Hi folks!
When I have a form on a http page with a https target (and vice versa), the
POST data is lost as soon as the switch to SSL (or non-SSL) is made. It works
when I use GET (not surprisingly).
I use Apache 2.2 with mod_jk and mod_ssl that is connected to several 5.5.23
Tomcats.
The
I have a feeling that I'm missing something
elementary here. I have an install of apache 2.0.55 with mod_ssl
enabled on a HP-UX system in /opt/apache2. This one runs fine. I
recompiled another copy of apache (same version) into /opt/apache2a (for
testing purposes) to add
I will be out of the office starting 09/03/2007 and will not return until
09/07/2007.
While I'm away please feel free to contact my manager, Nancy Crooks
([EMAIL PROTECTED]) at 201 967-6428 on any technical issues related to
ITCAM.
For any HR related issue please contact Kathy Dingwall
So I tried something kind of new. I completely removed the
directory with the non-functioning apache install. I went back to the
source, did a make clean, a new configure using the same parameters as
before:
./configure --prefix=/opt/apache3 --enable-auth-dbm=shared
I am trying to setup a RESTful web service where GET is open to all but
POST, PUT, and DELETE are restricted to authorized users. I have a
database of users that is checked using Basic Auth. So far, so good. I
*also* want to make it possible to issue certificates (from a
home-rolled CA) to
I'm moving a number of web pages from a RHEL3 server running Apache 2.0.46
to a
RHEL5 system running 2.2.3. The unsecure pages are running just fine, but if
I
have ssl.conf in the conf.d directory, httpd won't start up.
The only error message I can find anywhere is in ssl.error_log:
[Sat
You're right, what I'm asking for is not normal and I understand it. However,
your suggestions make some assumptions about the normalcy of the environment
that we're dealing with which just isn't the reality of my situation.
The project I'm working on is not to simply secure an e-commerce
Ok, so script the chown'ing and permissioning on import. It's still
easier on an embedded system to install apache as SSL-capable and only
enable when desired, rather than jumping through flaming hoops and
loading up the mod_ssl module when needed.
Embedded devices are designed around the
You may want to look at the command apachectl graceful for step 4. It
gets the httpd threads to restart after they finish what they are doing.
So it is not too disruptive to existing activity.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
You're right, some of this stuff can be se up earlier.
So what I'm really doing is receiving an SSL cert as a part of an HTTP
request. Behind the scenes I've got an apache module or PHP running that will
service it. It takes the cert, copies it to the right place, updates the config
files
I'm looking to do something, but I'm not sure it's even possible. Maybe someone
can steer me in the right direction.
Let's say that I have a copy of apache running on my server. I also have a
brand new SSL certificate that was signed by a CA. I'd like to write some code
to
Classification: UNCLASSIFIED
Caveats: NONE
Hi Vianney,
When i go to http://server/, it redirects to https://server/ and i have a
404 error.
This is happening because you have this:
IfModule mod_ssl.c
RewriteEngine on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
Hello !
I've some problems with Virtual Hosts on Apache2, please have a look at
my config files:
===
File sites-enabled/default
===
NameVirtualHost *
VirtualHost *
ServerAdmin [EMAIL PROTECTED]
All,
I recently ran into a problem with mod_ssl and Internet Explorers version 6 and
7. I have found that in the case where SSLVerifyClient is set to anything
other than exactly none with Apache 1.3.x and mod_ssl 2.8.x that a client
using Internet Explorer version 6 or 7 cannot connect
All,
I recently ran into a problem with mod_ssl and Internet Explorers version 6 and
7. I have found that in the case where SSLVerifyClient is set to anything
other than exactly none with Apache 1.3.x and mod_ssl 2.8.x that a client
using Internet Explorer version 6 or 7 cannot connect
We're using apache and its reverse proxy features to access domino
servers. Working well, but would like to add SSL to secure it before we
make it available to the web. We have installed Apache 2.2.3 on a Windows
2003 server with openssl 0.9.8c. When I try to create a certificate
signing
When I installed openssl here on Netbsd it put an example config file
in /usr/share/examples/openssl/openssl.cnf and I copied that. Have
you searched to see if there is one anywhere?
--- [EMAIL PROTECTED] wrote:
We're using apache and its reverse proxy features to access domino
servers.
