- Original Message
From: Jan Stian Gabrielli [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Thursday, September 25, 2008 9:37:00 AM
Subject: Re: Can i use CA signed cert to create client authentication
certificates ?
Thank you very much Matt .
That solved it :).
I now have Client
Thank you very much Matt .
That solved it :).
I now have Client Certificate Authentication working with a CA signed
certificate and a Self Signed CA which in turn signs client certs.
If i can only ask for a bit more advice regarding this setup ?.
Although I think this problem might be Firefox
Ok. This seems like a viable solution.
Ie.
I use an approved CA signed cert to verify the site auhtentisity, and i use a
selfsigned CA root for client certificates.
Can you point me in a direction of how i make this work in apache ?.
I already have a setup with a Selfsigned CA working for client
I am trying to set up apache with mod_ssl , and I have it working with a
Self Signed CA.
But i can not get it to work with a cert created by thawte.com.
Does anyone know if it is possible to do this with a crt signed by a third
party where one does not have access to their root ca key ?.
Ie.
I
Sounds like your trying to use the thawte apache cert to sign your client
certs? The thawte cert won't have the right attributes to sign a client cert
and then try to use it.
You could use your CA for client certs and Thawte for the server cert.
Regards
Matt
- Original Message
From
Hello,
i have got 2 problems with my Apache using mod_ssl and authentification
with client-certificates.
1. When the Apache is running and i copy a new pem-encoded
CA-Certificate in the specified directory (SSLCACertifcatePath) and
create the symbolic hash-link, no client is able to connect
1. I believe the server reads the CA cert into memory at startup for a
couple of reasons: to prevent unnecessary disk access, and probably as a
security measure as well. If your cert is password protected, you might
want an admin to type it in and startup is the perfect time to do it.
2. Maybe
Looking at the SSL 3.0 spec at
http://wp.netscape.com/eng/ssl3/draft302.txt, there appears to be a size
limit for the list of CA distinguished names ..
struct {
CertificateType certificate_types1..2^8-1;
DistinguishedName certificate_authorities3..2^16-1
There was some discussion on modssl-users a while back on this topic; we
had some concerns about extracting ca-bundle.crt directly from the
Mozilla CA list sources. But after discussing this with Frank Hecker
and some others there is agreement that there are no licensing issues
here really.
So
Hello,
I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detailaid=928157group_id=17203atid=414256
Fink package system has License field. I must fill it. What is the
license of sole ca-bundle.crt? Mod_ssl license? Or nothing like
license?
I sent before
On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
Hello,
I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detailaid=928157group_id=17203atid=414256
Fink package system has License field. I must fill it. What is the
license of sole ca
Hello,
I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detailaid=928157group_id=17203atid=414256
Fink package system has License field. I must fill it. What is the
license of sole ca-bundle.crt? Mod_ssl license? Or nothing like
license
I am away on paternity leave for the next few days.
Please contact OLSU if urgent, otherwise i will get back
to you as soon as possible on my return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
Hello,
I am having problems with a brand new Verisign 128 bit certificate that has
just be purchased. I have installed the certificate and the intermediate
CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance.
What I am seeing is the Netscape and Mozilla connect to the site just
I am away on paternity leave for the next few days.
Please contact OLSU if urgent, otherwise i will get back
to you as soon as possible on my return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote:
Hello,
I am having problems with a brand new Verisign 128 bit certificate that has
just be purchased. I have installed the certificate and the intermediate
CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance.
Did you
and the
intermediate CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d
instance.
Did you get a new intermediate cert (intermediate.crt) from Verisign
also? This also goes in the apache config. directions somewhere on
verisigns site.
Yes. The only certificate that has ever been on my servers is the new
I've got OpenSA (Apache w/openssl+modssl) running on a Windows platform
and am trying to create my own CA. I'm able to create a private key and
make a cert for that CA but can't use my CA to sign the CSR.
I see from the modssl docs the step by step but then the last step gets
to running the script
We recently had a problem with our Verisign Intermediate CA Certificate.
This link (https://www.verisign.com/support/site/caReplacement.html) points
to how they said to fix the problem. Your case may be similar.
