Hi,
Same setup as works with both subCAs. Use the SSLRequire directive. Restrict on
the client certs issuer field (SSL_CLIENT_I_DN...).
Regards
Matt
- Original Message
From: leanmeandonothingmachine leanmeandonothingmach...@gmail.com
To: modssl-users@modssl.org
Sent: Thursday
also want to use/need the SSLOptions +OptRenegotiate if you
have portions of the site that do and don't require client certs. It can help
greatly with IE. Sometimes IE goes a little funny and renegotiates sessions all
the time going from non-client cert to client cert areas.
Regards
Matt
+StdEnvVars and +ExportCertData.
Regards
Matt
- Original Message
From: Gunnar Vestergaard [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Sunday, September 21, 2008 12:10:16 AM
Subject: Authenticating users based on S/MIME certificate
Hi. I am an administrator of a user account
Sounds like your trying to use the thawte apache cert to sign your client
certs? The thawte cert won't have the right attributes to sign a client cert
and then try to use it.
You could use your CA for client certs and Thawte for the server cert.
Regards
Matt
- Original Message
From
You could possibly use stunnel to set up a persistent
ssl connection. Connecting up to a local port with
just http (only listen on localhost). I believe the
sessions are reused with stunnel. It's extra config
but quick to setup.
Regards
Matt
--- Jeff Ambrosino [EMAIL PROTECTED] wrote:
Hi Georg
Hi,
You have a intermediate and RootCA, try setting
SSLVerifyDepth equal to 2.
Regards
Matt
--- Sven Löschner [EMAIL PROTECTED] wrote:
I got a big problem with SSLVerifyClient. I had a
similar problem before,
but now the error(s?) is really more strange (in my
point of view). I used
Try using openssl s_client to connect(? arg for
options). It'll give alot of debug info.
--- Sven Löschner [EMAIL PROTECTED] wrote:
SSLVerifyDepth equal to 2.
Thx, i tried Depth from 1 to 10but no effect. I
think my certificates
are wrongEspecially the concated one. Is there
Hello Vlad,
You are trying to use NameVirtualHost for ssl which
will not work. Basically which cert does it use? The
ssl connection needs to be setup before the site name
(hence virtual host and cert) can be established by
apache.
You'll need two IPs, or use different ports (yuck).
Regards
Matt
with apache (auth ones are an easy
start). Not sure about forums.
Regards
Matt
--- Pj [EMAIL PROTECTED] wrote:
Does anyone know how to save incoming certificates
to disk?
Or can anyone suggest a forum for apache module
writers?
Cheers
..
Pj.
--
No virus found in this outgoing
servers. While not
the best for memory and efficency, the flexibility is
good.
Regards
Matt
--- Sourabh Bhandari [EMAIL PROTECTED]
wrote:
Hi,
I've Apache running as reverse proxy on Linux with
SSL
(mod_ssl).
There are multiple sites behind the Apache.
There are cases when cipher-suite
possiblity that the changes would be funded.
I'm looking for someone who has experience with
apache/mod_ssl/openssl to give an idea on the
feasibility and a time estimate to do the work.
Suggestions on who could do this are also welcome.
Regards
Matt
.
Regards
Matt
--- Jason Kaskel [EMAIL PROTECTED] wrote:
This is technically both a mod_perl and mod_ssl
question. Maybe I
should harass their mailing list too.
I have a PerlAccessHandler that needs to access
certificate
information. According to what I've read the
environment isn't loaded
I've also seen this problem. Haven't had the time to
find a proper solution. However I lowered the server
timeout to around 15 seconds, not ideal but keeps the
site going.
Hopefully someone has a better solution.
Regards
Matt
--- [EMAIL PROTECTED] wrote:
Hello,
We have a problem
:
./configure --prefix=$(APACHE_PREFIX) \
--enable-module=rewrite
--enable-module=ssl \
--enable-module=most \
--enable-shared=max \
--enable-rule=SSL_EXPERIMENTAL \
Regards
Matt
--- Helke_Schröder [EMAIL PROTECTED] wrote:
Hi,
we have some problems to get
you do a backtrace in gdb (with lib info)?
Regards
Matt
Dear Matt, thanks for your reply
If I set SSLVerifyClient optional (or comment it)
apache work but client CA aren't send to my
server (I need client distinguished name)
If I set LogLevel debug and SSLVerifyClient
First of all does it work if you comment the
SSLVerifyClient require
directive out. Also do you get a core file and can
you do a backtrace in gdb (with lib info)?
Regards
Matt
__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish
--- Christopher McClan [EMAIL PROTECTED] wrote:
Hi,
I'm currently running an Apache web server with
Mod_SSL, and have the
following virtual host statement:
VirtualHost mywebserver:8080
IfModule mod_ssl.c
SSLEngine on
SSLCertificateFile /xx/xxx/xxx.crt
/ http://webserver.net:7900/
/VirtualHost
This definately works as have about 50 servers doing
this (may need to check the ProxyPassReverse line).
Regards
Matt
--- Mike Alberghini [EMAIL PROTECTED] wrote:
I'm in charge of a box here that's running multiple
apache servers.
