Re: Netscape 6
On Fri, 1 Dec 2000, Brendon Maragia wrote: > Hi, > > First off i'd like to thank everyone on the list for all they're amazing > ideas and suggestions, that saved me lots and lots of trouble and debug time > in the past. :) thanks. Hehee now off to my problem. Heres a couple things > you should know before I start... > > apache-1.3.14 > mod_ssl-2.7.1-1.3.14 > openssl-0.9.6 > no rsaref2.0 :) > > Ok my trouble is that in order to get this class i wrote in php to work I > can't switch domain names when moving from a 'http' to a 'https'. So I went > ahead and aliased my domain name to 2 IP addresses so I can do an apache > vhost && a ssl vhost, thus so... > > Name:www.commaflex.com > Addresses: 216.186.181.230, 216.186.181.231 I don't understand why you did this. Users will randomly get one or the other IP address. As a result you are missing definitions for two virtual hosts. ... ... As a result, your successful IE tests were likely nothing more than dumb luck. Merton Campbell Crockett __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Netscape 6
Yes well before I discovered the bug in my php class when switching between domains, I used https://checkout.commaflex.com as a seperate ssl vhost. This worked fine in NS6 as well as all versions of IE. >From: "David Rees" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: <[EMAIL PROTECTED]> >Subject: RE: Netscape 6 >Date: Fri, 1 Dec 2000 19:16:57 -0800 > > > First off i'd like to thank everyone on the list for all they're amazing > > ideas and suggestions, that saved me lots and lots of trouble and > > debug time > > in the past. :) thanks. Hehee now off to my problem. Heres a > > couple things > > you should know before I start... > > > > apache-1.3.14 > > mod_ssl-2.7.1-1.3.14 > > openssl-0.9.6 > > no rsaref2.0 :) > > > > > > Well all of these things work fine and dandy in IE (the versions i've > > checked) , however, Netscape 6 can't find https://www.commaflex.com :( > > Anybody have any tips? Or perhaps a better way? > >Could it be because the certificate isn't a "real" certified certificate? >I >haven't tried Netscape 6 on the latest mod_ssl myself, by my colleage has >been doing some testing with it against our servers and hasn't said >anything, so I assume it works. > >I'll download Netscape 6 tonight and see how it works for me. > >-Dave > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Netscape 6
> First off i'd like to thank everyone on the list for all they're amazing > ideas and suggestions, that saved me lots and lots of trouble and > debug time > in the past. :) thanks. Hehee now off to my problem. Heres a > couple things > you should know before I start... > > apache-1.3.14 > mod_ssl-2.7.1-1.3.14 > openssl-0.9.6 > no rsaref2.0 :) > Well all of these things work fine and dandy in IE (the versions i've > checked) , however, Netscape 6 can't find https://www.commaflex.com :( > Anybody have any tips? Or perhaps a better way? Could it be because the certificate isn't a "real" certified certificate? I haven't tried Netscape 6 on the latest mod_ssl myself, by my colleage has been doing some testing with it against our servers and hasn't said anything, so I assume it works. I'll download Netscape 6 tonight and see how it works for me. -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Netscape 6
Hi, First off i'd like to thank everyone on the list for all they're amazing ideas and suggestions, that saved me lots and lots of trouble and debug time in the past. :) thanks. Hehee now off to my problem. Heres a couple things you should know before I start... apache-1.3.14 mod_ssl-2.7.1-1.3.14 openssl-0.9.6 no rsaref2.0 :) Ok my trouble is that in order to get this class i wrote in php to work I can't switch domain names when moving from a 'http' to a 'https'. So I went ahead and aliased my domain name to 2 IP addresses so I can do an apache vhost && a ssl vhost, thus so... Name:www.commaflex.com Addresses: 216.186.181.230, 216.186.181.231 ...I setup www.commaflex.com as an apache vhost && a ssl vhost as follows # #commaflex.com # ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/commaflex/public_html ServerName