Win32
edition!
Does any one have solution to this problem?
EAST WIND TECHNOLOGIES, INC.
ERIC LIN
Disable port 80.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Conrad Ng
Sent: Wednesday, June 05, 2002 8:47 PM
To: [EMAIL PROTECTED]
Subject: How to disable part of the HTTP pages?
Dear all
After I have implemented the SSL technology in my servers,
You can use cygwin and it comes with openssl compiled.
Regards,
Lin Geng
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eduardo Fresno
Sent: Wednesday, January 23, 2002 5:54 AM
To: [EMAIL PROTECTED]
Subject: Apache and Mod_SSL
Hi,
I was wondering
does someone have some C/C++ example how to
GET / POST over HTTPS in Unix ?
thank you
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Auto
It seems that you have built it. To run it
correctly, you need to configure apache to use SSL. Look into the samples
of how to use the httpd.conf file. Its all in that file.
Cheers,
Lin Geng
- Original Message -
From:
~{Nb7I~}
To: [EMAIL PROTECTED]
Sent: Friday
- Original Message -
From: "Sibone Chen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 29, 2000 9:37 AM
Subject: Re: Crypto law question...
> Ralf,
>
> I am in China. This law question is relate to me. My problem is: If I need
128
> bit SSL cryption, what should I d
SSL is a session based protocol, it is difficult to use it for file
encryption. It is based on a secret, that is established during the
handshake phase. Once the session is terminated, the secret cannot be
recovered. To encrypt files, s/mime surely can be used.
Cheers
Lin Geng
[EMAIL PROTECTED]]
> PureTLS - free SSLv3/TLS software for Java
> http://www.rtfm.com/puretls/
> __
> Apache Interface to OpenSSL (mod_ssl)
__
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
It may not be enough. I think you need to edit the SSL.H file. The def
- Original Message -
From: "john easton" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 06, 2000 2:36 PM
Subject: Do I need to use certificates?
> Hello,
>
> I have recently set up mod_ssl on Apache 1.3.6 and I am just getting
> started messing around with it. My q
IL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
If you are doing a WIN32 version, you also need to edit the libeay32def
file.
Lin Geng
__
Apache Interface to OpenSSL (mod_ssl)
m.
>
> thanks
> -Brett
Key generation use random prime numbers to avoid attacks. I don't see how
can you generate the same key again. The only way is to attack the public
key to figure out the prime number components, but if thats possible without
hu
issue certificates for other machines, then.
But you can't be a certificate server for other hosts. In another word,
other hosts cannot use your certificate since the certificate specifies the
comman name for a particular host.
Lin geng
__
-Original Message-
From: Hakan Tandogan <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, December 09, 1999 11:52 AM
Subject: "intermediate" CA status?
>
> Hi,
>
> We are designing a Web-bases application that will use client
>certificates as an alternate pos
-Original Message-
From: P.K.B. Hari Gopal <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, December 10, 1999 6:57 AM
Subject: Installation Problem..
>Hello,
>I have installed openssl-0.9.4 without any errors on WindowNT system.
>During my installation process
ficates. Otherwise, it is not. But if you are using a certificate with
512 bit public key algorithms and a 128 bit symmetrical encryption, it does
not make too much sense. generally, stronger symmetrica key length goes
with longer public key length. For instance, 1024 DH with 128 trip
, since this is not the way openssl checks
certificates, some code need to be written. I won't recommended it anyway.
The amount of coding is not the issue.
Lin
>__
>Apache Interface to OpenSSL (mod_ssl)
I did builds on HPUX-10 with HP C compiler. I guess HPUX-11 is not in the
llist of system config. When you run config, what do you see?
Lin
-Original Message-
From: Saeid.Sadeghi <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, September 13,
I believe that I had the servlet part working on a mod_ssled Apache.
Lin
-Original Message-
From: Sebastian Szuber <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, September 10, 1999 3:45 AM
Subject: JServ (mod_java) and mod_ssl.
>Hi
Unless your browser supports no-cert authentication, they won't be able to
establish SSL with your server. At least a server certificate is needed.
Lin
PS what is csr? crt, pem, der are the typical types for certificate files.
csr sounds like a certificate signing request. It is not a
Can you manually create it ?
