RE: ssl question
But I did a self-signed cert for testing purposes. Shouldn't that work? -- Matt At 04:34 PM 7/31/2002 +1000, you wrote: Mike, The reasoning behind that message is that you haven't purchased a certificate from a valid certificate store. The bought my companies at verisign.com. If you are not releasing this web app to the public you could simply install the certificate and you shouldn't get the message again. Good luck, Vincent Montuoro Solution Engineer Request Level 12 461 Bourke Street Melbourne Vic 3000 Email: [EMAIL PROTECTED] Office:+61 3 8628 2764 Mobile: 0408 005 979 -Original Message- From: Mike Boyer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 31 July 2002 4:57 AM To: [EMAIL PROTECTED] Subject: ssl question I installed openSSL with mod_ssl, and I can access my site using https://blah.comhttps://blah.com and I get a popup box telling me about a security issue and if I want to accept this. When I have visited other sites that are secure, it dosent ask me to accept anything. In my certificate it says its not part of the CA trusted root stores. Any help would be appreciated. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: ssl question
But I'm never even getting a response on the browser, httpd is never even starting due to this error. I thought I had it corrected this morning, the log kept complaining about not finding the cert, I worked with that for a while, then came back to the same error. Frustrating, but I'm not giving up just yet. I'd like someone to take a look at my httpd.conf and tell me if I'm got something wrong there, or just what the problem can be. I've tried to follow the docs as close as I can, but obviously I've missed something. -- Matt At 09:23 AM 7/31/2002 -0400, you wrote: No, because your browser does not have the signing authority in its list of trusted / root CAs. There are three options, but really only two are practical. The first would be to just import the certificate the first time you see this pop up and you can do that by clicking on View certificate when you get the pop up (I'm talking IE here). The second option would be to purchase and use a cert from a CA which is in your browsers list of trusted/root CA (someone like verisign). You can get the list by clicking on Tools-Internet options-The content tab-Certificates button-Trusted Root Certification Authorites tab. The third option would be to become a CA on that list by paying MS big bucks and setting your own company to do it (not what I would call viable :-). -Noah -Original Message- From: Matt Nelson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 9:14 AM To: [EMAIL PROTECTED] Subject: RE: ssl question But I did a self-signed cert for testing purposes. Shouldn't that work? -- Matt At 04:34 PM 7/31/2002 +1000, you wrote: Mike, The reasoning behind that message is that you haven't purchased a certificate from a valid certificate store. The bought my companies at verisign.com. If you are not releasing this web app to the public you could simply install the certificate and you shouldn't get the message again. Good luck, Vincent Montuoro Solution Engineer Request Level 12 461 Bourke Street Melbourne Vic 3000 Email: [EMAIL PROTECTED] Office:+61 3 8628 2764 Mobile: 0408 005 979 -Original Message- From: Mike Boyer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 31 July 2002 4:57 AM To: [EMAIL PROTECTED] Subject: ssl question I installed openSSL with mod_ssl, and I can access my site using https://blah.comhttps://blah.com and I get a popup box telling me about a security issue and if I want to accept this. When I have visited other sites that are secure, it dosent ask me to accept anything. In my certificate it says its not part of the CA trusted root stores. Any help would be appreciated. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Error message help
At 03:56 PM 7/31/2002 +0200, you wrote: From: Matt Nelson [mailto:[EMAIL PROTECTED]] Now, the error I'm getting now that I can't seem to find any help on, in the error_log is: OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long Unusual.. Do you see anything in the browser? Also: - What versions of apache, mod_ssl, openssl? Apache 1.3.22 OpenSSL 0.9.6 mod_ssl 1.4 - Static or DSO? I'll be honest and say I don't quite understand that question. I'm way more new at this what I wished. I could probably answer that question, if asked in different terms. - What browser? IE, Mozilla, you name it. Rgds, owen Boyle __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Error message help
