Were there relevant fixes to mod_ssl after release 2.2.3? Or maybe
Red Hat backported patches against renegotiation attacks which cause the issue?
Ciao, Michael.
__
Apache Interface to OpenSSL (mod_ssl) www.modss
la/show_bug.cgi?id=45107
It's broken => it should be fixed. Unfortunately no-one cares. :-(
Ciao, Michael.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
That's the problem with
HTTP basic authc.
Ciao, Michael.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automat
Gilles Cuesta wrote:
2008/6/16 Michael Ströder <[EMAIL PROTECTED]>:
Gilles Cuesta wrote:
So, at a time, we have 2 ClientCA with different key and different
validity period, but same DN.
This is bad practice. Try searching for "CA key roll-over".
I found docs about it, but
ients work only if CRL is signed by
old ClientCA.
Well, you asked for trouble...
You could try to add the authorityKeyIdentifier extension to the CRL if
it's also present in the CA certs. This could work with some software.
But my strong recommendation: Fix your 2nd ClientCA cert.
Michael Ströder wrote:
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute
type 'uid' specified for pilotPerson). That seems right to me since
it's compliant with RFC 4514 which c
Michael Ströder wrote:
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute
type 'uid' specified for pilotPerson). That seems right to me since
it's compliant with RFC 4514 which c
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute type
'uid' specified for pilotPerson). That seems right to me since it's
compliant with RFC 4514 which contains a table of
Joe Orton wrote:
On Fri, May 23, 2008 at 04:46:48PM +0200, Michael Ströder wrote:
In the current 2.x mod_ssl sources, UID maps to:
#ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
{ "UID", NID_x500UniqueIdentifier },
#else /* old name, OpenSSL < 0.9.7
Joe Orton wrote:
On Fri, May 23, 2008 at 04:46:48PM +0200, Michael Ströder wrote:
Hmm, the user ID is already stored by mod_ssl with attribute name "UID" in
env var SSL_CLIENT_S_DN. Given that it's OpenSSL 0.9.8 and that the
attribute type seems to be interpreted as UID is it
Joe,
many thanks for your response.
Joe Orton wrote:
On Mon, May 19, 2008 at 10:13:45AM +0200, Michael Ströder wrote:
Maybe I'm overlooking the obvious but it seems that env var
SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication.
The following env vars display
uscated to protect privacy):
SSL_CLIENT_S_DN: /O=Company Name/OU=Authc/UID=userid/CN=Full name
SSL_CLIENT_S_DN_UID: (none)
Is it caused by UID not being the leaf RDN?
Ciao, Michael.
__
Apache Interface to OpenSS
.
Did I create my self-signed wild card cert properly? I must have done
something partially correct for IE to accept it without warnings or
errors.
Michael Grant
__
Apache Interface to OpenSSL (mod_ssl)
: Question on SSL for Apache 1.3.9 on Windows
get the src and compile or read:
http://tud.at/programm/apache-ssl-win32-howto.php3
--- Michael Driscoll <[EMAIL PROTECTED]> wrote:
> I am running Apache 1.3.9 on Windows 2003 SP2 and need to install
> SSL. I
> am new to this so I w
I am running Apache 1.3.9 on Windows 2003 SP2 and need to install SSL. I
am new to this so I was wondering if someone can help me? I am unable to
find a precompiled version of mod-ssl.
Regards
Michael
switch to HTTPS happens automatically using RewriteCond and RewriteRule.
I don't know what to do, I can't preserve the POST data. Any ideas?
Regards,
Michael
--
Michael Böckling
Java Engineer
dmc digital media center GmbH
Rommelstraße 11
70376 Stuttgart (Germany)
Telefon: +49 71
on
Interrupted" or "Action Cancelled" (pick your browser) and I get this in the
error.log:
[error] [client 192.168.0.4] Invalid method in request \x80L\x01\x03
Does anyone have any ideas what I can do to fix it at all, or why it's
happening?
Thanks for your help.
Che
On Sun, 2007-02-25 at 18:39 +0100, Julius Thyssen wrote:
> On 2/25/07, Michael Pacey <[EMAIL PROTECTED]> wrote:
> > By configuring the new IP address to the machine,
>
> That is already the case. I only have to open a port in iptables.