Florian Yanez
Manager of Technical Systems
Helzberg Diamond Shops, Inc.
[EMAIL
Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.
If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use only or for a small number of users. In that case,
just use
PROTECTED]
Subject: Re[2]: OT: cheap CA certificates
Thawte is pretty cheap. $127 bucks through their ISP channel (anyone
can sign up) for a regular web cert, I am not sure you can do much better.
If it's not worth $127 a year, then I assume it's not for profit, e.g.
for internal use only
Where can I get cheap/reliable certs for a Apache that IE 5.5+ clients will
authorize against? Thawte and Verisign have outpriced themselves.
-Eric Wood
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
http://www.geotrust.com/equifax/
On Mon, Nov 17, 2003 at 02:33:53PM -0500, Eric Wood wrote:
From: Eric Wood [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: OT: cheap CA certificates
Date: Mon, 17 Nov 2003 14:33:53 -0500
Reply-To: [EMAIL PROTECTED]
Where can I get cheap/reliable certs
...a bit naive I know, but I'd rather be safe than regret it a week later ;-)
We have an existing internal CA designed around a OpenSSL 0.9.5 signed CA
(obviously we're using a newer release of OpenSSL now - but the CA cert was
created under 0.9.5).
It's all working well - until now. We have
library error follows)
[Tue Jul 2 11:54:00 2002] [error] OpenSSL: error:14094412:SSL
routines:SSL3_REA
D_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not
server
name or identical to CA!?]
*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
Inderjit
S Gabrie
Please post in plain-text... -
Your error: [Hint: Subject CN in certificate not server name or
identical to CA!?]
means: the Common Name in the certificate is not the same as the
ServerName in the URL - e.g. the certificate belongs to www.abcdef.com
but you are using it in a server whose URL
openssl.conf -days 365 -signkey ca.key \
-in ca.csr -req -out ca.crt
-Original Message-
From: Sasa STUPAR [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 28, 2002 11:50 AM
To: [EMAIL PROTECTED]
Subject: Re: Problems with creating own CA
One thing, if I
\
-in ca.csr -req -out ca.crt
-Original Message-
From: Sasa STUPAR [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 28, 2002 11:50 AM
To: [EMAIL PROTECTED]
Subject: Re: Problems with creating own CA
One thing, if I try to use directly with the command openssl req -new
-x509 -days 365
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 03 December 2002 03:22 pm, Sasa STUPAR wrote:
OK, so creating a certifikate is done. How do I sign it ? I am using
windows but I have read in the documents to use sign.sh in mod-perl. Ok
but I am not having Linux anywhere near me. So
Ok I have made a server certificate and a client certificate. I have
configured apache and ssl.conf with everything necesary BUT when I try
to conect to myserver:443 it tells me connection has been refused.
Any idea ?
Maurizio Marini wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On
: Sasa STUPAR [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 28, 2002 11:50 AM
To: [EMAIL PROTECTED]
Subject: Re: Problems with creating own CA
One thing, if I try to use directly with the command openssl req -new
-x509 -days 365 -key ca.key -out ca.crt I get back error like before
with also
Hi !
I am trying to create my own CA. The creation of a key file is fine.
When I try to create a CSR file I get back an error unable to find a
'distinguished_name' in config.
I am runing on winXP with openssl 0.9.6g. I wanted to make a server
certificate for my Apache.
Please help me !
Sasa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002 03:45 pm, Sasa STUPAR wrote:
unable to find a 'distinguished_name' in config.
in your openssl.cnf you should uncomment lines regarding distinguished_name;
otherwise re-post with it attached
- --
Maurizio Marini
a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
They are already uncommented. Here is attached my config file.
I've:
commonName = Common Name (eg, your name or your server\'s
hostname)
commonName_max =
Well, I have added what you've told me but still the same problem.
Maurizio Marini a écrit:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002 05:01 pm, Sasa STUPAR wrote:
They are already uncommented. Here is attached my config file.
I've:
commonName
One thing, if I try to use directly with the command openssl req -new
-x509 -days 365 -key ca.key -out ca.crt I get back error like before
with also that it canot load config info.
