I found a solution, it looks like a dirty hack and making a security
hole, but it works for our custom purposes. So I don't recommend to use
this way. Somehow it may be interested for somebody.
It's needed to patch openssl.
In 'openssl/ssl/ssl_cert.c' file, in 'ssl_verify_cert_chain' function
re
Hi all!
I have an https server with apache/2.2.12+mod_ssl/2.2.14 and OpenSSL/0.9.8g.
I want to perform authentication based on client S/MIME certificates.
Clients have certificates with only the following purposes:
- S/MIME signing
- S/MIME encryption
But no SSL client or SSL server.
So I
=ORGANIZATION/OU=31/CN=myCN/emailAddress=myemail
The other one not :
[debug] ssl_engine_kernel.c(1571): Proxy client certificate callback:
(myproxy:443) no client certificate found!?
I wonder myself how clients certificates are choosen ?
Any thoughts ?
Thanks in advance
--
Nicolas Cros
Hello,
im using client certificates to authenticate myself with FakeBasicAuth to my
webserver. This works quite fine.
But there is one case where it doesnt work. When i open my website and then
wait a little time (1-2 minutes) and then do a POST to upload a file i get an
"[erro
Jorge Martín Cuervo a écrit :
> I tried with an SSLPassPhraseDialog in every VirtualHost and i get this
> message:
>
> [EMAIL PROTECTED] bin]$ ./apachectl -S
> Syntax error on line 82
> of /home/jmartin/apache22/conf/extra/httpd-ssl.conf:
> SSLPassPhraseDialog cannot occur within section
>
> "or u
I tried with an SSLPassPhraseDialog in every VirtualHost and i get this
message:
[EMAIL PROTECTED] bin]$ ./apachectl -S
Syntax error on line 82
of /home/jmartin/apache22/conf/extra/httpd-ssl.conf:
SSLPassPhraseDialog cannot occur within section
"or unciphered key ?" how can i do it? do i need to
Hi Cuesta Guilles, thanks for your quickly reply. No i am going to read
the documentation about SSLPassPhraseDialog.
This is my apachectl -S output:
[EMAIL PROTECTED] bin]$ ./apachectl -S
VirtualHost configuration:
213.134.38.66:443 cv.smra.org
(/home/jmartin/apache22/conf/extra/httpd-ssl.co
Jorge Martín Cuervo a écrit :
> Hi all,
>
> i have a problem with an apache 2.2.9, maybe this is not the correct
> mailing list but i am going to ask, my apologizes if this isn't the
> properly place.
>
> I had an instance of apache 2.2.9 with and IP serving contents with the
> port 80 and 443, we
Hi all,
i have a problem with an apache 2.2.9, maybe this is not the correct
mailing list but i am going to ask, my apologizes if this isn't the
properly place.
I had an instance of apache 2.2.9 with and IP serving contents with the
port 80 and 443, we bought a godaddy certificate and all went pr
ng from non-client cert to client cert areas.
Regards
Matt
- Original Message
From: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Thursday, September 25, 2008 9:37:00 AM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
be Firefox specific I'm hoping for some
advice here.
Internet Explorer handles the client certificates fine, prompts me to select
certificate on connection to the site and basically just works after that..
But when Firefox is set to "Ask me every time" instead of "auto sele
AIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Tuesday, September 23, 2008 1:39:16 PM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
Ok. This seems like a viable solution.
Ie.
I use an approved CA signed cert to verify the site auhtentisity, and i use a
self
Ok. This seems like a viable solution.
Ie.
I use an approved CA signed cert to verify the site auhtentisity, and i use a
selfsigned CA root for client certificates.
Can you point me in a direction of how i make this work in apache ?.
I already have a setup with a Selfsigned CA working for client
From: Jan Stian Gabrielli <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Monday, September 22, 2008 7:54:37 PM
Subject: Can i use CA signed cert to create client authentication certificates ?
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
Bu
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work with a cert created by thawte.com.
Does anyone know if it is possible to do this with a crt signed by a "third"
party where one does not have access to their root ca key ?.
Ie.
I
Hi!
I try to use mod_ssl to protect a part of my site from all users except a few
persons having client certificates signed by my _self-created_ CA key. I
created my ca.crt and signed some csr files with it, and have no problems
accessing the site with those.
I use the following httpd.conf
Hi,
just a question about the mod_ssl in Apache2.2:
I am currently porting an application that makes use of client
certificates from Apache1.3 to Apache2.2.