>
> > adding a Listen direct
On Sun, 2007-02-25 at 15:31 +0100, Julius Thyssen wrote:
> HI,
>
> I have a VPS listening to 2 different public IP-adresses.
> For ALL http and a https virtual host requests it currently listens to only 1
> IP
>
> The ssl.conf therefore has
>
> Listen xxx.xxx.xxx.xx1:443
> Listen xx
y.c", line 1903: warning: improper pointer/integer
combination: arg #1
"lex.ssl_expr_yy.c", line 1904: cannot recover from previous errors
cc: acomp failed for ssl_expr_scan.c
make[6]: *** [ssl_expr_scan.o] Error 2
make[5]: *** [all] Error 1
Any advice how to get round this?
Many thanks
Michael
bably happening is your Apache distribution already has SSL
configured, and when you've followed the SSL howto you've duplicated the
steps required to enable SSL.
That's my tuppence worth anyway. Hope it helps.
--
Michael
_
On Wed, 2006-10-11 at 14:31 -0700, Yvo van Doorn wrote:
> I am running Apache2 with the included mod_ssl module, I figure this a
> good place to start, but if it belongs on the apache httpd mailing
> list you can bluntly tell me.
>
> The servers I administer run in an environment that is pretty pa
t; BB said:
>>>>> I made the tests with IE from at least 4 different computers, located
>>>>> in
>>>>> networks from 3 different ISP's.
>>>>>
>>>>> Yes, the connection is done, because ith shows up instantly with
>>&g
lling an HTTP capture tool like IE Watch
and seeing if that gives any useful info.
--
Michael Pacey
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users
a TCP
connection? If you're not, it's not an Apache or mod_ssl issue.
--
Michael Pacey
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
le and the protocol specific
stuff in the virtual host sections?
--
Michael Pacey
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users
We are trying to implement: Windows XP, Apache 2.2.3, mod_ssl and running
into problems.
Question:
Is it possible to do this under Windows without compiling Apache from
source?
We were able to get it to work using Apache 2.0.59 after some wrangling with
OpenSSL and cert creation.
(Had to create
e pre-installed
OpenSSL package.
-
Ming Yu
-
Johns
Hopkins University Applied Physics Lab.
From:
[EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On Behalf Of Michael Smith
Sent: Monday, January 23, 2006
9:20 AM
To: modssl-users@modssl.org
Subject: Errors with fire
Hello thereNot sure if the underlying problem here is with mod_ssl or openssl or something else - so apologies if this email is going to the wrong place.I have apache compiled on solaris with sun cc with mod_ssl-
2.8.25-1.3.34 and openssl-0.9.8a (I've also tried 0.9.7i).When accessing the site usin
otocol:ssl/s23_clnt.c:494:
I googled for the error (140770FC) and for the code
line (s23_clnt.c:494) but didn’t get any clue for my problem.
I hope anybody has a clue for me, cause im running
low on ideas what else I could try.
Thanx inadvance
Michael Nitschke
MBI Institut für Marketingb
Hi!
I have found a small bug in 'apachectl' script (apache_1.3.33+mod_ssl-2.8.22).
'configtest' option of this script does not work inside clause.
The simple workaround is to add next block of code into script:
configtestssl)
if $HTTPD -t -DSSL; then
:
else
I suggest you follow the procedure in the openssl source package
(install.w32) instead of using the perl commands in the apache httpd
documentation. This worked fine for me.
HTH
michael
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im
Auftrag von b h
er-Agent .*MSIE. 5.*"ssl-unclean-shutdown
> nokeepalive
Maybe there is only a '"' missed before the RegEx ...
Good luck : michael
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Im Auftrag von Sven Geisler
> Gesendet
range ... anyone knows about debugging or configuring Windows
Explorers WebDAV folders ? ( "Microsoft Data Access Internet Publishing
Provider DAV" )
thx4all : michael
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im
Auftrag von Michael Pfannkuchen
Ges
cert date, so my servlet engine can check that itself
and display an appropriated error page instead of
the server not found one?
So Apache would just take the certificate,
not check anything, export it, and I'll handle
all cert related errors somewhere else.
Thanks,
Michael Lamot
14 660
"Microsoft Data Access Internet Publishing Provider DAV"
... HEAD works ok, but PUT is getting back response code '70014' ! (ups ...)