Any idea ?
Maurizio Marini a écrit:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 28 November 2002 05:53 pm, Sasa STUPAR wrote:
I have here made a printscr and save it in a word doc. Please look at
it, maybe it will give same clue.
in fact!
it seems that you lack openssl.conf pathname in your env vars
check your env
)
the error message :
[root@itahost2 conf]# sign.sh ssl.csr/server.csr
CA signing: ssl.csr/server.csr - ssl.crt/server.csr:
Using configuration from ca.config
./ca.key: No such file or directory
trying to load CA private key
28968:error:02001002:system library:fopen:No such file or
directory:bss_file.c
to create CA ( invalid: NOT real ) for Web Server ( Apache ) ?
Thank for your help !
Edward.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED
Hello,
How to create CA ( invalid: NOT real ) for Web Server ( Apache ) ?
Thank for your help !
Edward.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
on the questions.
Do I need to create my own Certificate Authority? If I create my
own CA, how do I get Netscape to use it as a CA? I am using Netscape
4.7 on Solaris. If I create my own CA, does my Apache/modssl server perform
that function?
Do I need to create a certificate for Brian? Does it have
Hi Brian
Netscape needs a pckcs12 format.
I emailed the openssl list on the 16/10/2002 with subject Re: CSR/CA
Issued Certificate
where among other things I show how to create CA,server and client
certificates (not keys) and how to convert them to PKSC12 format and
import them into the browser
server using this CA,but I foundan unexpected
warning happened when I tried to connect my apache server through
MSIEnetscape.Thereis a warning message which says my certificate is
not issued by Trusted CA.
I thinkthe CAgenerated by
myselfmust be have some problems.My question is:canguys
server using this CA,but I foundan unexpected
warning happened when I tried to connect my apache server through
MSIEnetscape.Thereis a warning message which says my certificate is
not issued by Trusted CA.
I thinkthe CAgenerated by
myselfmust be have some problems.My question is:canguys
Hello List,
I have a question regarding the use of a different CA. I recently
purchased an SSL certificate from comodo.net and I have not been able
to get it to work properly. My browser responds that it cannot
recognize the issuer of the certificate. I am running apache 1.3.26,
mod-ssl 2.8.9
Dear Sir:
If we want to allow the users that have the
certificate is signed by two CA(For examble Verisign
and Hitrust). How could I do?
If I execute the SSLCACertificateFile command
tow times. The Second command is work, but the
first CS is disable.
OS : Windows 2000
Hi Sir:
I have got the solution. Thanks.
Bruce Huang
-Original Message-
From: ¶À¤å½å
Sent: Friday, July 12, 2002 2:06 PM
To: '[EMAIL PROTECTED]'
Subject: Could I add more than one CA to http.conf.
Dear Sir:
If we want to allow the users
We have created our own CA certificate and signed few more certs using it.
The CA is about to expire and with that all the certificates signed using
it. Is there a way to extend the expiration day with out recreating the CA
and reissuing the certs?
Please help
Thanks in advance.
Ilya
Hello,
Maybe a stupid question, but I cannot figure out the answer.
I have a secured SSL/TLS server with client authentication.
I accept user certificates for various CA of my choice, so
I have those CA certificates available and verified, etc.
But, in order to validate user certificates, I
date, correct servername)
signed by a valid CA (installed on your web browser or on the remote
server). which brings me to my question:
my company purchased a cert from geotrust. initially, we couldn't make
the cert work (we got ie dialog saying that the cert was from a company
we had not chose
On 2 Apr 2002, jon schatz wrote:
we had not chose to trust). geotrust had me install a CA cert on the
server and use 'SSLCACertificateFile' to point to it. magically, ie then
trusted the certificate. so why does this work? i mean, why can't i
start forging ssl certificates that are trusted
Hello,
I'm a ISP. I want to obtain a certificate, and then, create my own
certificates for my clients. It is possible?
--
Administrador Técnico
Alsernet 2000
http://www.alsernet.es
__
Apache Interface to OpenSSL (mod_ssl)
Hi Ed,
works fine!