Lin
-Original Message-
From: Sun JunXu <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: Thursday, September 09, 1999 1:02 AM
Subject: RE: can't find openssl.cnf
>thanks for your replying,
>now the p
By default, it supposed to be in \usr\local\ssl\. On Windows NT(are you), I
remembered that sometimes I have to go to the source file to modify the
path, changing "/" to "\". There got to be a better way, but I have not
investigated.
Cheers
Lin
-Original Message-
There are boards designed to handle hardware encryptions. I remebered
seeing a Califonia based company showing products in last year's Internet
Expo. HP also has some hardware encryption products.
Cheers
Lin
-Original Message-
From: John <[EMAIL PROTECTED]>
To: [EMAI
You select non-export cipher suites. This can be done by disabling all
exportable ciphers. If you launch openssl, just type in "ciphers", all the
cipher suites available should be displayed.
Cheers
-Original Message-
From: ListServ <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROT
As far as I knew, you don't have to convert them into PEM format. Apache
takes DER format files.
Lin
-Original Message-
From: Arend van der Veen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, August 07, 1999 3:00 PM
Subject: Verisgn Serve
The steps are in the INSTALL.W32 file. I tried the latest version mod_ssl
with apache 1.3.6 and it builds and runs fine. Except that the -D SSL
switch is still needed (when starting aapche).
Cheers
-Original Message-
From: Khimenko Victor <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMA
see www.verisign.com .
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, July 23, 1999 2:02 PM
Subject: Getting Certificate !
Hi everybody,
I want to know how to get certificate. After
install, I
have a Snake
One possible place to look, I suggest, is the configuration files. By
default, ca use openssl.cnf for default values. It seems, based on the
output, the signing step is OK. You have the cert signed and database
updated. I suspect the verification step.
Cheers
-Original Message-
From:
Thanks Ralf.
I have a question concerning CRL handling. I found that OPENSSL is loading
cert file and CRL using the same file name. These are X509_load_crl_file
and X509_load_cert_file (in by_file). Is this by design? Should this mean
that the certificate (chain) and CRL are in the same file?
inetd start the
process.
Thanks.
Lin Geng
I don't really have the inside knowlege of Surety. Timestamping is
complicated business and "Applied Crypto" mentioned the basic requirements.
You have to show the world that your timesamping is credible first. And
that involves a lot of details. Applied crypto have a short section on it.
It w
I will suggest anyone to read Bruce Schnier's book first before doing
timestamping services. That's a good first step to take.
Cheers
-Original Message-
From: Daniel Reichenbach <[EMAIL PROTECTED]>
To: modssl User List <[EMAIL PROTECTED]>
Date: Thursday, July 08, 1999 9:25 AM
Subject:
Somehow I remebered that you beed to use -D SSL. At least for the earlier
versions. The space may be necesary (I tried on WIN32).
Cheers
-Original Message-
From: Roman Maeder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, July 05, 1999 8:00 AM
Subject: inac
It is sort of complicated. Waht is more important is that if the client
does not want to see any certificates, why bother to encrypt data? Since
you can be "securly" talking to the wrong party, encrypt data without
authenticating the server first does not make much sense, unless you are
perfectl
te: Saturday, June 12, 1999 10:46 AM
Subject: Re: Cant get SSL to work
>No, I can not talk to port 443.
>
>
>
>Lin Geng wrote:
>
>> 1. Can you talk to ..157.50:443?
>> 2. If so, did you use httpS://... to talk to ..157.50:443
>>
>> based on the ssl
Good luck for all your exames.
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, June 11, 1999 6:21 AM
Subject: RSE is busy until October
>
>Just for your information:
>
>I'm very busy until approx. mid of October
1. Can you talk to ..157.50:443?
2. If so, did you use httpS://... to talk to ..157.50:443
based on the ssl log, it does not seem the request ever hit the server.
Cheers
-Original Message-
From: Tarun Tuli <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, June
If you have a suggestion on how to do it, I like to know it, please.
Cheers
-Original Message-
From: Tim <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 10, 1999 5:14 PM
Subject: Re: [BugDB] Compile fix for mod_ssl 2.3.3 with MM (part 2)(PR#187)
>Eh,
What about a virtual host with port 80? It may not be a SSL problem.
Cheers
-Original Message-
From: Kevin Baker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc: Lin Geng <[EMAIL PROTECTED]>
Date: Wednesday, June 09, 1999 10:52 PM
Subject: Re: br
It builds and runs nicely. Thanks.
Cheers
P.S WINNT 4 SP4, VC++ 6.