Any ideas what could happen here?
thx4all : michael
__
Apache In
hi steffen
>ProxyPass /myapp https://backendserver/app
>ProxyPassReverse /myapp/ https://backendserver/app/
any specific reason for the missing trailing slashes in the ProxyPass
directive, or is this only a typo?
regards
m
...depends on your configuration. SSLSessionCache works fine with my apache
1.3.27, but I had some problems with apache 2. with 2.0.39, session cache
was not honoured on win32 (bugzilla 10170), but this may have changed in the
meantime.
rgds
michael
> -Ursprüngliche Nachricht-
&g
I have a client who wants to host multiple mirrors of the same SSL
website that point to the same data; is there any way to do this without
consuming additional IPs? Could I have the other names accept on :443
in HTTP mode and redirect??
Thanks for any help.
--
Michael T. Babcock
C.T.O
Hi,
I am running apache 1.3.23 with modssl. I have setup a htaccess file in a directory,
but it isn't being picked up. I have set the
Options FollowSymLinks
AllowOverride AuthConfig
I seem to remember that I mi
Quoting David Iungerich <[EMAIL PROTECTED]>:
> yes, that is correct. I meant http to https. So, there is no way to
> do
> this with existing mods? I have to use something else? Java or
> Python
> program? Anyone already have anything?
>
I couldn't find anything to do this besides the two p
Quoting David Iungerich <[EMAIL PROTECTED]>:
> I need to implement Apache as an https to http forwarder. I belive I
> need
> to use
> ProxyPass or Redirect, but am having difficulty figuring out the
> correct
> configuration.
Just to clarify, I think you mean http to https forwarder, as in you
...this _does_ work with mod_jserv, as long as it's compiled with -DEAPI.
binaries are available in the modssl contributions section.
rgds
michael
> -Ursprungliche Nachricht-
> Von: Noah White [mailto:[EMAIL PROTECTED]]
> Gesendet: Donnerstag, 11. Juli 2002 16:40
> An:
> Hi
> Currently have a system working fine under Apache 1.3.19 on NT
> but cannot find a version of mod_ssl.so for NT that will work with
> 1.3.26. Does one exist?
> Any info gratefully received
> Alex
>
http://www.modssl.org/contrib/
__
Quoting Michael Pacey <[EMAIL PROTECTED]>:
> Furthermore Apache cannot act as in initiator of SSL connections; I've
> spent
> many many hours testing this and everybody I've asked has said the same.
> I'd
> look at the code but I have no reason to believe t
se proxy it must
decode it. What Michael wants is a generic TCP proxy.
Think of it this way. When you configure Apache to accept SSL you have to have
configure it with an SSL certificate. Why? So it can authenticate and
subsequently decrypt the packets.
Furthermore Apache cannot act as in initi
then the Apache reverse proxy
> > will connect with SSL to both the browser and the downstream
> > webserver. This works, but is pointless as it loads the Proxy server's
> > CPU with SSL encryption/decryption. That's what we have the SSL
> > accelerators fo
t loads the Proxy server's CPU with SSL encryption/decryption.
That's what we have the SSL accelerators for.
What is missing in my config? Is this setup even
possible?
Any comments?
Thanks in advance.
-Michael
--
This is the Apache config I am usin
for testing purposes, i have compiled a 2.0.37-dev snapshot on NT. as there doesn't
seem to be any apache 2 binaries with mod_ssl around, i have put them in the modssl
user contribution area. they are not intended to be used in a production environment,
of course ;-)
regards
mi
for testing purposes, i have compiled a 2.0.37-dev snapshot on NT. as there
doesn't seem to be any apache 2 binaries with mod_ssl around, i have put
them in the modssl user contribution area. they are not intended to be used
in a production environment, of course ;-)
regards
mi
rewall and then connects to my apache server.
I guess my bottom line question is - can I use internal IP addresses to use multiple
ssl-enabled virtual hosts, and if so, how?
Regards,
Michael
__
Apache Interface to OpenSS
s, the remaining 0.03% are
caused by hardware changes. the only unplanned reboot since start of
production on this machine in may 99 was due to someone pulling out the
power cable between server and ups.
michael
> -Ursprüngliche Nachricht-
> Von: Johannes Bertscheit [mailto:[EMA
> I have made this work, however there are drawbacks to this solution.