Many thanks
Markus
PS: Only one typo, I corrected below for others convenience.
Datum: 12.03.2002 19:20
An:[EMAIL PROTECTED]
Antwort an:[EMAIL PROTECTED]
Betreff: Re: Antwort: RE: Sign a server CSR with my own CA
Nachrichtentext
openssl.cnf from www.modssl.org) and build my own CA.
But now I have problems to sign the CRT with my own CA, because there is no sign.sh
script for WinNT. I tried it with 'openssl ca' and go through several error messages
(last was missing index.txt).
Does anybody succeeded in this? Or has anybody
Search for CA.pl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Markus Dallmann
Sent: Tuesday, March 12, 2002 8:14 AM
To: [EMAIL PROTECTED]
Subject: Sign a server CSR with my own CA
Hi,
I'm using a win32 binary version of Perl 5.6.1, mod_perl 1.25
Hi,
We are using
Apache/1.3.9 (Unix) mod_ssl/2.4.10 and we
could authenticate our windows 2000 ca server certificates to whole part of
server.How can I authenticate my clients for a particular URL based on
certificates but still allow arbitrary clients to access the remaining parts
Hi,
I need to put up a CA Server on Win2000 for testing purposes. Any
recommendation for software will be highly appreciated.
Sorry, if this request is out of scope.
Thanks.
Peter
__
Apache Interface to OpenSSL (mod_ssl
if you have win2000 server/advanced server you can install certificate
servers to do it
- Original Message -
From: Dr. Peter Kanyion [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 08, 2002 11:15 AM
Subject: CA-Server on Win200
Hi,
I need to put up a CA Server
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of madhon
Sent: Dienstag, 8. Januar 2002 12:40
To: [EMAIL PROTECTED]
Subject: Re: CA-Server on Win200
if you have win2000 server/advanced server you can install certificate
servers to do it
- Original Message
its included in both the server and advanced server versions of win200
- Original Message -
From: Dr. Peter Kanyion [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 08, 2002 11:44 AM
Subject: RE: CA-Server on Win200
Thanks for the swift response. No,I don't have
Ok im useing mandrake linux it came with a predefined
key . i created a news key for my site but ,when i put the certificate
and the key in /etc/httpd/ssl dir the server wont start
andrew reid wrote:
Hi i created a certificate to used by apache but cant figure out how
were to install it help please.
You need a cert and a key. When you compiled apache with mod_ssl, and
did make install, they should have been installed for you. Anyway,
they go in your apache conf dir
Title: IE6 Base ca-bundle
I have uploaded a IE6 based new ca-bundle.crt
containing all root cert's.
http://www.modssl.org/contrib/ca-bundle.crt.tar.gz
With Kind Regards,
Martin Brülisauer
Systime Informatik AG
Engineering Support
Bruggacherstrasse 26
CH-8117
SSLCACertificatePath conf/ssl.crt
SSLOptions +FakeBasicAuth
SSLRequireSSL
SSLRequire %{SSL_CLIENT_S_DN_O} eq Snake Oil,
Ltd. and \
%{SSL_CLIENT_S_DN_OU} in {Staff,
CA, Dev}
/Directory
for client certificate authentication
Yes, you can use OCSP with Entrust issued certificates.
Lorrayne
[EMAIL PROTECTED] wrote:
Hello Lorrayne,
Thanks for your input.
By any chance, do you know if i can use OCSP with an Entrust CA (instead of
CRLs)?
Regards,
Alec
Valicert has listed Entrust as one of its partners. I would assume that
would mean that Valicert can interoperate with Entrust issued
certificates.
I think it is stretching things to say that partnership implies full
parsing of the various Entrust CRL's. How many partnerships do you know
Rich,
I'll check w/ an Entrust engineer today to see if I can get an honest
(ha!) answer from him regarding your concerns.
Lorrayne
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
i'd ask a valicert person, actually.
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
__
Apache Interface to OpenSSL (mod_ssl)
From Schaefer,Lorrayne J. [EMAIL PROTECTED] on 12 December 2001
9:07:02
To : [EMAIL PROTECTED]
Copy To : [EMAIL PROTECTED]
Subject : Re: Multiple CRLs with same CA
Hi everyone. I was chatting with an Entrust engineer yesterday about
partitioned CRLs (this is where you can
No, openssl does not yet support the (infinite:) ways to split CRL's
that Entrust likes.