Apache1.3 used a whitelisting mechanism, i.e. a certificate was
accepted only if was listed in /etc/ssl/certs.
In contrast, Apache2.2
-Original Message-
>From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] >On Behalf Of [EMAIL PROTECTED]
>Sent: Wednesday, July 25, 2007 9:42 AM
>To: modssl-users@modssl.org
>Subject: How to accept only certain client certificates
>Dear all,
>I have a working SS
a few clients only.
One way to achieve this to create my own CA and Issue client certificates,
which I'm doing now.
But my clients have their own certificates issued by eg. Verisign.
Is there a way to allow theese certs while denying the other from the same CA?
Can I just somehow directly enu
Hello,
we are running Apache 2.0.53 with openssl 0.9.7e on linux. There's a
weird problem using client certificates. When accessing
"/srv/www/ssldocs/secure" via https://www.domain.com/secure there's
absolutely no client certificate checked. Access is possible without
val
Hi: I am working on securing a webservice front-ended by the Apache webserver. It is possible that in this application the requirements will be : (1) Clients be authenticated using a password they enter using a form that is secured using https. For this I am planning to download mod_ssl and g
On 1/30/06, Cliff Woolley <[EMAIL PROTECTED]> wrote:
On 1/30/06, Konstantin N. Bezruchenko <[EMAIL PROTECTED]> wrote:> Because we already have password-protected certificates, and as i know> we cant remove password protection from existing certificate.
That's not correct.
seDialog & several certificates
>
> Greetings,
>
> BJ Swope wrote:
>
> >> So how can i use SSLPassPhraseDialog for 2 certificates what
> require
> >> passwords?
> >
> > Why not save the certificates without passphrases?
>
> Beca
On 1/30/06, Konstantin N. Bezruchenko <[EMAIL PROTECTED]> wrote:
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.
That's not correct. Your certificate is not password protected...
your pri
To remove the passphrase (on the key, not the certificate):
cp a.key temp
openssl rsa -in temp -out a.key
On Mon, 30 Jan 2006, Konstantin N. Bezruchenko wrote:
> Greetings,
>
> BJ Swope wrote:
>
> >> So how can i use SSLPassPhraseDialog for 2 certificates what requi
Greetings,
BJ Swope wrote:
So how can i use SSLPassPhraseDialog for 2 certificates what require
passwords?
Why not save the certificates without passphrases?
Because we already have password-protected certificates, and as i know
we cant remove password protection from existing
et two SSLPassPhraseDialog with two different exec scripts, butapache could not start. When i enter password manually - everything is ok.So how can i use SSLPassPhraseDialog for 2 certificates what require
passwords?
Why not save the certificates without passphrases?
-- "But we also know the
d
, but
apache could not start. When i enter password manually - everything is ok.
So how can i use SSLPassPhraseDialog for 2 certificates what require
passwords?
I use latest apache 1.3 with latest mod_ssl
Thanks.
--
Konstantin N. Bezruchenko | BK5536-RIPE
On 10/14/05, Dr. Harry Knitter <[EMAIL PROTECTED]> wrote:
> Thanks, however, I´d prefer something like the Unique Subject Identifyer or
> perhaps the Fingerprints. DNs can be faked easy.
Not if you require your own CA as the issuing authority using
SSLCACertificateFile and SSLRequire, they can't.
: How to allow only certain Certificates
> To: modssl-users@modssl.org
>
> On 10/12/05, Dr. Harry Knitter <[EMAIL PROTECTED]> wrote:
> > how can I restrict access to my Apache to owners of certain individual
> > certificates?
>
> Sounds like a good case for FakeBasicAuth
Helps if I send this from the address that is actually subscribed to the list...
resending
-- Forwarded message --
From: Cliff Woolley
Date: Oct 12, 2005 7:41 AM
Subject: Re: How to allow only certain Certificates
To: modssl-users@modssl.org
On 10/12/05, Dr. Harry Knitter
Hello,
how can I restrict access to my Apache to owners of certain individual
certificates?
I have tried the following (it doesn´t work, however):
SSLREQUIRE %{SSL_CLIENT_S_DN_UID} in {"","",...}
where is the X509 extension Subject Key Identifyer of
the client´s certific
I'm running CentOS 4.1 with Apache 2.0.52 and trying to setup client
SSL authentication using an internal CA. I've read the docs and
checked the list archives for someone having the same problem or any
hints, but have come up empty so far. Anyways...
