> Aha. That makes sense to me. I noticed this discussion
> because I was
> considering doing this sort of thing in the next month or
> two. Damn! Now I
> have to provide IP addresses for virtual sites that require
> this support. :(
Might not something like this work? It gives you name
Hello --
I am running the Covalent release of apache 1.3.27,
which has 0.9.6g of OpenSSL.
I am getting the following error in my error_log
along with the apache service crashing, (The exact same error
happen right as the slapper worm became prevalent):
[Mon Dec 2 16:18:17 2002] [error]
Perhaps including it in the defauly httpd.conf file underr the
directives as commentary might help?
# General setup for the virtual host
# ...name based VHing does not work, you need to...to get this to
# ...work...if you ask this in the modssl-users list, you might
On Tue, 3 Dec 2002, Dave Paris wrote:
> Not only is it not possible
With the current state of the SSL protocol such as it is, this is
correct-- it's not possible.
> it'd be a HUGE security flaw if it WERE possible.
Well, not necessarily... all that you would need is for the client to tell
the s
Hi !
I have configured Apache 2.0.43 with mod_ssl and I have created CA and
client certificates but now I cannot acces my ssl server "https://myserver";.
What have I made wrong?
__
Apache Interface to OpenSSL (mod_ssl)
At 12:49 PM 12/03/2002, Shawn Syms wrote:
Hawk: Here is more info on why did doesn't work:
http://www.ensim.com/support/sxc/faqs/4.10.html
Aha. That makes sense to me. I noticed this discussion because I was
considering doing this sort of thing in the next month or two. Damn! Now I
have to
In the if mod_ssl.c, I spotted more than a couple of "Listen" statements.
Any time I added IP:443 in there, Apache pitched a hissy fit.
So, I ended up taking a slightly different route.
I set up two entries in the .conf:
IP1:80
no SSL info
IP1:443
SSL info
IP2:80
no SSL info
IP2:443
Look at the handshake for SSL. During the name to address translation
phase, you wind up with a chicken-egg scenario if more than one name
shares an address.
Not only is it not possible, it'd be a HUGE security flaw if it WERE
possible.
-dsp
On Tuesday, Dec 3, 2002, at 15:34 US/Eastern, Hack
I have that statement coming after the directive
(meaning it's defined within that /).
Of course, and I dont't state my conf file is the cleanest of meanest, I
have 3 such openings and closings of like this:
This happens to be the first such set if directives:
Listen domain.com:80
What?!?!?! Are you absolutely sure about this? SSL certs are based on the
Domain Name,,, NOT the IP address. It stands to reason that it would be
possible for virtual hosts/domains to have their own certs. Perhaps modssl
doesn't support it, but I think that in theory it's possible.
- hawk
Multiple SSL certs for name-based virtual hosts aren't possible based upon
the way SSL is designed. Each site requiring a separate cert must have it's
own IP address.
---
Shawn Syms | Systems Administrator
Infinet Communications | [EMAIL PROTECTED]
---
-Original Message-
From: Thomas Sa
Is this directive the same thing as ?
Thanks!
- Original Message -
From: "R. DuFresne" <[EMAIL PROTECTED]>
To: "Justin Williams" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, December 03, 2002 2:19 PM
Subject: Re: (Hopefully) easy SSL question
>
>
> under the directive, list
under the directive, list each port to listen on with the:
Listen domain.com:80
Listen domain.com:443
...
see if that corrects matters for you.
Thanks,
Ron DuFresne
On Tue, 3 Dec 2002, Justin Williams wrote:
> I have openssl and mod_ssl on a server running Apache.
> On independent IPs, I h
I have openssl and mod_ssl on a server running Apache.
On independent IPs, I have three websites. One is listening *only* on port
443, and works just fine. The other two need to listen on both 80 and 443,
but I have only been able to get them to listen on one port at a time. If I
add the directi
Ok I have made a server certificate and a client certificate. I have
configured apache and ssl.conf with everything necesary BUT when I try
to conect to myserver:443 it tells me "connection has been refused".
Any idea ?
Maurizio Marini wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
On Tue, 3 Dec 2002, Thomas Sandor wrote:
[SNIP]
>
> The problem is that apache does not serve domain2 cert files for domain2, it
> uses the first declaration for every https://domainX.com invoke. Does anyone
> know how to tell apache to uses specific SSL cert I'd like to define for
> eac
hi everyone,
I have an apache 2.0.40 installed on a RedHat 7.2 box, complied with ssl
(openssl 0.9.6g).
Till now I had only one domain for which apache should use SSL cert files
(crt, key), but for our next project I have to add another SSL cert file a
specific domain.
I have NameVirtualHost 12.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 03 December 2002 03:22 pm, Sasa STUPAR wrote:
>OK, so creating a certifikate is done. How do I sign it ? I am using
>windows but I have read in the documents to use sign.sh in mod-perl. Ok
>but I am not having Linux anywhere near me. So w
OK, so creating a certifikate is done. How do I sign it ? I am using
windows but I have read in the documents to use sign.sh in mod-perl. Ok
but I am not having Linux anywhere near me. So what can I do ?
Sasa STUPAR wrote:
> Well, the thing is that just adding "...-config openssl.cnf..." was
> eno
Well, the thing is that just adding "...-config openssl.cnf..." was
enough. now it works.
Thanx
Long, Liesheng a écrit:
> Do ".csr" first, then do ".crt"
>
> Try the following commands, add your path if needed:
>
> 1. openssl req -config openssl.cnf -new -key ca.key -out ca.csr
> 2. openssl x50
20 matches
Mail list logo