OCSP is simpler. :)
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
__
Hi everyone. I was chatting with an Entrust engineer yesterday about
partitioned CRLs (this is where you can break it down my something such as
size). The only CA that currently do this to my knowledge is Entrust.
I agree with Rich Salz's response. OCSP is a great way to go (and,
Valicert
Hello Lorrayne,
Thanks for your input.
By any chance, do you know if i can use OCSP with an Entrust CA (instead of
CRLs)?
Regards,
Alec
From Schaefer,Lorrayne J. [EMAIL PROTECTED] on 12 December 2001
9
Does Valicert support the various Entrust CRL extensions and
partitioning?
If not, then they're useless for this problem.
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Hello there,
Is mod_ssl supporting having multiple CRLs for 1 CA?
It seems it's not, and that's very anoying in my situation.
I'm using Entrust PKI software which splits the CRL list when it reaches
a defined size (for scalability). mod_ssl seems to check only the first
CRL and don't care about
On Tue, Dec 11, 2001 at 05:32:42PM -0500, [EMAIL PROTECTED] wrote:
Hello there,
Is mod_ssl supporting having multiple CRLs for 1 CA?
It seems it's not, and that's very anoying in my situation.
I'm using Entrust PKI software which splits the CRL list when it reaches
a defined size
Toftum [EMAIL PROTECTED] on 11 December 2001 23:45:53
To : [EMAIL PROTECTED]
Subject : Re: Multiple CRLs with same CA
On Tue, Dec 11, 2001 at 05:32:42PM -0500, [EMAIL PROTECTED] wrote:
Hello there,
Is mod_ssl supporting having multiple CRLs for 1 CA?
It seems it's not, and that's very anoying in my
Have you created your CA-Certificate with the steps in
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29 ?
Then you have the certificate in the right format.
I don't know if it works under Linux/Unix if you call a certificate from a file-URL
(in Windump it doesn't), try to request it via http
,
Alex
I prepared the CAs using the make certificate TYPE=custom option. Both the server
and the CA
files look fine to me and are in their proper pews.
There were warnings about security depth being 0, but that is to be expected during
the creation
process.
In the mod_ssl documentation
and the CA
files look fine to me and are in their proper pews.
There were warnings about security depth being 0, but that is to be expected during
the creation
process.
In the mod_ssl documentation the instruction asks that I 'fire up' Communicator and
use the Perl
script loadcacert.cgi
I prepared the CAs using the make certificate TYPE=custom option. Both the server
and the CA files look fine to me and are in their proper pews.
There were warnings about security depth being 0, but that is to be expected during
the creation process.
In the mod_ssl documentation
what's the best way to renew an expired, self-signed CA certificate? i'd
like to be able to automate the steps that users (https, imaps with
Netscape and Outlook) will have to go through during the renewal process
so, they don't have to find the old CA certificate in their programs and
delete
:
SSLEngine on
SSLCertificateFile /home/dan/CA/demoCA/cacert.pem
SSLCertificateKeyFile /home/dan/CA/demoCA/private/cakey.key
SSLCACertificatePath/home/dan/CA/demoCA/
SSLCACertificateFile/home/dan/CA/demoCA/cacert.pem
/home/dan/CA/demoCA/cacert.pem
SSLCertificateKeyFile /home/dan/CA/demoCA/private/cakey.key
SSLCACertificatePath/home/dan/CA/demoCA/
SSLCACertificateFile/home/dan/CA/demoCA/cacert.pem
Location /securelocation
SSLVerifyClient require
I'm using the CA.pl script provided with openssl in order to create a CA
and then produce a self-signed certificate. I'm just looking for
confirmation that I'm going through the correct steps and putting the
right values into Apache.