Running:
openssl verify -CAfile ssl.cr
of the
modules that ship with apache (auth ones are an easy
start). Not sure about forums.
Regards
Matt
--- Pj <[EMAIL PROTECTED]> wrote:
> Does anyone know how to save incoming certificates
> to disk?
> Or can anyone suggest a forum for apache module
> writers?
>
> Chee
Does anyone know how to save incoming certificates to disk?
Or can anyone suggest a forum for apache module writers?
Cheers
..
Pj.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/41 - Release Date: 5/07/2005
Hi all,
I am writing a module for apache
that needs to dump client certificate information from mod_ssl which ultimately
uses OpenSSL...
Does anyone have any idea how to
apply this hook?
Thanks..
Pj.
--
No virus found in this outgoing message.
Checked by AVG An
We are using self signed certificates on our Apache server.
Previously we were able to use the
SSLCACertificateFile /conf/apache/trustroots.ber
or
SSLCertificateChainFile /conf/apache/chain.ber
directives to push the chain of certifiers to IE without IE
complaining. It would read the chain
T. Ashley
Sent: Tuesday, January 11, 2005 10:02 PM
To: modssl-users@modssl.org
Subject: FW: Client Certificates (Help!)
-Original Message-
From: David T. Ashley [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 11, 2005 9:57 PM
To: john mcnicholas
Subject: RE: Client Certificates (H
-Original Message-
From: David T. Ashley [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 11, 2005 9:57 PM
To: john mcnicholas
Subject: RE: Client Certificates (Help!)
Hi John,
The following script shows how I generated my keys and certificates.
Notice the exports to .p12. The .p12
gt; From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of P Larkin Waters
> Sent: Tuesday, January 04, 2005 6:11 AM
> To: modssl-users@modssl.org
> Subject: Re: Client Certificates (Help!)
>
>
> did you use a real certificate?
> if you used a test certificate did you
did you use a real certificate?
if you used a test certificate did you install the test certificate
authority?
I'm sure you know that test certificates don't work with the CA's that
come preinstalled in most browsers.
Theory is when you know something, but it doesn't wo
On Wednesday 22 December 2004 02:29, David T. Ashley wrote:
> Hi,
>
> Does anyone have any good URLs or instructions about how to create client
> certificates for browsers so that only browsers with the certificate can
> connect to the server (or view certain directories on the serv
Hi,
Does anyone have any good URLs or instructions about how to create client
certificates for browsers so that only browsers with the certificate can
connect to the server (or view certain directories on the server)?
I tried one procedure I found on the web, and it ended up with Apache
Hi,
I thought that you must to put into your SSLCACertificateFile the RootCA and
Issuing SubCA-2 certificates (both in PEM) and modify your SSLVerifyDepth to
1.
It works in my servers.
bye
Juan Angel Martin Gomez
AC Camerfirma
Tel. +34 920252750 Fax +34 920252732
http://www.camerfirma.com
clientauthentication with certificates only for user with certs
from the Issuing SubCA-2.
So I made the follwing configuration:
SSLVerifyClient require
SSLCACertificateFileCACHAIN.PEM
SSLVerifyDepth 2
CACHAIN.PEM includes the cert from RootCA and from the Issuing SubCA-2.
Now comes the problem
with certificates only for user with certs
from the Issuing SubCA-2.
So I made the follwing configuration:
SSLVerifyClient require
SSLCACertificateFileCACHAIN.PEM
SSLVerifyDepth 2
CACHAIN.PEM includes the cert from RootCA and from the Issuing SubCA-2.
Now comes the problem. Not only users
PROTECTED]
Subject: Re[2]: OT: cheap CA certificates
Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.
If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use onl
hi,
problem solved. it was a stupid mistake on our side.
>
> I have problems with a Verisign Global-ID certificate installed on a very
> old system. The Intermediate CA was installed according to the
> documentation on
> Verisign's website.
> The server's certificate is recognized only by Intern
t use self-signed certificates. They're no less secure, they just
pop up a warning. Advise your users to add them to their root store
the first time they connect to your site and even that won't happen
anymore. We do this for all our internal secured sites.
-- Jamie
Monday, November 17, 2
http://www.sslreview.com/content/index.html
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager
Hello Eric,
Eric Wood wrote:
Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
authorize against? Thawte and Verisign have outpriced themselves.
That depends on your definition of the terms cheap and reliable.
