Creating Netscape compatible apache server certificates
Whenever I try t view my SSL site from Netscape, I get either an error that the certificate is corrupted, or "The certificate is not approved for the attempted application". This certificate works fine when the page is viewed from MSIE. The cert is signed with a self-signed-CA by the way. Any way to alter what the cert is "approved" for so Netscape users will be able to view the site? Thanks in advance. ~Travis __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS environment variable is set after .htacces is parsed
On Mon, 10 Mar 2003, Domenico Andreoli wrote: > > order deny,allow > > deny from all > > allow from 127.0.0.1 > > SSLRequireSSL > > after some thinking at it, i see you answer is not suitable for my > needs. indeed, your mandates the use of SSL, while mine allowed access > from localhost *or* SSL. Okay then, do this: order deny,allow deny from all allow from 127.0.0.1 SSLRequireSSL Satisfy any --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS environment variable is set after .htacces is parsed
On Sat, Mar 01, 2003 at 11:02:22AM -0500, Cliff Woolley wrote: > On Sat, 1 Mar 2003, Domenico Andreoli wrote: > > > order deny,allow > > deny from all > > allow from 127.0.0.1 > > allow from env=HTTPS > > Why do you need that env var? Use this instead: > > > order deny,allow > deny from all > allow from 127.0.0.1 > SSLRequireSSL > > after some thinking at it, i see you answer is not suitable for my needs. indeed, your mandates the use of SSL, while mine allowed access from localhost *or* SSL. i need something that can be put into allow directive... thanks cavok -[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: private key not found
>1 out of 1 certificate requests certified, commit? [y/n]y >Write out database with 1 new entries >ata Base Updated >CA verifying: server.crt <-> CA cert >server.crt: /C=US/ST=Kansas/L=Lawrence/O=Pelathe >Center/CN=www.pelathe.org/[EMAIL PROTECTED] >error 18 at 0 depth lookup:self signed certificate >/C=US/ST=Kansas/L=Lawrence/O=Pelathe >Center/CN=www.pelathe.org/[EMAIL PROTECTED] >error 7 at 0 depth lookup:certificate signature failure > >What is an 'error 18 at depth 0' and an 'error 7 at depth 0'? Would >this be a >reason why my server cannot find the Private Key? I've no idea what this error means but I've seen it several times but never seen an explanation on the list. I would strongly recommend that you use the alternative certificate scripts available as ssl.ca-0.1.tar.gz at: http://www.openssl.org/contrib/ These have fixed this problem for me numerous times. ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