I run the front end
Not much help to you but I'm also seeing this. One
client can hang up 100 apache children. User agent is
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;
SD; .NET CLR 1.1.4322). Lasts for around 2-4 minutes.
(server timeout at 30).
Matt
--- R McIntosh [EMAIL PROTECTED] wrote:
Hello OpenSSL
as the session times out. Which
version of netscape?
Regards
Matt
--- xavier jeannin [EMAIL PROTECTED]
wrote:
Hello
I have looked for information in Archive about my
problem. I don't find
answer to my problem, sorry in advance to ask a
question about a very
known problem.
I have developped
and intermediate
certs. These are also used at startup to make the
server cert chain (our client and server certs have
the same root, use SSLCertificateChainFile for the
server chain if not). Make sure you you have the
SSLVerifyDepth 2 line.
Regards
Matt
--- Chris Covell [EMAIL PROTECTED] wrote:
Hello
a linux debug
server running. Hopefully someone can replicate the
issue? Or suggest a fix.
Thanks
Matt
__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
But I did a self-signed cert for testing purposes. Shouldn't that work?
--
Matt
At 04:34 PM 7/31/2002 +1000, you wrote:
Mike,
The reasoning behind that message is that you haven't purchased a
certificate from a valid certificate store. The bought my companies at
verisign.com.
If you
not giving
up just yet. I'd like someone to take a look at my httpd.conf and tell me
if I'm got something wrong there, or just what the problem can be. I've
tried to follow the docs as close as I can, but obviously I've missed
something.
--
Matt
At 09:23 AM 7/31/2002 -0400, you wrote:
No, because
At 03:56 PM 7/31/2002 +0200, you wrote:
From: Matt Nelson [mailto:[EMAIL PROTECTED]]
Now, the error I'm getting now that I can't seem to find any
help on, in
the error_log is:
OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header
too long
Unusual.. Do you see
for suffering my dumb questions.
--
Matt
At 09:36 AM 7/31/2002 -0500, you wrote:
At 03:56 PM 7/31/2002 +0200, you wrote:
From: Matt Nelson [mailto:[EMAIL PROTECTED]]
Now, the error I'm getting now that I can't seem to find any
help on, in
the error_log is:
OpenSSL: error:0D06B078:asn1
At 06:02 PM 7/31/2002 +0200, you wrote:
See comments,
Ditto,
Rgds,
Owen Boyle
-Original Message-
From: Matt Nelson [mailto:[EMAIL PROTECTED]]
Sent: Mittwoch, 31. Juli 2002 17:01
To: [EMAIL PROTECTED]
Subject: RE: Error message help
Well I may have figured this out, https
in the
docs, I hate having to bother anyone.
Thanks
--
Matt
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager
it better for me. I was having the same problems. It still happens
rarely for me.
Matt
- Original Message -
From: Henning Sittler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 31, 2001 7:51 AM
Subject: RE: IE discards pages once a while
I have older versions of apache
of the key. (Using skip to jump over previous
bits, not specifying count for the last part so we get the rest of
the file, not just 300B).
(be sure, with no damages) will be appreciated!
$ cat key.file.1 key.file.2 key.file.3 key.file.new
$ md5sum key.file.new key.file
to check.
Matt
--
#!/usr
running a modssl
with Apache and I think I understand most of the important issues!
Matt
--
#!/usr/bin/perl
$A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_} A A A
=~m{(...)}g)?A: )=~/([ A])$/){if(!(++$l%80)){print\n;sleep 1
Hey All,
Just a quickie on UK certs. Can I just leave state blank, and use
London for locality, or should I use London for both?
Also GB is the correct ISO country code right?
Thanks,
Matt
--
#!/usr/bin/perl
$A='A';while(print+($A.=(grep{($A=~/(...).{78}$/)[0]eq$_} A A A
=~m{(...)}g
k - I haven't tested it).
See regex.7 in src/regex in the apache distribution for more docs on what
you can do.
--
Matt/
/||** Founder and CTO ** ** http://axkit.com/ **
//||** AxKit.com Ltd ** ** XML Application Serving **
// ||** http://axkit.org ** ** XS
not sure that this will be true in a real-world
situation. Does anyone have any experience with this? Am I overlooking any
important factors?
Thanks,
Matt
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
ody" \
"--suexec-logfile=cgi.log" \
Any ideas? Any help would be wonderful!
--
Matt Glaves
Systems Engineer
Pinnacle Online
www.pinn.net
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
httpd.conf so I'm assuming no modules
were created. I'm sorry if this is a silly question, but I've read the
FAQ and other excellent documentation on the website and don't see
anything that helps me with this particular problem.
--
Matt McParland [EMAIL PROTECTED
. How can I integrate all this
together?
(John 3:16)
Matt
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager
I am running a Shopping Cart package on my Cobalt RaQ2 Server (RedHat
5.1 with some 5.2 optimizations) and have SSL installed.
I am trying to get the Secure Web Server (RedHat SWS 3) to use the paths
that the shopping cart needs after the user moves from the Non-SSL area
to the httpsd.
The
38 matches
Mail list logo