Thanks very much. I found it.
Christa
Glyn Astill [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
08/16/2007 02:54 PM
Please respond to
modssl-users@modssl.org
To
modssl-users@modssl.org
cc
Subject
Re: Question about setting up openssl with apache
When I installed openssl here on
ace.
--- [EMAIL PROTECTED] wrote:
Thanks very much. I found it.
Christa
Glyn Astill [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
08/16/2007 02:54 PM
Please respond to
modssl-users@modssl.org
To
modssl-users@modssl.org
cc
Subject
Re: Question about setting up
Hello at all,
my problem is very difficult, but at least short to describe :-/
The apache crasht after starting if I have included the ssl module.
Okay, let me make the problem a litte bit more difficult as giving you my
system configuration:
- Windows 2k
- Apache 2.2.4
- Win32OpenSSL 0.9.8e
Hello,
I have a bunch of certificates of CAs which I want to put in directory
pointed by SSLCACertificatePath directive. All of them have the filenames
in the form hash-value.0 The mod_ssl official documentation says:
The files in this directory have to be ... accessible through hash
names. So
Classification: UNCLASSIFIED
Caveats: NONE
Hello Arsen,
If you're using mod_ssl/OpenSSL on Linux, I know you can use the c_rehash
command to automatically create the required symoblic links. On my install,
c_rehash is in the /usr/local/bin directory.
Hope that helps,
Dwight...
---
Dwight
Hello Joe,
Thank you very much for the exhaustive answer.
Best regards,
Arsen.
On Tue, 7 Aug 2007, Joe Orton wrote:
On Tue, Aug 07, 2007 at 02:25:54PM +0200, Arsen Hayrapetyan wrote:
Hello,
I am setting up client authentication with X.509 certificates.
The client has the certificate
Hello,
I am setting up client authentication with X.509 certificates.
The client has the certificate subject DN of the following form:
/C=XX/O=YYY/OU=ZZZ/OU=PPP/CN=TTT
I need to catch both OUs in my perl CGI script. But when I am trying to
get the values of OUs with the foolowing piece of code:
On Tue, Aug 07, 2007 at 02:25:54PM +0200, Arsen Hayrapetyan wrote:
Hello,
I am setting up client authentication with X.509 certificates.
The client has the certificate subject DN of the following form:
/C=XX/O=YYY/OU=ZZZ/OU=PPP/CN=TTT
I need to catch both OUs in my perl CGI script. But when
Hello,
My site just did a redesign and now the SSL's do not work as desired
and I have no clue why.
Here is the scenario:
The Home page on initial connection is NOT using SSL.
I can select any noon SSL page and remain a noon SSL page
I select one of the 2 SSL pages and I get SSL (ie: https
Hi Aaron,
As I uderstand, the docks say you can't have name based virtual hosts
because SSL is alreday serving the page before apache sees any http
header?
In the example I posted, https://mail.mydomain.net works and takes me
to my webmail, and https://machinename.mydomain.net works and takes
me
Glyn Astill wrote:
Hi Aaron,
As I uderstand, the docks say you can't have name based virtual hosts
because SSL is alreday serving the page before apache sees any http
header?
That is essentially correct.
In the example I posted, https://mail.mydomain.net works and takes me
to my
Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
IfDefine SSL
Listen 443
Listen my.ip.ad.dr:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
Hi people,
So I got ssl started, and now I'm trying to sort out my virtual hosts
but I cant seem to get them to work. For example I'm putting the
VirtualHosts below between the IfDefine SSL tags in ssl.conf. Any
pointers would be ace. Thanks.
NameVirtualHost *:443
VirtualHost *:443
Hi people,
So I got ssl started, and now I'm trying to sort out my virtual hosts
but I can't seem to get them to work.
What I want to do is get https://mail.mydomain.net to take me to my
mail directory and https://www.mydomain.net to take me to my htdocs,
just like I can on http.
For example
Glyn Astill wrote:
Hi people,
So I got ssl started, and now I'm trying to sort out my virtual hosts
but I can't seem to get them to work.
Due to the fundamental nature of SSL and virtual host resolution one may
not have more than one SSL-enabled virtual host per IP:port combination.
Hi people,
I'm new to this list, so hello.
