I'm not quite sure if this is OT but...
This works quite well:
ProxyPass / http://machine.dff.local:8100/
ProxyPassReverse / http://machine.dff.local:8100/
Order deny,allow
Allow from all
This is how way we have our apache webserver in
the perimeter net and just allo
I need to rebuild mod_ssl as DSO but with EXPERIMENTAL
code enabled. (I need the new code for mod_proxy)
Is this even possible or did the extended API change?
--
Torsten
__
Apache Interface to OpenSSL (mod_ssl) w
> What you are describing is almost exactly a system that we have here, and
> have had for some time.
So good to here it works :)
> However, I think turning SSL off won't help you, and
> probably is the root of your problem. Basically what the ProxyPass and
> ProxyPassReverse does is set up is a
> > So... what are you trying to say?
> > This slightly improved security is not worth the setup hassle?
> >
> > So why do YOU run it this way? ;)
>
> First of all, it isn't necessary to use the SSL_EXPERIMENTAL code to get
> this to work.
I was told so... so you say mod_ssl-2.8.0-1.3.17 shoul
Hm.. I configured modssl to require a client cert
to access a site
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ )
SSLVerifyClient require
SSLVerifyDepth 5
Then I tried to create a client cert...
openssl req -new -nodes -keyout clientcert.key -out clientcert.csr
Then our CA signe
Ah! With the ca-bundle.crt now at least my thawte cert works...
But since I want only OUR CA to be trusted I need just the
ca-dff.crt instead of the ca-bundle.crt.
But looking at the file I see very big differences
in the file format.
For each CA there is much more information besides the
PEM d
Thanks! Works now...
The client cert was in the wrong format... seems it needs to be .p12
not .crt!
Thanks alot! :)
--
Torsten
> As I told you, the things between -BEGIN CERTIFICATE- up to a
> -END CERTIFICATE-
> (including those tags) are the PEM encoded certificates. Everithin
Hm.. I configured modssl to require a client cert
to access a site
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ )
SSLVerifyClient require
SSLVerifyDepth 5
Then I tried to create a client cert...
openssl req -new -nodes -keyout clientcert.key -out clientcert.csr
Then our CA signe
Usual client certs are working fine for us.
But now we are wondering if there is a way to tie
a client cert to a specific machine.
I know mail certs from thawte are meant to
work only from the machine that created the
CSR.
We'd like to use a similiar mechanism to keep
track of the machines that
