On Thu, Mar 22, 2007 at 09:14:32PM +0100, Mladen Turk wrote:
Guenter Knauf wrote:
Hi,
Should we add a cert-creation .sh and .vbs script to support/ for this
purpose (on any platform)? Sounds like a great idea to me!
+1 from me.
If you find my vbs useful then I will contribute it.
I've
Joe Orton wrote:
Drop an eye on:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/examples/mkcerts?view=markup
- auto-generating dummy certs which claim to be issued by or to the ASF
doesn't seem like a good idea at all
It is an example, so anyone is entitled to change it for
its
Hi,
I'll take this as a resounding no, and that the draft package is
sufficient. Moving it within 24 hrs unless I hear a specific
technical objection.
I've heard from a couple of users that they prefer *.zip archives rather than
the *.msi files; and hacked a WSH script to fix the config files
Guenter Knauf wrote:
I've heard from a couple of users that they prefer *.zip archives
rather than the *.msi files; and hacked a WSH script to fix the config
files when using a zip distribution.
Should we add a cert-creation .sh and .vbs script to support/ for this
purpose (on any platform)?
On Mar 22, 2007, at 12:22 PM, William A. Rowe, Jr. wrote:
Guenter Knauf wrote:
I've heard from a couple of users that they prefer *.zip archives
rather than the *.msi files; and hacked a WSH script to fix the
config
files when using a zip distribution.
Should we add a cert-creation .sh
Sander Temme wrote:
On Mar 22, 2007, at 12:22 PM, William A. Rowe, Jr. wrote:
Guenter Knauf wrote:
I've heard from a couple of users that they prefer *.zip archives
rather than the *.msi files; and hacked a WSH script to fix the config
files when using a zip distribution.
Should we add
Hi,
Should we add a cert-creation .sh and .vbs script to support/ for this
purpose (on any platform)? Sounds like a great idea to me!
+1 from me.
If you find my vbs useful then I will contribute it.
I've spent a good time to find at least something working; the Inet is full of
stuff, but
Guenter Knauf wrote:
Hi,
Should we add a cert-creation .sh and .vbs script to support/ for this
purpose (on any platform)? Sounds like a great idea to me!
+1 from me.
If you find my vbs useful then I will contribute it.
I've spent a good time to find at least something working;
Drop an eye
Hi Mladen,
Drop an eye on:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jni/examples/mkcerts?
view=markup
I've also spend a good deal of time on that, so it might be helpful :)
yeah!! Thanks! Will do, and update my vbs soon
thanks, Guenter.
William A. Rowe, Jr. wrote:
William A. Rowe, Jr. wrote:
I'd like to propose we ship apache_2.2.4-win32-x86-openssl-0.9.8d.msi with
this release. Couple of notes...
Did anyone else have feedback on the comments/notes? I know Roy's made some
additional progress with the notification
On Mar 16, 2007, at 2:48 PM, William A. Rowe, Jr. wrote:
William A. Rowe, Jr. wrote:
William A. Rowe, Jr. wrote:
I'd like to propose we ship apache_2.2.4-win32-x86-
openssl-0.9.8d.msi with
this release. Couple of notes...
Did anyone else have feedback on the comments/notes? I know Roy's
Roy T. Fielding wrote:
On Mar 16, 2007, at 2:48 PM, William A. Rowe, Jr. wrote:
William A. Rowe, Jr. wrote:
William A. Rowe, Jr. wrote:
I'd like to propose we ship
apache_2.2.4-win32-x86-openssl-0.9.8d.msi with
this release. Couple of notes...
Did anyone else have feedback on the
William A. Rowe, Jr. wrote:
Issac Goldstand wrote:
I'd agree if mod_ssl is disabled by default, but if it is, why are they
downloading the mod_ssl-enabled installer?
You miss the point, it's illegal in some jurisdictions to possess/use
such cryptography. That installer will remain as a
William A. Rowe, Jr. wrote:
Jorge Schrauwen wrote:
Do note that not all users that will chose the SSL package will know how
to correctly fill in the fields.
s/not all/a small minority of/
They can't figure out what Domain Name means, let's be serious :)
On 1/10/07, *Issac Goldstand*
Jorge Schrauwen wrote:
On 1/10/07, *William A. Rowe, Jr.* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Jorge Schrauwen wrote:
Do note that not all users that will chose the SSL package will
know how
to correctly fill in the fields.
s/not all/a small
On 1/11/07, Issac Goldstand [EMAIL PROTECTED] wrote:
./configure; make; make install
We don't deposit a certificate today for Unix. After considering
this a bit
more, I agree with jerenkrantz.
True... if you don't enable mod_ssl by default and add a note in the
conf
Issac Goldstand wrote:
I'd agree if mod_ssl is disabled by default, but if it is, why are they
downloading the mod_ssl-enabled installer?
You miss the point, it's illegal in some jurisdictions to possess/use
such cryptography. That installer will remain as a service to those
communities,
On 1/10/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
A final question for all, do we wish to install an arbitrary, on the fly self
signed default.crt/default.key? Do we want to help them fill out the details
or use stock details? Or do we want them to use openssl.exe to generate one
for
I think the MSI should autogenerate a self-signed cert at least (last
thing we need is for people to deploy a static pre-distributed cert
which would make it that much easier to do man-in-the-middle attacks).
Would be great if the MSI had a choice to use an existing cert, or
generate a new one
Do note that not all users that will chose the SSL package will know how to
correctly fill in the fields. My experience tells me if there is a package
with XYZ and without most chose it with XYZ even if they don't need it.
So if there is a dialog in the installer that would ask for the
Jorge Schrauwen wrote:
Do note that not all users that will chose the SSL package will know how
to correctly fill in the fields.
s/not all/a small minority of/
They can't figure out what Domain Name means, let's be serious :)
On 1/10/07, *Issac Goldstand* [EMAIL PROTECTED]
mailto:[EMAIL
On 1/10/07, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
Jorge Schrauwen wrote:
Do note that not all users that will chose the SSL package will know how
to correctly fill in the fields.
s/not all/a small minority of/
Do not underestimate user stupidity ;) ok maybe the number won't be
On 01/10/2007 10:40 PM, William A. Rowe, Jr. wrote:
Does this sound sane?
+1
Regards
RĂ¼diger
23 matches
Mail list logo
