's how I have it set for several virtual hosts: VirtualHost 10.10.10.10:443 SSLEnable SSLCertificateFile /usr/local/apache/certificate_location server1.pem ServerAdmin (email address) DocumentRoot /var/www/virtualssl/server1.com ServerNameserver1.com (error logs and aliases) /VirtualHost VirtualHost 10.10.10.10:443 SSLEnable SSLCertificateFile /usr/local/apache/certificate_location server2.pem ServerAdmin (email address) DocumentRoot /var/www/virtualssl/server2.com ServerNameserver2.com (error logs and aliases) /VirtualHost And so on... It's also absolutely important that the server name resolves. Otherwise, the ip address will display the first virtual host in the httpsd.conf file. Timothy Willard wrote: Each VirtualHost has it's own DocumentRoot. But when trying SSL it goes to the main servers document root. Take a look at these directives in my conf file VirtualHost X.X.X.X DocumentRoot c:\orahome1\apache\apache\vhost1 ServerName www.vhost3.com ErrorLog c:\x\x\x\x-error_log /VirtualHost Then down further I have a section: ## ## SSL VIRTUAL HOST CONTEXT ## VirtualHost_default_:443 DocumentRoot "c:\OraHome1\Apache\Apache\htdocs" When using a ssl port it will always default to this directory. I was wondering if there are any directives that will override this Tom Nichols wrote: Tim Willard wrote: Hi, I am using name based VirtualHosts. Is it possible to specify a separate SSL document root for each virtual host. I understand that name based must all use the same certificate etc. But must they use the same document root. Thanks Tim __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Yes, you can providing you add the line "DocumentRoot wherever" in the section of the VH VirtualHost 1.1.1.1:443 DocumentRoot /var/myserver.com ServerNamemyserver.com ErrorLog, etc... SSLetc /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Specifying seprate Document roots for SSL VirtualHosts
Oh, I see. I run two deamons when a site has secure and non-secure pages on a single server. The first is /usr/contrib/bin/apachectl, which uses the /var/www/conf/httpd.conf. For virtual sites that have non-ssl pages, I have to place the same virtual host information (without ssl options) in that httpd.conf as well. Otherwise, any calls will resolve to the first of default area. I find maintaining two config files easier than putting VH for port 80 and VH for port 443 in one. Besides, my VH's are quite numerous. And in some cases, they are on different physical servers anyway. Hope this helps. Timothy Willard wrote: That seems to work fine for 443 only. When I attempt to go to port 80 it shows the main server (displays the default DocumentRoot) . When you say resolve do you mean in apache or on the client. The client is using a hosts file for name resolution. Thanks for the assistance. Tim Tom Nichols wrote: I can be more specific: Here's how I have it set for several virtual hosts: VirtualHost 10.10.10.10:443 SSLEnable SSLCertificateFile /usr/local/apache/certificate_location server1.pem ServerAdmin (email address) DocumentRoot /var/www/virtualssl/server1.com ServerNameserver1.com (error logs and aliases) /VirtualHost VirtualHost 10.10.10.10:443 SSLEnable SSLCertificateFile /usr/local/apache/certificate_location server2.pem ServerAdmin (email address) DocumentRoot /var/www/virtualssl/server2.com ServerNameserver2.com (error logs and aliases) /VirtualHost And so on... It's also absolutely important that the server name resolves. Otherwise, the ip address will display the first virtual host in the httpsd.conf file. Timothy Willard wrote: Each VirtualHost has it's own DocumentRoot. But when trying SSL it goes to the main servers document root. Take a look at these directives in my conf file VirtualHost X.X.X.X DocumentRoot c:\orahome1\apache\apache\vhost1 ServerName www.vhost3.com ErrorLog c:\x\x\x\x-error_log /VirtualHost Then down further I have a section: ## ## SSL VIRTUAL HOST CONTEXT ## VirtualHost_default_:443 DocumentRoot "c:\OraHome1\Apache\Apache\htdocs" When using a ssl port it will always default to this directory. I was wondering if there are any directives that will override this Tom Nichols wrote: Tim Willard wrote: Hi, I am using name based VirtualHosts. Is it possible to specify a separate SSL document root for each virtual host. I understand that name based must all use the same certificate etc. But must they use the same document root. Thanks Tim __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Yes, you can providing you add the line "DocumentRoot wherever" in the section of the VH VirtualHost 1.1.1.1:443 DocumentRoot /var/myserver.com ServerNamemyserver.com ErrorLog, etc... SSLetc /VirtualHost __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
High grade encryption CA cert
I am using Openssl 0.9.5a and created a CA cert from the /usr/local/ssl/misc/CA.sh script. Netscape reports this as Medium grade RC2-CBC with 56-bit secret key. Anyone know how to modify that script so it generates a high grade or an RC5 certificate? begin:vcard n:Nichols;Tom x-mozilla-html:FALSE org:CitX Corporation;Engineering adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Unix Systems Administrator x-mozilla-cpt:;0 fn:Tom Nichols end:vcard
(no subject)
begin:vcard n:Nichols;Tom x-mozilla-html:FALSE org:CitX Corporation;Engineering adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Unix Systems Administrator x-mozilla-cpt:;0 fn:Tom Nichols end:vcard