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, June 09, 1999 10:17 AM
Subject: ANNOUNCE: mod_ssl 2.3.
Thanks for the info. BTW, is this newly added feature/
Cheers
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 10, 1999 2:50 AM
Subject: Re: Trouble with certificates
>On Wed, Jun 09, 1999,
Thursday, June 10, 1999 9:04 AM
Subject: Re: Encryption with no certificate
>On Wed, Jun 09, 1999 at 09:54:38PM -0400, Lin Geng wrote:
>> >From: Dick Porter <[EMAIL PROTECTED]>
>> >
>> >I'm trying to set up a mod_ssl server, but I only want link encryption
and
The simplest way is to use the no-rsa option. It seems the deafult
(openssl) is that if you have RSA on, you want authentication. If you
disable RSA, ADH will kicks in automatically.
Cheers
-Original Message-
From: Dick Porter <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED
May be a problem of the private key format. Mod_ssl expect PEM format key
file.
Cheers
-Original Message-
From: Ryan Gray <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, June 09, 1999 9:29 AM
Subject: Trouble with certificates
>Hello,
> I just installed
It does not seem port 443 is accepting. How do you know you have apache
listening on 443 if s_client connot connect to it?
Cheers
-Original Message-
From: Kevin Baker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, June 08, 1999 11:32 PM
Subject: browser han
client certificate(if the server requires). That will be a server side
issue.
Cheers
lin
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, June 08, 1999 6:31 AM
Subject: Client- Authentication with mod_
, then ap_mm_permission(mm,
SSL_MM_FILE_MODE, ap_user_id, -1); causing problem in ssl_engine_scache.c
needs to be conditional
4). #include in ssl_util_table needs to be
conditional.
Thanks.
lin geng
__
Apache
The user is supposed to create his key pair on his machine and send out the
certificate request. If you are doing everything, then you have the
opportuty to compromise his private key. Technically, this is not a
corrrect way to do certification.
Cheers
lin geng
-Original Message
?
Thanks.
lin geng
P.S The first time I sent to [EMAIL PROTECTED] and the
mailwas returned.
nclude" since the file is specified as "openssl\ssl.h".
Everything else in the build seems OK. Thanks again.
Lin Geng
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED
Thank you. Its a great effort on your side and I fully appreciate all of
it.
Cheers
lin geng
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL
Based on the output, the patch was applied OK.
I had to copy header files from openssl\include\openssl to openssl\include
to get the patch going.
I have the screen dump attached as a txt file.
Thanks for the prompt response.
lin geng
-Original Message-
From: Ralf S. Engelschall <[EM
rror U1073:
don't know how to make '.\crypto\date.h'
Cheers
lin geng
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, May 23, 1999 6:30 AM
Subject: Re: Files missing in 990520 snapshot?
8: too many initializers
Also, the do_nt.mat in ms\ does not produce valid make file. An error of
"illegal characer {' in macro" stopped the make. do_ms.bat works fine.
Thanks
lin geng
-Original Message-
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL P
I am having trouble to locate the modssl-SNAP-19990521.tar.gz file in
modssl.org. Do I have to use CVS in order to get it?
lin geng
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
Can you access the server in regular HTTP mode?
When you start the server, did you use the -D SSL switch?
lin geng
-Original Message-
From: Ingo Zitzmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, May 20, 1999 1:48 PM
Subject: SSL config
you can use all ciphers
> ;) But try it out, even a DSA-only server is now possible...
>
> Please give me feedback.
>Ralf S. Engelschall
>[EMAIL PROTECTED]
>www.en
(openssl 0.9.1c) have no
problem. The install.Win32 instruction works. I had problems trying to
build openssl 0.9.2b. It doesn't build.
Since I did not use mod_ssl 2.2.7, I cannot comment much on it. Why don't
you try 2.2.8?
lin geng
Thanks. I'll like to try it out. Send me the path, please.
Lin geng
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated
I tried to use DH and DSS ciphers and was
unsuccessful. I did modify the config file to put them in.
Should I use a cert with DSS key specified in
there inorder to use DH and DSS?
Thanks
The CN field of the certificate has to be the same as the domain name used
to access the server. It will create problems. Of course, there can be
other reasons...
On Thu, 13 May 1999 [EMAIL PROTECTED] wrote:
> Full_Name: Joe McMahon
> Version: 2.2.8-1.3.6
> OS: IRIX 6.4
> Submission from: prt
What about the key length?