www.commaflex.com ErrorLog /home/commaflex/.error.log TransferLog /home/commaflex/.transfer.log ##end## DocumentRoot "/home/commaflex/public_html" ServerName www.commaflex.com ServerAdmin [EMAIL PROTECTED] ErrorLog /usr/local/apache/logs/error_log TransferLog /usr/local/apache/logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/ssl.keys/www.commaflex.com/server.crt SSLCertificateKeyFile /usr/local/ssl.keys/www.commaflex.com/server.key SSLCertificateChainFile /usr/local/ssl.keys/www.commaflex.com/ca.crt SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Well all of these things work fine and dandy in IE (the versions i've checked) , however, Netscape 6 can't find https://www.commaflex.com :( Anybody have any tips? Or perhaps a better way? -Brendon _ Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: upgrading an ancient version
Hi, > I am very familiar configuring mod_ssl / openssl / apache. Can someone > advise as to the pitfalls I might encounter, if there are any, and how > to overcome them when upgrading from the following versions of software > to the latest on a FREEBSD box? > > OS: 3.2-STABLE FreeBSD 3.2-STABLE #2 i386 (not a chance of upgrading > this to latest...yet!) > APACHE: 1.3.9 > MODSSL: mod_ssl/2.4.0 > OPENSSL: OpenSSL/0.9.4 > > What I am really worried about is my vhost's certs. Will they still > work if I upgrade modssl and openssl? > > Will they still work if I just upgrade apache and mod_ssl (do I even > need to upgrade openssl at all?) I have no idea. :-) I wouldn't expect any problems to arise, but why don't you test it by running the upgraded version in a different directory and on different ports? I do this all the time on production machines. > Can I just upgrade apache and keep the current versions of modssl > and openssl...? You can't do this, mod_ssl generally only works for the version of Apache it's released for. -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
upgrading an ancient version
I am very familiar configuring mod_ssl / openssl / apache. Can someone advise as to the pitfalls I might encounter, if there are any, and how to overcome them when upgrading from the following versions of software to the latest on a FREEBSD box? OS: 3.2-STABLE FreeBSD 3.2-STABLE #2 i386 (not a chance of upgrading this to latest...yet!) APACHE: 1.3.9 MODSSL: mod_ssl/2.4.0 OPENSSL: OpenSSL/0.9.4 What I am really worried about is my vhost's certs. Will they still work if I upgrade modssl and openssl? Will they still work if I just upgrade apache and mod_ssl (do I even need to upgrade openssl at all?) OR Can I just upgrade apache and keep the current versions of modssl and openssl...? -robt "You have the possibility to make a lot of people angry OR a lot of people happy. Thus is the nature of the System Admin" __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: How to install mod_ssl & apache (not apache-mod_ssl) from RPMs SRC (sources)
You can download the current source rpm for apache-mod_ssl from www.modssl.org/contrib/. Once downloaded use rpm --rebuild --target i[3456]86 apache-mod_ssl-1.3.14.2.7.1-1.src.rpm (Use one integer from the square brackets for your particular processor, eg i686). This does both stages you have listed below (and saves your fingers!) Please note that you will need both openssl and openssl-devel packages installed to build this. Once it is compiled you won't need the openssl-devel package any more to run it. - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: Francisco Javier Martínez Martínez [mailto:[EMAIL PROTECTED]] Sent: 01 December 2000 12:49 To: [EMAIL PROTECTED] Cc: Francisco Martinez Martinez Subject: How to install mod_ssl & apache (not apache-mod_ssl) from RPMs SRC (sources) Hello . I am installing a new Red Hat Linux server, due to a 'new political', I had to install every thing from 'program.src.rpm' , install the packs in this way is very simple using: # rpm --recompile 'program.src.rpm' this generate the SPEC file, and then: # rpm -ba 'program.spec' This generate the binary RPM that could be installed as an normal RPM. But the problem is, what happends if I had to install as in my case : Apache, mod_ssl and the frontpage extensions? Till now I had been using the source codes compiled with the APACI method. I had been looking for information or guides about RPM installation but there is nothing clear about this. I think that could be as easy as recompile all the packs together with somtihng like 'rpm -ba pack1.src.rpm pack2.src.rpm, or I need to make an .spec file for the apache in which I put the references to the modules?. Any help or suggestions would be greatly appreciated. Thanks in advance. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Segfault w/ ModSSL 2.7.1 and Apache 1.3.14