I've been trying to get https working with apache 2.0.59 on NetBSD
3.99 today, and it's
beginning to make my face ache.
Basically when I try to view a page via https I get connection
refused. Apache is compiled with mod_ssl.c, I have openssl installed.
SSLEngine On?
Glyn Astill wrote:
Hi people,
I'm new to this list, so hello.
I've been trying to get https working with apache 2.0.59 on NetBSD
3.99 today, and it's
beginning to make my face ache.
Basically when I try to view a page via https I get connection
refused. Apache is compiled with
Dear all,
I have a working SSL configuration, with client certificate authentication.
The SSLCACertificateFile directive is set so I accept every client who
has a certificate from that CA.
The problem is that since I'm running a web service, not webpages,
I want allow the access for a few
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, July 25, 2007 9:42 AM
To: modssl-users@modssl.org
Subject: How to accept only certain client certificates
Dear all,
I have a working SSL configuration, with client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I am trying to setup a RESTful web service where GET is open to all but
POST, PUT, and DELETE are restricted to authorized users. I have a
database of users that is checked using Basic Auth. So far, so good. I
*also* want to make it possible to
Fought, Richard schrieb:
I'm trying to configure my Apache 2.0.59 server w/ mod_ssl to use TLS
1.0 only. I have set the SSLCipherSuite accordingly, however when I
connect with IE6 with SSLv3 enabled and TLSv1 disabled, I still get
through because of the TLS ability to back down to SSL 3.0.
Hi Richard,
if no config rules work maybe the fastest way to achive your goal are
redirects depending on the current client protocol spoken. For
example, redirecting every browser not communicating via TLS to an
extra error page:
SSLOptions +StdEnvVars
RewriteEngine on
RewriteCond
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
more likely www.mydomain.com is not in DNS, perhaps trying this works:
https://mydomain.com
If that works it is DNS issues.
Thanks,
Ron DuFresne
On Tue, 19 Jun 2007, Omar W. Hannet wrote:
I'll bet you're right when you say your provider may
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Even more revealing was the passphrase prompt, not required for plain
httpd...
Thanks,
Ron DuFresne
On Tue, 19 Jun 2007, Omar W. Hannet wrote:
Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask:
Just to let you all know I spoke to the domain name hosting company and
the DNS setting wasn't correct. Traffic is forwarded to our server but
our A name record didn't point to the correct ip address of the web
server and tech support was surprised it was working.
Will update the A name record
I am running Apache 2.0.59 with mod_ssl on Windows Server 2003 and am
noticing that dbm session caching is not working.
With the following configuration option:
SSLSessionCache dbm:logs/ssl-scache.log
The DIR/PAG files are created, but they are always size zero, and the
server never
Hello,
I'm trying to configure my Apache 2.0.59 server w/ mod_ssl to use TLS
1.0 only. I have set the SSLCipherSuite accordingly, however when I
connect with IE6 with SSLv3 enabled and TLSv1 disabled, I still get
through because of the TLS ability to back down to SSL 3.0. Is there a
way to
I read this on other posts, so does that mean I'll never be able to configure
my apache set up to be accessed like this :-
https:\\www.mydomain.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 19 June 2007 08:47
To:
No, you speak here about the url to access your web server.
What I ment is : when you configure your virtual host in httpd.conf, if
you want it to run in https mod, you have to set up the virtual host
directive with an IP an not with a host name:
VirtualHost 1.2.3.4:443
ServerName example.com
VirtualHost 1.2.3.4:443
ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
/VirtualHost
This is exactly how I've got it set up and unfortunately I can't use SSL
through my domain name (https://www.mydomain.com) but can access it
What is the message in apache error log file ?
Abel NIVAULT
Inspecteur PSE- PSN-CT - CSI LYON
[EMAIL PROTECTED]
Rob Archer [EMAIL PROTECTED]
Envoyé par : [EMAIL PROTECTED]
19/06/2007 11:05
Veuillez répondre à modssl-users
Pour : modssl-users@modssl.org
cc :
Objet
I can't find an error in the error.log, access.log or ssl.log files.
