O.K,
With a little Makefile and source hacking I got nsopenssl.so to
build. (OPENSSL_free isn't in my version of OpenSSL, was it added
later? [tclcmds.c])
Now my problem is that the module fails to load the certfile.pem. I
created my own self-signed certificate using openssl, and from what I
Make sure your private key is not passphrase-protected; if it is, it'll
fail to be loaded by the server. You can use openssl to take the passphrase
off, but make sure you lock up this file so that only the server can read
it (root will also be able to read it, obviously):
openssl rsa -in
To: [EMAIL PROTECTED]
Subject: Re: [AOLSERVER] nsssl - openssl ?
Make sure your private key is not passphrase-protected; if it is, it'll
fail to be loaded by the server. You can use openssl to take the
passphrase
off, but make sure you lock up this file so that only the server can read
it (root
I've always wondered why servers bother to encrypt the private key. The
passphrase is right there in the server configuration so why bother?
I believe that if you use Apache/mod_ssl with an encrypted key, the
server will pause at startup time and prompt you to enter the passphrase
on the
Rob Mayoff wrote:
I believe that if you use Apache/mod_ssl with an encrypted key, the
server will pause at startup time and prompt you to enter the passphrase
on the command line.
The problems with this approach should be obvious...
Particularly when it's a remote server. That
The keyfile was decrypted before I created the CSR. The server dies
trying to load the signed (by me) certificate, even though:
openssl x509 -noout -text -in certfile.pem
Reguritates out the cert information O.K. I guess I failed to mention
I'm using nsopenssl 1.1
I must have an older
I have test platform that contains everything necessary to compile and
configure aolserver, nsopenssl, ssldump in a self-contained area to test
in. If you can't get it working and you want to try out the test suite,
I'll let you know how to download.
/s.
The keyfile was decrypted before I