BTW, wahts the size of a GlobalID key?
On Wed, 12 May 1999, Brian Pollock wrote:
> I am still having problems getting my certificate from Verisign to
> work. I had a GlobalID, but now I have had a SecureSite certificate
> issued, but I am still seeing the exact pro
I am curious. IF the server certificate had a common name www.xxx.org and
the virtual host is yyy.xxx.org, should the browser considering the server
a fake?
On Tue, 11 May 1999, Derek Smith wrote:
> Eric,
>
> What you need to do is to add the IP address and 'secure' hostname to one
> line in
Did yuo check the format of the certificate and the key file? Apache uses
PEM.
-Original Message-
From: Brian Pollock <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, May 09, 1999 5:23 PM
Subject: Problem getting Verisign Cert to work
>Hi
>
>I have seen my ex
I suggest you use a set of certificate and key that has proven working.
-Original Message-
From: Pedro Gama <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; SSLEAY
<[EMAIL PROTECTED]>
Date: Wednesday, April 07, 1999 3:51 AM
Subject: Problemas com ca no SSLeay
>Hi,
>
>I wo
The 1024 key size is for the RSA key, which is certified in the
certificate. The 40 bit is the symetrical encrytion key. The public key
encryption is used for signing and initial establishment of the secret key
encryption. The secret key is used to encrypt data. It is normal to see
1024 public
What are the "VALUE"s that you refered?
(>> ...so if you wan't to selfsigned your certify you need to change the
values
>> you are putting on both certicates)
Thanks.
-Original Message-
From: Juan Carlos Castro y Castro <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date:
It seems the sleay rsa function expects PEM formated data. Are you sure
IIS keysare in the correct format? If they are in DER format, you may
need to specify the nput format is DER.
Good luck.
On Sun, 24 Jan 1999, Webis wrote:
> Hi. I've used Visual C++ 6.0 to compile ssleay and mod_SSL with
Hi,
can anyone tell me how can I load CA cert (created myself) into Netscape Communicator?
I think that was the reason that I can not get my client Cert (also created by my CA)
to work.
Thanks in advance!
__
Xiaping Lin
Hi,all
I installed apache1.3.3 with mod_ssl_2.1.1 on my SUN sparc 10 machine. I created my
own CA and signed own server cert.
To create client certicficate, I downloaded PKCS12 from Dr. Henson's FAQ page, patched
CA certificate (with ca-fix) and compiled PKCS12.exe. Everything went well except
was created when I did "make certificate"
before "make install".
Can anyone tell what I did wrong ?
Thank you for help
Xiaping Lin
__
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Try Oscar. It is developed in Austrilia. Ths site should be
oscar.dstc.qut.edu.au. It only works, for now, on Unix and Linux
platform.
On Fri, 6 Nov 1998, Mario Filipe wrote:
> Hi
>
> Does anyone know if there is a Free Certificate Server for linux?
>
> Thanks!
>
> Mario Filipe
>
Try start Apache using the -l switch, it will tell you the modules in. If
you don't see mod_ssl.c in there, you have a build problem. If you do see
it, making sure you have the -D SSL switch on the start up param. You can
use the -S to see the virtual hosts. It should show you the ports and
ips
When you generate the rsa key, did ssleay ask you for password?
It is possible the asking message was not displayed right and waswiting
for a input. But I don't know why you get all key, cert .. generated.
Have you dupmed them out to see the fields?
In the log, it seems the server failed to get
I don't think you can. The law doesn't care where it come from. Once is
made here, goes abroad means export. I am not a lawyer, but thats what I
heard. Easily accessible and export are separate things. Before you
export, ask the commerce department (or your lawyer).
On Thu, 15 Oct 1998, Pete
Yes. The beta version are suposed to work on NT. I found the problem was
in the pathing program. I found another port of GNU patch (2.1) and it
worked. Now I have it build on NT 4.0 (apache 1.3.3 and mod_ssl 2.1b6)
with a few warning messages. I don't know how serious these warning are.
But I
I had the same problem with WINDOWS NT. But I thought that was due to the
utility incompatibiliies. Like to know why, too.
On Mon, 12 Oct 1998, Ryan Hertz wrote:
> Howdy Ralf, list,
>
> U.S. Citizen, Linux, Perl5.0004
>
> >From my root:
> drwxr-x--- 22 root root 1024 Oct 7 14:2
77 matches
Mail list logo