In the access.log file it logs :-
When accessing the web site via http and the ip address
0.0.0.0 - - [19/Jun/2007:10:27:04 +0100] GET / HTTP/1.1 304 -
When accessing the web site via https and the ip address
0.0.0.0 - -
Rob Archer wrote:
No entry for https and domain name in the access.log and a Internet Explorer cannot
display the webpage in ie when trying to get to the server.
Do you have access to the openssl command line program?
It would tell you whether you are making a connection, and
possibly shed
When accessing it by ip address using the debug option of openssl it
returns what you would expect (i.e. the text of the key certificate).
When accessing by domain name it says :-
Loading 'screen' into random state - done
Connect: bad file descriptor
Connect:errno=10060
I assume this is the
I'll bet you're right when you say your provider may not be
forwarding https requests properly. I'd run this one past
them and see what they have to say about it.
Rob Archer wrote:
When accessing it by ip address using the debug option of openssl it
returns what you would expect (i.e. the text
I'll have a word with them tomorrow see what they say !!!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Omar W. Hannet
Sent: 19 June 2007 17:28
To: modssl-users@modssl.org
Subject: Re: SSL by Domain Name Error
I'll bet you're right when you say your
Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask: the output from 'apachectl start'
which you provided below shows 'mod_ssl/2.2.4'.
In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
'Apache/2.2.4' and 'configured -- resuming
Anybody have any suggestions ?
-Original Message-
From: Rob Archer
Sent: 14 June 2007 16:08
To: 'modssl-users@modssl.org'
Subject: SSL by Domain Name Error
Apache 2.2.4 Windows 2000 Server
Have
Rob Archer wrote:
Anybody have any suggestions ?
Have created the key through open ssl and configured apache (using
http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL instructions) and
can access https via the IP address of the web server but not the
domain name. When
Thanks for the response, I'm using the following in the httpd.conf
file:-
IfModule ssl_module
SSLMutex default
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none
ErrorLog logs/ssl.log
LogLevel info
/IfModule
VirtualHost 1.2.3.4:443
SSLEngine On
SSLCertificateFile
What's the result when you set ServerName to your domain
name within the virtual host?:
VirtualHost 1.2.3.4:443
ServerName example.com
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
/VirtualHost
Rob Archer wrote:
Thanks for the response, I'm using
Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated...
Thanks,
David Gerendas, CISSP
McAfee, Inc.
949-297-5600 Main
949-860-3369 Direct
http://csrc.nist.gov/cryptval/140-1/1401val2007.htm#733
Best~
-d
[EMAIL PROTECTED] wrote:
Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated…
We have apache 2.2.4 compiled with all modules but commented out all
load modules. Do not have anything in httpd.conf file to state that this
is https. But when I start apache, it tries to goto https and prompts
for pass phrase. How does apache determine that this is https whereas
this is actually
Saikat Saha wrote:
We have apache 2.2.4 compiled with all modules but commented out all
load modules. Do not have anything in httpd.conf file to state that this
is https. But when I start apache, it tries to goto https and prompts
for pass phrase. How does apache determine that this is https
Apache was compiled as below
./configure --with-ldap --enable-mods-shared=all ssl ldap cache proxy
authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
disk_cache --prefix=/opt/apache-2.2.4
Httpd -l gives below
[EMAIL PROTECTED] bin]# httpd -l
Compiled in modules:
core.c
Apache 2.2.4 Windows 2000 Server
Have created the key through open ssl and configured apache (using
http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL instructions) and
can access https via the IP address of the web server but not the domain
name. When trying to get the to the webserver via
my apology for late replies...it works for me.
Thanks Team !!!
On 6/12/07, Omar W. Hannet [EMAIL PROTECTED] wrote:
Lalit Kapoor wrote:
Can you give me some idea if it possible to add mod_ssl in running
configuration or do i need to recompile and install apache with mod_ssl.
Have you tried
Hi,
I am using following version of apache, i got it installed using yum
install httpd .
Server version: Apache/2.0.52
Server built: Aug 2 2006 05:21:10
There is a requirement of adding mod_ssl module to existing apache
configuration.
Can you give me some idea if it possible to add
Lalit Kapoor wrote:
Can you give me some idea if it possible to add mod_ssl in running
configuration or do i need to recompile and install apache with mod_ssl.
Have you tried 'yum install mod_ssl'?