But we offer client and server certs
(low level client certs
http://www.geotrust.com/equifax/
On Mon, Nov 17, 2003 at 02:33:53PM -0500, Eric Wood wrote:
> From: "Eric Wood" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: OT: cheap CA certificates
> Date: Mon, 17 Nov 2003 14:33:53 -0500
> Reply-To: [EMAIL
Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
authorize against? Thawte and Verisign have outpriced themselves.
-Eric Wood
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
U
Lv3,
TLSv1)
[trace] Init: (xxx:443) Configuring RSA server certificate
[info] Init: (xxx:443) RSA server certificate enables Server Gated
Cryptography (SGC)
[trace] Init: (xxx:443) Configuring RSA server private key
[trace] Init: (xxx:443) Configuring server certificate
Hi,
You may extract the key and cert with the following command:
openssl pkcs12 -in cert.der -nodes -out certAndKey.pem
Then, you can extract cert.pem and key.pem from the output file.
ca.pem is probably used for authentication and not for SSL server setup.
Rgds.
Martin
>
> Hi,
>
> This is
Hi,
This is proabably a real basic SSL question but I hope someone can put me
out of my misery.
I have Apache/Weblogic up and running using the demo keys and certs
provided by Weblogic
I have 3 files : ca.pem, democert.pem and demokey.pem. They are referenced
in 3 places in my httpd.conf
I've just received an email from GlobalSign that makes it appear that
Wildcard certificates are still financially viable. If anyone wants details
can they contact me off the list.
Thank you.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Inst
Whenever I try t view my SSL site from Netscape, I get either an error that
the certificate is corrupted, or "The certificate is not approved for the
attempted application".
This certificate works fine when the page is viewed from MSIE.
The cert is signed with a self-signed-CA by the way.
Any way
>-Original Message-
>From: kulkarni veena [mailto:[EMAIL PROTECTED]
>
>I have one machine which has apache+mod_ssl with a
>self signed server certificate. is it possible to have
>another self signed certificate using the same
>Apache+mod_ssl instance but say a different port?
Yes. You simp
, March 06, 2003 12:07 AM
Subject: two server certificates..
> Hi,
>
> is it possible to have one instance of Apache+mod_ssl
> and have two server cerificates using two different
> ports for SSL connection.
>
> Thanks in advance.
>
> -veena
>
>
Hi,
is it possible to have one instance of Apache+mod_ssl
and have two server cerificates using two different
ports for SSL connection.
Thanks in advance.
-veena
__
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yah
Hi,
I have one machine which has apache+mod_ssl with a
self signed server certificate. is it possible to have
another self signed certificate using the same
Apache+mod_ssl instance but say a different port?
thanks in advance.
-veena
__
Do you Ya
On Tue, Jan 14, 2003 at 11:06:56PM +1300, James Collier wrote:
> [EMAIL PROTECTED] wrote:
> >Are there any docs for setting this up?
It isn't any different than setting up with seperate certs, just use the
same cert in each vhost.
> Not as such - I cooked the site up as a one-off, with the feelin
ssage -
From: "James Collier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 13, 2003 12:29 PM
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts with 2 Certificates)
Many thanks Owen - I'll sleep more easily now ;)
Boyle
Are there any docs for setting this up?
thanks
Robert
- Original Message -
From: "James Collier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 13, 2003 12:29 PM
Subject: Re: Confession: I use NBVHs with SSL (was Re: 2 VirtualHost
Many thanks Owen - I'll sleep more easily now ;)
Boyle Owen wrote:
-Original Message-
From: James Collier [mailto:[EMAIL PROTECTED]]
At the moment, the handshake take place using the first matching vhost
on the basis of IP+Port, but evidently Apache then scans the decrypted
host header
Mads Toftum <[EMAIL PROTECTED]> writes:
> On Mon, Jan 13, 2003 at 07:32:24AM -0800, Eric Rescorla wrote:
> > There is already a document describing how to do this with SSL/TLS
> > in the IETF standards pipeline.
> >
> Unfortunately this is not implemented very many places - so far the only
> plac
On Mon, Jan 13, 2003 at 07:32:24AM -0800, Eric Rescorla wrote:
> There is already a document describing how to do this with SSL/TLS
> in the IETF standards pipeline.
>
Unfortunately this is not implemented very many places - so far the only
place I've heard of is Apache 2.1 which has some prelimin
"Boyle Owen" <[EMAIL PROTECTED]> writes:
> - IPv6 will take off, creating so many IP addresses that NBVH will be
> unnecessary and we will revert to one site, one IP.