All commands are issued from /home/dan/CA. The Apache
]
cc:
Subject:Re: SSLCertificateChain
file for Intermediate CA
Server
Gated Cryptography (SGC)
Init: (www.motorweb.co.nz:443) Configuring RSA server private key
Init: (www.motorweb.co.nz:443) Configuring server certificate chain (1
CA certificate)
Connection to child 2 established (server www.motorweb.co.nz:443, client
210.55.82.41)
Seeding PRNG with 0 bytes
Genkin.
I think I know what your problem is.
You must add the issuer of the certificate to the certificate chain. The
problem is that IE doesn't have the ROOT (isuuer) for the certificate and it
must have the entire chain to consider it trusted.
Place the issuer (I think Thpoon CA
-
Da: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Per conto di Paul-Catalin Oros
Inviato: venerdi 18 maggio 2001 17.59
A: [EMAIL PROTECTED]
Oggetto: Re: R: Cert signed by own CA and IE
Hi Arcady!
Have you solved your problem? I wasw able to install your
Certificate, after I installed your
?
I've checked, even with SSLLogLevel debug I couldn't get anymore out of
it.
I've since looked through the mod_ssl source and if there is any kind of
error while trying to load the ChainFile then the generic Failed to
configure CA certificate chain! messge is produced. Not very helpful
really since
On Sun, 20 May 2001, Damon Maria wrote:
One thing I haven't mentioned previously is that I'm running Apache
1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
either of these versions.
Well... Can't hurt to upgrade, can it? I'm running Apache 1.3.19 with
mod_ssl
Juha Saarinen wrote:
On Sun, 20 May 2001, Damon Maria wrote:
One thing I haven't mentioned previously is that I'm running Apache
1.3.12 and mod_ssl 2.6. But I presume there shouldn't be a problem with
either of these versions.
Well... Can't hurt to upgrade, can it? I'm running
then the following
appears in the log and apache won't start...
[error] mod_ssl: Init: (www.motorweb.co.nz:443) Failed to configure CA
certificate chain!
I've copied my original message at the bottom of this one which contains
the contents of /etc/httpd/conf/ssl.crt/intermediate_ca.crt (as I got
Sie der ausstellenden Institution vertrauen möchten.
-Ursprüngliche Nachricht-
Von: Lutz Jaenicke [SMTP:[EMAIL PROTECTED]]
Gesendet am: Freitag, 18. Mai 2001 10:50
An: [EMAIL PROTECTED]
Betreff: Re: SSLCertificateChain file for Intermediate CA
On Fri, May 18, 2001 at 11:58
vertrauenswürdig eingestuft haben.
Untersuchen Sie das Zertifikat um festzustellen,
ob Sie der ausstellenden Institution vertrauen möchten.
Yes, that is true. Our certificate was issued by our university's
computer center (intermediate CA) and the root CA is the DFN
(german research network, the provider
Hi Arcady!
Have you solved your problem? I wasw able to install your Certificate, after I
installed your self-signed CA certificate. Is it possible this to be the missing step
in your testing? The CA cert has to be added to your root auth., then you'll be able
to install the actual server
Paul-Catalin Oros [EMAIL PROTECTED] writes:
Have you solved your problem? I wasw able to install your
Certificate, after I installed your self-signed CA certificate. Is
it possible this to be the missing step in your testing? The CA cert
has to be added to your root auth., then you'll
Arcady Genkin wrote:
The documentation states that being one's own CA is insecure in the
Internet environment, while is acceptable on the intra-net. Could
anyone explain the issues implied by that statement?
SSL is not less secure if you are your own CA, at least from a technical
point
server
certificate and the intermediate certificate.
If you try https://www.motorweb.co.nz/ in IE (I'm using 5.0) and click
on the padlock, look at the Certification Path. You'll see there is the
Primary CA, the www.verisign.com Intermediate CA and then the
www.motorweb.co.nz certificate. IE contains
] mod_ssl: Init: (www.motorweb.co.nz:443) Failed to configure CA
certificate chain!
I've copied my original message at the bottom of this one which contains
the contents of /etc/httpd/conf/ssl.crt/intermediate_ca.crt (as I got it
from Verisign's site).
I've seen this solution to the Global ID
1 - 100 of 268 matches
Mail list logo