Grrr, I take it back, I can't reproduce it now. I still get the "name
check, site name does not match certificate" warning before it follows
the redirect.
> 1) you need at least 2 certs, one for the virtual hosting server
> While we're on this topic...
> Owen Boyle wrote on 01.03.26
>
> "This question comes up so often it ought to be in the .sig of the list... ", and
> this ends with "Use different port numbers for different SSL hosts".
>
> I personally don't know what the .sig would mean, but the last
ect. I can import the self-signed cert into Netscape's trusted
root ca list but NOT IE's.
Can someone tell me if there is a right way to generate a cert that
works with more than one site with the various different browsers out
there?
Michael Grant
I have followed the installation procedures exactly for SSL. This is what I
have configured in this order
1) openssl 0.9.6.c
2) mod_ssl 2.8.7
3) Apache 1.3.23
onto a Linux Mandrake 8.0 (redhat) OS. I chose NOT to install MM Shared
Memory.
The whole configure and install worked without any errors a
this error but I could not find a solution.
Michael Katz
RAE Internet
39 Carthage Road
Scarsdale, NY 10583
ph. (914) 725-2370, (877)302-2027
fax (914) 725-2372
http://www.raeinternet.com
US Distributor RAV Antivirus
__
Apache
ernet systems support officer, ITCSD, Royal National Institute for
> the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733
> 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
>
> Evolution - A crutch for scientists who can't handle the existence of
> the creator
_alias --enable-
module=so --enable-module=rewrite --enable-module=log_referer --enable-
module=ssl --enable-module=info --add-module=../mod_gzip.c --server-
uid=wwwrun --server-gid=www
Could there be the problem?
Thanks in advance ...
Bye
Michael
Am 1 Mar 2002 14:44 schrieb [EMAIL PROTECTED]:
o other
result.
Normal connections seem to work fine (Opera says "High Encryption TLS
v1.0 128 bit C4 (1024 bit RSA/SHA) but File-Uploads fail when they
are larger than about 20k. Smaller files work fine I'm running
on RedHat 7.1
Can anyone give me a solution for th
quality.
michael
> -Ursprungliche Nachricht-
> Von: Will Guaraldi [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 22. Februar 2002 15:36
> An: [EMAIL PROTECTED]
> Betreff: RE: How to install mod_ssl + mod_webapp?
>
>
> For the record, we're running Apache
habe you set
Listen 443
in your conf?
-Ursprungliche Nachricht-
Von: Ken Tune [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 4. Februar 2002 19:03
An: '[EMAIL PROTECTED]'
Betreff: Connection hangs when using SSL
I'm trying to get Apache up and running on WinNT, with SSL
I'm using
Apac
> > [ Falk Großwig ] wrote:
> >
> > Hello,
> >
> > i just installed the mod_ssl for Apache. First it workes fine, but i
> > cant tell how, the Apache shuts down the mod_ssl ...
> >
> > i cant reach the mod_ssl url if i open a new browser window.
> >
>
> >
> >
> > ServerAdmin [EMAIL PROTECTE
;\.php$"
mod_gzip_item_include file "\.txt$"
mod_gzip_item_include file "\.htm$"
mod_gzip_item_include file "\.html$"
mod_gzip_item_exclude file "\.css$"
mod_gzip_item_exclude file "\.wml$"
mod_gzip_item_exc
lobal mutex lock
could anybody explain what this means, and if there's anything that can be
done about it - besides setting log level to error;-)
thanks
Michael
__
Apache Interface to OpenSSL (mod_ssl) www.
the following conf might work:
...
...
# restrict general server conf to localhost
BindAddress 127.0.0.1
...
...
Listen 80
Listen 443
##
## SSL Virtual Host Context
##
...
...
...
...
...
...
...
...
> -Ursprungliche Nachricht-
> Von: [EMAIL PROTECTED] [mailto:[EMAIL PR
looks like this:
https://hostname.capis.com:/
I would like to be able to use http://hostname.capis.com: or even
hostname.capis.com: as a URL. Is there anyway to rewrite the URL to do
this? I messed with mod_rewrite some but was unsuccessful.