There is already a document describing how to do this with SSL/TLS
in the IETF standards pipeline.
-Ekr
--
[Eric Rescorla
>-Original Message-
>From: James Collier [mailto:[EMAIL PROTECTED]]
>
>At the moment, the handshake take place using the first matching vhost
>on the basis of IP+Port, but evidently Apache then scans the decrypted
>host header and assigns the correct NBVH.
Exactly. The SSL transaction i
Sorry - I didn't express that very well, but thanks for the reply.
At the moment, the handshake take place using the first matching vhost
on the basis of IP+Port, but evidently Apache then scans the decrypted
host header and assigns the correct NBVH. This is using 1.3.x; I haven't
tested 2.x ye
>-Original Message-
>From: James Collier [mailto:[EMAIL PROTECTED]]
>
>I realise I am on thin ice as it would be a "reasonable"
>optimisation to assign the final virtual host at an earlier
>stage than is currently the case with SSL.
I wouldn't worry too much. Currently, in an SSL transac
>Sent: Montag, 13. Januar 2003 04:23
>To: [EMAIL PROTECTED]
>Subject: RE: Confession: I use NBVHs with SSL (was Re: 2 VirtualHosts
>with 2 Certificates)
>
>
>>These NBVHs are all derived off the same 3rd-level domain,
>and thus we
>>can use the same wildcard
On Sun, Jan 12, 2003 at 09:23:27PM -0600, Barry Smoke wrote:
> o.k...you have my attention now...
> wildcard certificate?
> Can wildcard certificates be purchased, or is this only if you are self
> signing?
>
According to Thawte's website they still issue wildcard certs.
&g
>These NBVHs are all derived off the same 3rd-level domain, and thus we
>can use the same wildcard certificate for each NBVH (users whose
>browsers don't recognise wildcard certificates need only placate the
>browser once in most cases).
o.k...you have my attention now...
wil
to have it broken gratuitously.
I run a site whose members collaborate using a number of Web-based
tools. All members are issued with client certificates signed by our
private CA, and I have a single instance of Apache+mod-ssl with a single
IP address acting as an SSL-only reverse-proxy for t
>-Original Message-
>From: Irving Carrion [mailto:[EMAIL PROTECTED]]
>Sent: Donnerstag, 9. Januar 2003 15:42
>To: [EMAIL PROTECTED]
>Subject: RE: 2 VirtualHosts with 2 Certificates
>
>
>Everyone knows this question will not stop coming... is it possible to
>ret
4:30 PM
To: [EMAIL PROTECTED]
Subject: Re: 2 VirtualHosts with 2 Certificates
Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED QUESTIONS!!!
Can't do that. Learn a little more about SSL. It's IP based, not name
based. So, you can only have
one certificate and one firtu
Should have read the MOST FREQUENTLY ASKED FREQUENTLY ASKED QUESTIONS!!!
Can't do that. Learn a little more about SSL. It's IP based, not name
based. So, you can only have
one certificate and one firtual host on 92.35.28.17:443. Sorry...but
that's the way it goes.
Same question answer numbe
Per all the documentation and countless examples in the archives of
this mail list, you must either use two different IPs or use different
ports. You *cannot* used Named Virtual Hosts for SSL. Period.
-dsp
On Wednesday, Jan 8, 2003, at 13:58 US/Eastern, toxshark wrote:
ihave the apache confi
On Wed, Jan 08, 2003 at 07:58:10PM +0100, toxshark wrote:
> i have the apache configured with 2 VirtualHosts on port 443.
> both VirtualServers have separately CertificateFiles and
> CertificateKeyFiles.
> but now if i connect to the VirtualHost2, the Host have the Certificate
> from the VirtualSer
i have the apache configured with 2 VirtualHosts
on port 443.
both VirtualServers
have separately CertificateFiles and CertificateKeyFiles.
but now if i
connect to the VirtualHost2, the Host have the Certificate from the
VirtualServer1!
both Hosts have now the same Certificate.
my ht
Claudio,
I tried that but no change.
Keith
"CAMPETTO CLAUDIO" <[EMAIL PROTECTED]> writes:
> Try putting this line in the server config:
>
> SSLProxyProtocol SSLv3
>
> Hope this helps.
>
> Claudio Campetto.
__
Apache Inter
Try putting this line in the server config:
SSLProxyProtocol SSLv3
Hope this helps.
