John Zornig wrote:
I came across a mistake in one of the HOWTO documents
http://www.openssl.org/docs/HOWTO/proxy_certificates.txt
- in all other cases, proxy certificate validation can be enabled
before starting the application by setting the envirnoment variable
OPENSSL_ALLOW_PROXY
Urjit Gokhale wrote:
So now I am a little confused about using openssl command line utility
as CA to give out certificates.
What could be the reasons for using anything other than openssl as CA?
Are there security issues?
Are people using openssl as their private CA? are any particular
Mandar sarlashkar wrote:
I am trying to setup Apache 2.0.58 on Mandriva Linux 2006... Linux
platform is new for me...
Do you have a compelling need to compile your own apache? I encourage
it, but only if it makes sense for you. Most people are better off using
the distribution's package
michael Dorrian wrote:
So if what you are saying is true then i could call myself the same name
as a trusted CA authority when making my root CA and the browser will
think i am a trusted CA. Is that correct?. It seems too simple to be
true.
1. If you forge a root CA certificate...
2.
[EMAIL PROTECTED] wrote:
On 3/13/06 8:43 AM, openssl-users@openssl.org wrote to All:
On Mon, 2006-03-13 at 08:35 -0500, [EMAIL PROTECTED] wrote:
So for one group, they will give them a HTTPS URL for domainX, and for
another group, they will give them another HTTP URL for DomainY, but
they
ssl_virgin (sent by Nabble.com) wrote:
I need to use OpenSSL to generate a Private Key and Public Certificate,
so that I can dynamically create encrypted PayPal buttons [ref: Chap 7
of “PayPal Website Payments Standard Checkout Integration Guide”.]. I
should be able to create these on my PC
Jairds wrote:
I am having a weird problem in my site related to SSL.
I can connect from inside the network to the secure pages , so the
certificate is fine. From outside the connections are refused. I have a
monitoring company checking the site and from them I got the following
error message
Jairds wrote:
The problem is : I already talked to my provider and they claim not to
block any port. I checked my router and the port is open. If I netstat I
get
tcp0 0 *:https *:*
LISTEN
And, the worst of all. Sometimes it works.
I have no clue at
Brent Clark wrote:
Out of interest, is there anyone on this list using a self sighned cert
with a mailserver on the internet, using TLS.
The reason I ask this, is because I dont want to have to pay verislim
and co, for something I know I can do myself.
If anyone is using / doing this, have
Gerard Earley wrote:
Can you recommend any cheap certificate issuers in the price range you
mention and whether any will issue a cert for an IP address (if that's
possible).
I have been happy with RapidSSL, because they are single root, easy to
install, and the purchase process is convenient
Andreas Haumer wrote:
I just tried to upgrade from openssl-0.9.7g to 0.9.7h
and noticed that my openssh-4.2p1 server and clients now
crash with segfault with the new openssl shared library!
I tested this on two installations and both had this problem.
Re-compiling the openssh sources against
This is probably the wrong forum for mod_ssl/apache configuration. In
the future, you'll get better responses if you direct your questions at
an apache list or newsgroup.
gianni dalmasso wrote:
- about virtual hosting : maybe i didn't understtod weel; what i know is
the , for the intrinsec
[EMAIL PROTECTED] wrote:
Trying to set up ssl for an intranet. There is no FQDN, just an IP address.
Is this possible?
Yes. The only important thing is that the hostname used by clients to
find your machine must match the Common Name in the certificate. So, if
your other machines use
[EMAIL PROTECTED] wrote:
also looking into (22)Invalid argument: setgid: unable to set group id to
Group 4294967295
This is your real problem. Check your Group setting in your apache
configuration. You probably just need to get your permissions and
ownerships correct.
Thanks very much
[EMAIL PROTECTED] wrote:
These lines are from ssl.conf
DocumentRoot /opt/apache/CA
This configuration is simply insane. Sorry, but you really need to
disable SSL and get up to speed on basic apache administration. Don't
change settings without understanding what they do. Any server
[EMAIL PROTECTED] wrote:
Is it possible to clarify some of the confusion with the configuration?
From what you wrote I don't really see what the issue is -
Any clarification would be appreciated.
The certificates were placed in a directory called CA.
How is this a problem?
Thank you.
What
[EMAIL PROTECTED] wrote:
Thanks for the response. Also this is a development server.
the how-to document placed the .crt and .key files
in the following directories.
cp mars-server.crt /etc/httpd/conf/ssl.crt
cp mars-server.key /etc/httpd/conf/ssl.key
cp my-ca.crt /etc/httpd/conf/ssl.crt
[EMAIL PROTECTED] wrote:
Thanks for the response.
The .key and .crt file have been moved to the defaut directories in the
ssl.conf files.
which are /usr/local/apache2/conf/ssl.crt and
/usr/local/apache2/conf/ssl.key
That's better.
$ openssl s_client -connect localhost:443 -state -debug
Martijn Moret wrote:
I created a certificate request with a private key with no password.
openssl req -new -nodes -keyout private.key -out public.csr
No, my application requires a private key password to import the key. is
there any way to add a password on the private key??
The certificate
Chris W. Parker wrote:
I'm trying to move my current working certificate from an IIS 5.0 server
to Apache 2 on my RH 9 machine. I have exported the file successfully
from the Windows machine as well as converted it to the PEM format with:
openssl pkcs12 -in www-swatgear.pfx -out
pana wrote:
I don't know how I can set the issuer value which will appear in the
certificate after I signed it.
Someone can help me?
If you have set up your CA properly, the issuer will be set when you
sign the certificate.
francesco wrote:
I found some problems to verify the certificate I created with my own CA.
I don't know which certificates have to be included in the -CApath option.
I created a self signed cert and a server cert, then I created a
client cert (using ever the same key) and I tried to verify it
Martin Matusiak wrote:
I was wondering how to print info about a certificate request.. if I create a
self signed certificate by passing the -x509 flag, I can use
$ openssl x509 -in pubkey.pem -noout -text
to print information about it. How can I do the same for a certificate
request? The
Bernhard Froehlich wrote:
The idea behind a CRL is to have the possibility to publicly revoke a
certificate before it expires (so setting default_crl_days equal to
default days is not very sensible, you should just work without a CRL in
such a case).
Is this as simple as commenting out
Jorey Bump wrote:
There is one caveat: the number of characters must be even:
unable to load number from /etc/ssl/CA/serial
error while loading serial number
3068:error:0D066091:asn1 encoding routines:a2i_ASN1_INTEGER:odd number
of chars:f_int.c:162:
Therefore, I needed to modify my command
Bernhard Froehlich wrote:
Jorey Bump wrote:
Is this as simple as commenting out default_crl_days? I've noticed
that a certificate with a longer default_days will be treated as
expired when default_crl_days is reached. Yet, I don't see the CRL
period in the signed certificate when I view
Todd Wease wrote:
On Sun, 2005-07-17 at 12:03 -0400, Jorey Bump wrote:
What is the maximum length (if string) or size (if number) of a serial
number?
I am using the current datetime to set the initial serial number for my
CA to provide a reasonable measure of uniqueness:
# example
I'm nearly complete in setting up my own CA, but I'm not sure how to
manage Certificate Revocation Lists (CRL). I noticed that related
settings such as *RevocationUrl are commented out in the default
openssl.cnf. Should I fill these in and post my CRL, or should I just
make default_crl_days =
28 matches
Mail list logo