I am running Apache 1.3.14 and I just compiled Mod_SSL 2.7.1 into it. If I leave Mod_SSL disabled apache works fine. When I add: LoadModule ssl_module modules/libssl.so I have no problem but at this point Mod_SSL really isn't running. As soon as I add: AddModule mod_ssl.c I get a segmentation fault. The segmentation error I am getting is: [Fri Dec 1 10:57:22 2000] [notice] child pid 618 exit signal Segmentation fault (11) and Netscape returns "Document Contains no Data". This happens if I try to access a page via SSL or traditionaly. When I compile it all together everything works fine. I am using the following when compiling: Compile openssl first: ./config -fpic make ./configure \ --with-apache=../apache_1.3.14 \ --with-ssl=../openssl-0.9.5a \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/lib/apache \ --sysconfdir=/etc/httpd/conf \ --datadir=/home/httpd \ --includedir=/usr/include/apache \ --libexecdir=/usr/lib/apache \ --iconsdir=/home/httpd/icons \ --htdocsdir=/home/httpd/html \ --cgidir=/home/httpd/cgi-bin \ --runtimedir=/var/httpd \ --logfiledir=/var/log/httpd \ --proxycachedir=/var/cache/httpd \ --enable-module=all \ --enable-shared=max \ --enable-rule=EAPI make Thanks :) -Nick __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
How to install mod_ssl & apache (not apache-mod_ssl) from RPMs SRC (sources)
Hello . I am installing a new Red Hat Linux server, due to a 'new political', I had to install every thing from 'program.src.rpm' , install the packs in this way is very simple using: # rpm --recompile 'program.src.rpm' this generate the SPEC file, and then: # rpm -ba 'program.spec' This generate the binary RPM that could be installed as an normal RPM. But the problem is, what happends if I had to install as in my case : Apache, mod_ssl and the frontpage extensions? Till now I had been using the source codes compiled with the APACI method. I had been looking for information or guides about RPM installation but there is nothing clear about this. I think that could be as easy as recompile all the packs together with somtihng like 'rpm -ba pack1.src.rpm pack2.src.rpm, or I need to make an .spec file for the apache in which I put the references to the modules?. Any help or suggestions would be greatly appreciated. Thanks in advance.
Re: Apache startup and passphrase
On Thu, Nov 30, 2000 at 11:39:07PM +0100, Mark Tiramani wrote: > the following (global server config only) will do the trick: > > SSLPassPhraseDialog exec:/path/to/script/get_pass > > where get_pass is a script, executable etc. that picks up the server > identifiers passed to it when mod_ssl/Apache starts up. And of course, thsi script must NEVER be executable by a local user on the machine, or [s]he could simply do... echo ServerName:port | /path/to/script/get_pass and could see the password in plaintext. Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-41143 | 81730 Munich, Germany __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apache Server with several SSL certificates
Hello, I want to set up a apache Server with several SSL certificates. It depends from a parameter in the URL. How can I set up the server, that he is using several SSL certificates, and what I have to do, that he take several certificates to several parameters. Or is it impossible? Thanks Klaus-Peter __ Klaus-Peter Knieß FJA Innosoft GmbH Elsenheimer Straße 48 80687 München Tel.: +49 (0)89 57879-150 Fax:+49 (0)89 57879-599 e-mail: Klaus-Peter [EMAIL PROTECTED] web:http://www.fja.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]