Well I may have figured this out, https is now running, cert was in the wrong place, but https returns the default web page for the apache installation, instead of the real site, which does come up with just http. I think I can figure that out, but if anyone has pointer thanks, and thanks for suffering my dumb questions. -- Matt At 09:36 AM 7/31/2002 -0500, you wrote: At 03:56 PM 7/31/2002 +0200, you wrote: From: Matt Nelson [mailto:[EMAIL PROTECTED]] Now, the error I'm getting now that I can't seem to find any help on, in the error_log is: OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long Unusual.. Do you see anything in the browser? Also: - What versions of apache, mod_ssl, openssl? Apache 1.3.22 OpenSSL 0.9.6 mod_ssl 1.4 - Static or DSO? I'll be honest and say I don't quite understand that question. I'm way more new at this what I wished. I could probably answer that question, if asked in different terms. - What browser? IE, Mozilla, you name it. Rgds, owen Boyle __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Error message help
At 06:02 PM 7/31/2002 +0200, you wrote: See comments, Ditto, Rgds, Owen Boyle -Original Message- From: Matt Nelson [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 31. Juli 2002 17:01 To: [EMAIL PROTECTED] Subject: RE: Error message help Well I may have figured this out, https is now running, cert was in the wrong place, ..or your SSLCertificateFile directive was pointing to the wrong place :-) Yup, but dang I was confused on where it went. Everything I've read said put it somewhere different. Error logs are you friends. ...but https returns the default web page for the apache installation, instead of the real site, which does come up with just http. I think I can figure that out, but if anyone has pointer thanks, and thanks for suffering my dumb questions. Check out your DocumentRoot directive in the SSL virtual host - there should only be one. If there is more than one, apache will use the last one... It is this directive which tells apache where to fetch the content. Yeah I found that right after I wrote that. -- Matt At 09:36 AM 7/31/2002 -0500, you wrote: At 03:56 PM 7/31/2002 +0200, you wrote: From: Matt Nelson [mailto:[EMAIL PROTECTED]] Now, the error I'm getting now that I can't seem to find any help on, in the error_log is: OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long Unusual.. Do you see anything in the browser? Also: - What versions of apache, mod_ssl, openssl? Apache 1.3.22 OpenSSL 0.9.6 mod_ssl 1.4 Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl 2.8.10. That's teh latest mix, also pay attention to the security advisory that was posted to the list today. I'll do that. - Static or DSO? When you compiled apache, did you statically compile in mod_ssl (i.e. --enable-module=ssl) so that the mod_ssl binary gets munged in with the apache binary to produce a big binary *or* did you compile mod_ssl as a shared object which would be loaded dynamically at runtime (DSO = Dynamic Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much difference when they're working, but since yours was not working, I thought I'd ask. I didn't compile, I used everything stock from the Caldera 3.11 server install. A bad idea now I know, if I'd done it on my own or recompiled, I'd know which it was, among other things. I'll be honest and say I don't quite understand that question. I'm way more new at this what I wished. I could probably answer that question, if asked in different terms. - What browser? IE, Mozilla, you name it. Just in case it was a funny browser - SSL is as much to do with the client as it is to do with the server so it is essential to verify any problems with several browsers. But you've already done that. Yeah... See I do try, I hate being a clueless newbie, or at least acting like one. I always try to cover the bases myself, so I don't get RTFM responses. I'm sure I'll have some other questions, though, and soon. Thanks much -- Matt __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Error message help
Hi all, I'm new to the list and to mod_ssl, and well ssl in general, so I hope you'll forgive what may be dumb questions. I've been tasked with setting up a ssl site for a small company that wants to sell online. I've never done anything other than plain sites before, so I'm having to learn. I've done what all the docs have told me to, as near as I can tell, and I've gotten pretty far along. I'm still fuzzy on the exact syntax of the directives, but I've gotten it nearly working I think. This is all being done on a stock Caldera 3.11 server box. Now, the error I'm getting now that I can't seem to find any help on, in the error_log is: OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long I've googled on it, and searched FAQ's, etc, and nothing of help has appeared. I'd appreciate some help on this, I hate when I can't find help in the docs, I hate having to bother anyone. Thanks -- Matt __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]