Thanks in advance for any replies,
--
Mi
Use Apache Toolbox. It does it all for you but makes it easy to adjust.
*^*^*^*
Michael McGlothlin <[EMAIL PROTECTED]>
http://www.nomadphones.org
On Wed, 19 Sep 2001, Eric Paynter wrote:
> H... I added:
>
> LoadModule ssl_module modules/libssl.so
>
> and
arol L" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 06, 2001 10:53 AM
Subject: Intermittent "Page cannot be displayed" and "Cannot find
error or
DNS error" using mod_ssl and IE 5.5
[..]
Everything works fine
Ronald Ruzicka wrote:
>
> where I simply want a secure connection - I think we will end up in a
> philosophical discussion ... ;)
No proper authorization without proper authentication. Period.
Ciao, Michael.
that does not provide compression.
> (It may in the future.)
When serving HTTP over SSL it might be a better approach to learn
about compression of the HTTP body instead of messing around with
compression on SSL level (see RFC2616, HTTP_ACCEPT_ENCODING env
var., HTTP header line "Content-Enc
Jeff wrote:
> What is the host name (common name) in the certificates ???
> I suspect you have used *.mydomain.dom - correct ???
Hmm, I'm also using name based virtual hosting with ssl as well, but
my cert isn't *.domain.dom, it's just cn=domain.dom. The virtual
hosts are of the form sub1.domain
g apache and mod_ssl
but nothing seems to help. Perhaps I have some old libraries
somewhere, but where?
Michael Grant
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
porting/exporting
between IIS4/5 and mod_ssl, they are all pretty much interchangable
when you do a little hexediting and use the right formats in openssl.
Let me know if you need a hand.
--
Michael Pye
__
Apac
sign.com/support/tlc/class3_install_docs/intermediate/v00g.html)
But the issuing root CA cert
OU=Class 3 Public Primary Certification Authority
O=VeriSign,Inc.
C=US
seems to be a X.509v1 cert without any extensions (if I looked it up
correctly in Mozilla 0.9.2).
Any
On 6 Jun 2001, at 21:21, Mads Toftum wrote:
> On Wed, Jun 06, 2001 at 07:43:21PM +0200, Michael Middleton wrote:
> > I have successfully compiled ModSSL with OpenSSL and Apache a number of
> > times without problems, the last time with
> >
> > Apache/1.3
Can anyone give me some pointers, where to look.
Yours
Mike Middleton
-----
Michael Middleton
RZ der Universitaet Regensburg
93040 REGENSBURGTel: +49-941/943-4890
F R Ge
We are using the Sun crypto boards with openssl 0.96a. I just did the speed
test and got similar results to yours. I think there must be something
wrong with the tests. We aren't using them to speed up SSL so much as to
off load the CPU, since it was running at 100% utilization. We don't need
o the conf file. Seems that the process runs
unlimited (as in coresize ulimited).
Is there anything else I need to do to get it to deposit a nice little
(or not so little!) core file somewhere for me?
Michael Grant
__
Apac
is there a way to automate the process of entering the password
when the system boots up. every time i boot the box it sits there for me
to enter the password. sorry if this is a repost, i cant seem to find
this anywhere. thanks, M
__
x27;m running Apache/1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6 on freebsd 4.3.
Any help would be appreciated.
Michael Grant
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
I'm sticking to one-liners for this one ...
> So if reducing the likelihood of an attack is not a security measure, why
> bother having a burglar alarm in the first place?
Because they (often) stop the burglar from taking anything _after_ they've
broken in or allow the police to catch them in th
t; We have no trace in apache logs.
>
> It is clearly linked to our use of SSL.
>
> Can anyone help us finding how to set up some trace to be able to understand
> what is wrong.
Michael Ott
-
- Siemens AG - I&S IT PS 51 ERL -
- Werner-
I need to require client certificates for all but 2 locations. I've tried
the following in my httpd.conf:
SSLVerifyClient require
SSLVerifyDepth 10
SSLVerifyClient none
SSLVerifyDepth 10
SSLVerifyClient none
SSLVerifyDepth 10
This works, but Netscape prompts me for my certificate on
I need to trust client certifcates issued by Netscape Certifcate Management
Server 4.2. It has 2 options for use by a server:
1. Display the CA certificate chain in PKCS#7 for importing into a server
2. Display certificates in the CA certificate chain for importing
individually into a server
I'm using Apache 1.3.14 with modssl 2.7.1, and I'm having problems with URL
based look ahead in a rewrite condition.