Claudio Campetto.
-Messaggio originale-
Da: Keith Sparacin [mailto:ksparacin@;ti.com]
Inviato: mercoledì 23 ottobre 2002 3.15
A: [EMAIL PROTECTED]
Oggetto: SSL reverse proxy using certificates to IIS
Has anyone gotten an Apache 2.0.43 SSL reverse proxy working to an IIS
backend server requiring certificate verification on the IIS server
side? I can reverse proxy Apache to an SSL Unix server and an SSL IIS
server (neither requiring certificates). I can also reverse proxy
Apache to an SSL Unix
Title: Intermediate Certificates
Hi,
Can you put more than one intermediate signer certificate for chaining in Apache?
Meaning having two lines in the apache config file.
SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
SSLCertificateChainFile /usr/local/apache/conf/ssl.crt
Hi all
Is anyone aware of Apache version 1.3.20 having problems with client
authentication??
I've created my own CA created using openssl (vs 0.9.6a). I then
created and signed my server certificate with the CA using openssl.
(apache is on a RH Linux 6.2 machine)
I then created a client public
Can anyone explain to me why the following doesn't work:
satisfy any
#
# 500 error and nothing in the error log unless AuthType
# is also set -- even through we're not using that sort of
# authentication.
#
AuthType basic
order deny,allow
deny from all
# allow from a bunch of addresses
SSLRequ
Hey all,
I know this is mod-ssl-users and not openssl-users, but I thought I'd
ask here anyway. I have a user cert I am trying to sign with my private
CA, and I am getting a problem with:
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
Hello All,
Apologies if this has been asked before, I'm new to this list.
I´m trying to create a Client Certificate to a MSExplorer Browser. I want to
generate certificates to a couple of clients and only this clients will be
allowed to access a specific URL from my site.
I´ve tryed to gen
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Saunders Jack
> Sent: 27 June 2002 19:55
> To: '[EMAIL PROTECTED]'
> Subject: CLient/Server Certificates
>
>
> I am running Apache 1.3.26 with mod_ssl/op
without a certificate imported in the
browser I get a page cannot be found error. How can both types of certificates exist
in apache without stopping https communication for everyone. Some resources will use
server to browser 128 bit encryption and others may require client certs.
Thanks
Are you using IP Based virtual hosting? I don't think you can have
multiple certificates on a since IP on the same port.
On Fri, 2002-06-21 at 10:34, Kirchner Stefan wrote:
> Hello,
>
> I defined two virtual hosts in apache + mod_ssl with two different server
> certifica
chner Stefan [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 21, 2002 10:34 AM
To: '[EMAIL PROTECTED]'
Subject: Two certificates in apache and mod_ssl
Hello,
I defined two virtual hosts in apache + mod_ssl with two different server
certificates.
I tried to access the https connection and
Hello,
I defined two virtual hosts in apache + mod_ssl with two different server
certificates.
I tried to access the https connection and I got for both virtual hosts the
certificate of the first virtual host.
How do I have to configure it to get the right certificate of each virtual
host.
Or
Thank you for your input!
>>> [EMAIL PROTECTED] 06/20/02 06:22PM >>>
On Thu, Jun 20, 2002 at 10:04:40AM -0500, Mary Peterson wrote:
> I have two issues that I wondered if anyone could assist me with:
>
> When I test a revoked client certificate against the CRL I get a
> Security Alert Message th
On Thu, Jun 20, 2002 at 10:04:40AM -0500, Mary Peterson wrote:
> I have two issues that I wondered if anyone could assist me with:
>
> When I test a revoked client certificate against the CRL I get a
> Security Alert Message that says 'The security certificate for this site
> has been revoked. T
> Then I create client certificates with openssl, all is OK,
You don't provide the actual commands you use to generate
the client certs, or how you know that all is OK...
> but when I want to import them in Netscape (4.74) I have an
> error like : "Unable to import cer
When re-making certificates does the old one need to get deleted first?
How?
Does make install need to be re-run afterwards? If so, is there an
uninstall of some kind that has to happen first?
Finallly, does the CN value that the make certificate utility prompts for
have to be set to the FQDN
Hi,
I have installed apache with mod_ssl and it works well.
Then I create client certificates with openssl, all is OK, but when I
want to import them in Netscape (4.74) I have an error like :
"Unable to import certificates. the file specified is either corrupt or
is not a valid file."
1 - 100 of 448 matches
Mail list logo