--
Omar W. Hannet
http://www.allez-oop.net/
Hi,
We are trying to setup apache 2.2.4 alongwith mod_ssl and mod_jk. Mod_jk
has been successfully configured and working with two instances of
Jboss.
However after installing mod_ssl, does not seem to be
installed/configured properly. Is there some link which describes step
by step setup
I've learned that I can fix this problem by not using an external style
sheet.
This only affects IE6 on XP without SP2. Everyone else seems to be able
to view my pages fine, and even these problematic IE6/XP customers can view
pages with external style sheets that are not using HTTPS.
Hi Mark,
Did you try Google http://www.google.com/search?q=Starfield+cert+ie6?
I guess, the root certificate causes the trouble.
Sven.
Mark Beiley schrieb:
Hi Sven,
Thanks for the reply. I believe I have KeepAlive off for this browser.
In my ssl.conf file I have:
SetEnvIf User-Agent
Hi Sven,
Interesting... I hadn't thought of that. I know some other
sites using a Starfield certificate. I'll see if these
customers experience the same problem when they go there.
Thanks for your help!
Mark
http://www.beiley.com
- Original Message -
From: Sven Geisler [EMAIL
Hello,
Several customers are not able to access my server via HTTPS. Their browser
just sits there, and doesn't display anything. I've determined the common
properties of these cases to be:
Windows XP (all of them without SP2)
Internet Explorer 6
I can see their requests show up fine in my
Thanks for the reply Zareh, but still no joy :-(
We DO have old libraries on the box, but when compiling apache (after
setting SSL_BASE),
The output does show:
.
.
+ SSL library version: OpenSSL 0.9.8e 23 Feb 2007
.
.
Running a strings on httpd shows:
OpenSSL 0.9.7b 10 Apr 2003
SSLv2
Hi Sven,
Thanks for the reply. I believe I have KeepAlive off for this browser.
In my ssl.conf file I have:
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Thanks,
Mark
http://www.beiley.com
Hi Mark,
Do you have KeepALive
Hi guys,
Is there a definitive way of finding out the version of OpenSSL used by
httpd, with mod_ssl statically compiled into it.
Thanks!
|-+-
| | [EMAIL PROTECTED]|
| | om|
| | Sent
Hi Vishal,
I seem to remember running into this a while back, it turned out that I had old
ssl libs in /usr/local/ssl and apache's build scripts were picking them up.
instead of /usr/local/openssl - I can't remember what I did to get them to
compile with the newer openssl libs, but here are a
Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?
HEAD / HTTP/1.0 shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:
CustomLog /tmp/ssl.log %{SSL_VERSION_LIBRARY}x
Hi List,
I having an issue here on a newly setup webserver that I'm hoping you
can help me with. For some reason, when some of our customers click to
go into the secure area of our site, they're getting the Plain Jane IE
error page of Page cannot be displayed. When this happens, I get an
There seems to be a bug in IE that affects how it interacts with
mod_ssl. See:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#msie
for some tips.
Rich
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Nichel
Sent: Thursday, May 31, 2007 9:03 AM
David P. Mott wrote:
Here are some shots in the dark for you:
When I tried to tighten down the ciphers and SSL protocols on my server,
some (but not all) users on both IE6 and IE7 started to get that page
not found error (although my log error was something like re-negotiate
failed). I
On Thu, 31 May 2007, John Nichel wrote:
Thank you. I'll give this a shot. By newer versions of Apache, do you
mean in the 1.3.x build?
Yup.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
Hello,
I'm having a problem with Internet Explorer's Show friendly HTTP error
messages in response to a 403 generated by an SSLRequire directive, when
trying client certificate authentication.
I've come across some information about over-riding the browser config by
setting the size of the
Hello,
i have got 2 problems with my Apache using mod_ssl and authentification
with client-certificates.
1. When the Apache is running and i copy a new pem-encoded
CA-Certificate in the specified directory (SSLCACertifcatePath) and
create the symbolic hash-link, no client is able to connect with
1. I believe the server reads the CA cert into memory at startup for a
couple of reasons: to prevent unnecessary disk access, and probably as a
security measure as well. If your cert is password protected, you might
want an admin to type it in and startup is the perfect time to do it.