We have a custom HTTP header set in our authentication process. If it is
empty, I need to redirect the user to a specific page. To do this, I use a
rewrite condition like the fol
fyDepth 10
SSLOptions +FakeBasicAuth
SSLLog /var/log/httpd/443_de/ssl.log
SSLLogLevel error
>
Michael Ott
-
- Siemens AG - I&S IT PS 51 ERL -
- Werner-von-Siem
er accepting the (test) certificate I
> requested from VeriSign. Netscape seems to work fine (of course...).
>
Michael Ott
-
- Siemens AG - I&S IT PS 51 ERL -
- Werner-von-Siemens-Strasse 60 -
- 91050 Erlangen-
- Tel. +49 91 31 7 4
Hello PHP-folks, Apache-folks and mod_ssl-folks,
I'v a little mysterious phaenomen and I hope, anyone can help me:)
First of all, my configuration:
apache_1.3.19
mod_ssl-2.8.1-1.3.19
auth_ldap-1.5.3
and php-4.0.4pl1
... very nice at all.
On my server I've a test-dir
Lv2, for making requests
> to the outside world.
>
> Any ideas?
>
> Also, how can I trace these SSL requests? I set
> SSLLogLevel to debug but it wouldn't show anything.
Michael Ott
-
- Siemens AG - I&S IT PS 51 ERL -
- Werner-von-Siem
ate. But when i accept i get the error "THE PAGE CANNOT BE
> DISPLAYED".
>
look at this sides:
http://support.microsoft.com/support/kb/articles/Q246/7/25.ASP
http://www.microsoft.com/windows/ie/download/ie501sp1.htm
http://support.microsoft.co
ied:
> SSLProtocol all -SSLV3
> or
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> and used SSL sessionCache
>
> But nothing helped me.
>
> > > Any help is much appreciated.
Michael Ott
-
- Siemens AG
up asking
> me to
> > accept the certificate. But when i accept i get the error "THE PAGE CANNOT
> BE
> > DISPLAYED".
Michael Ott
-
- Siemens AG - I&S IT PS 51 ERL -
- Werner-v
Hello. I am running Apache and am hosting three virtual domains. I'd
like to have secure pages for all of them. Am I able to use separate
certificates for secure pages on each of the servers? Are there any
tricks to implementing this?
Thanks in advance.
Apache/1.3.19 (Unix) mod_ssl/2.8.1 OpenSSL
Check out ssl.ca-0.1 on www.openssl.org -> Contributions -> ssl.ca-0.1.tar.gz.
This set of scripts uses ca and openssl to create a self-signed CA, create and
sign the server certs, plus create and sign user certs. It's a neat package! I've
used it on my personal web server with great success.
Ben
You may want to download and try ssl.ca-0.1. I found it in the "Miscellameous
Contributions" area of the OpenSSL web site (www.openssl.org). I've used this set
of scripts successfully to create a root CA, sign the server's certificate, and
create and sign user certs. I've even had great success ex
Thanks for doing this guys. Could I be a little pedantic and suggest that
the manual should probably be a "noarch.rpm" rather than a "i386.rpm"?
AFAIK
the manual is processor independent.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road,
What you are describing is almost exactly a system that we have here, and
have had for some time. However, I think turning SSL off won't help you,
and
probably is the root of your problem. Basically what the ProxyPass and
ProxyPassReverse does is set up is a secure connection through your
firewall
Greetings,
I was using mod_ssl on a quiet server with no problems with the
directive:
SSLMutex sem
I started the same configuration on a much busier server and immediately
ran into problems of very slow delivery, timeouts etc. The
ssl_engine_log showed:
...
[07/Mar/2001 15:17:36 22021] [warn]
I need to rebuild mod_ssl as DSO but with EXPERIMENTAL
code enabled. (I need the new code for mod_proxy)
Is this even possible or did the extended API change?
--
Torsten
__
Apache Interface to OpenSSL (mod_ssl) w
1 - 100 of 208 matches
Mail list logo