2. Maybe
Looking at the SSL 3.0 spec at
http://wp.netscape.com/eng/ssl3/draft302.txt, there appears to be a size
limit for the list of CA distinguished names ..
struct {
CertificateType certificate_types1..2^8-1;
DistinguishedName certificate_authorities3..2^16-1;
}
I've been searching through the mailing list to find an answer to this
question, but haven't run across it yet.
We currently use the
Sorry, I sent the last message prematurely (damn hotkeys).
We currently use the following options to get around the IE SSL bug:
SetEnvIf User-Agent .*MSIE.* \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
We also wish to use X509 client
Any suggestions on the above warning? This happens quite a bit under
very heavy load. We use shmcb cache (512000).
Thanks,
Brian Hayward
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
I will be out of the office starting Sat 05/05/07 and will not return until
Mon 14/05/07.
Je répondrai à votre message dès mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88 ou notre
support technique au 01 46 67 88 98.
Cordialement.
Hello,
im having some trouble when starting ssl on my apache2 server, first i
must say that i did not install apache, so i really dont know if ssl
was enabled, but i guess so since in the httpd.conf i have
IfModule mod_ssl.c
Include conf/ssl.conf
/IfModule
well, the second thing is that i
Are you calling apachectl using the full path to the apachectl
that knows where THOSE conf files are?
Sorry for top-posting... It just seemed like the right thing to do
in this case.
javier rojas wrote:
Hello,
im having some trouble when starting ssl on my apache2 server, first i
must say
2007/4/27, Phil Ehrens [EMAIL PROTECTED]:
Are you calling apachectl using the full path to the apachectl
that knows where THOSE conf files are?
Sorry for top-posting... It just seemed like the right thing to do
in this case.
hello :)
well im using the only apachectl in my machine, thats in
javier rojas wrote:
2007/4/27, Phil Ehrens [EMAIL PROTECTED]:
Are you calling apachectl using the full path to the apachectl
that knows where THOSE conf files are?
Sorry for top-posting... It just seemed like the right thing to do
in this case.
hello :)
well im using the only apachectl
On Fri, 27 Apr 2007, javier rojas wrote:
2007/4/27, Phil Ehrens [EMAIL PROTECTED]:
Are you calling apachectl using the full path to the apachectl
that knows where THOSE conf files are?
/usr/local/apache2/bin/apachectl restart
to see if apachectl was reading the correct httpd.conf and it
And when you run
/usr/local/apache2/bin/httpd -V
Does everything look okay?
m, this is what i was looking for.
/usr/local/apache2/bin/httpd -V
Server version: Apache/2.0.49
Server built: Apr 23 2007 10:41:23
Server's Module Magic Number: 20020903:7
Architecture: 64-bit
Server
2007/4/27, David P. Mott [EMAIL PROTECTED]:
On Fri, 27 Apr 2007, javier rojas wrote:
2007/4/27, Phil Ehrens [EMAIL PROTECTED]:
Are you calling apachectl using the full path to the apachectl
that knows where THOSE conf files are?
/usr/local/apache2/bin/apachectl restart
to see if
javier rojas wrote:
And when you run
/usr/local/apache2/bin/httpd -V
Does everything look okay?
m, this is what i was looking for.
/usr/local/apache2/bin/httpd -V
Server version: Apache/2.0.49
Server built: Apr 23 2007 10:41:23
Server's Module Magic Number: 20020903:7
I don't know why I didn't find this in the dozens of Google searches that
I did *before* I posted my question, but these seem to be what I'm looking
for:
SSLCADNRequestFile / SSLCADNRequestPath
http://httpd.apache.org/docs/trunk/mod/mod_ssl.xml#sslcadnrequestfile
I think all you need to do is tighten up your SSLRequire rules.
Something like this (all on one line, omitting the backslash at line-end):
SSLRequire %{SSL_CIPHER_USEKEYSIZE} = 128 \
and %{SSL_CLIENT_I_DN} eq IssuingCA2
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC23
David P. Mott wrote:
I don't know why I didn't find this in the dozens of Google searches
that I did *before* I posted my question, but these seem to be what I'm
looking for:
SSLCADNRequestFile / SSLCADNRequestPath
Please be aware that Apache/ModSSL uses den SSLCADNRequest-
File /
301 - 400 of 14612 matches
Mail list logo
