On Mon, Mar 06, 2000 at 02:10:42PM -0800, EKR wrote:
Karl Denninger [EMAIL PROTECTED] writes:
Well, I understand that, but it seems that people (including Thawte,
Microslug and Nutscrape) are missing the point.
There are to separate things that secure web servers do.
1.
Absolutely.
I wonder if the DOJ might be interested in this
--
--
Karl Denninger ([EMAIL PROTECTED]) Web: http://childrens-justice.org
Isn't it time we started putting KIDS first? See the above URL for
a plan to do exactly that!
On Mon, Mar 06, 2000 at 05:29:23PM -0500, Eric Moore
On Tue, Mar 07, 2000 at 12:23:33AM +0100, Jan Meijer wrote:
Hi Karl,
Whilst taking the risk to look like someone from Microshot, Netscape or the
others some comment on your pleads for clarity.
There are to separate things that secure web servers do.
1. Authenticate who you're
Karl Denninger [EMAIL PROTECTED] writes:
On Mon, Mar 06, 2000 at 02:10:42PM -0800, EKR wrote:
The generation, no. However, in order for people sending you mail
to be sure that they are not subject to active key substitution
attacks, they key pair does need to be securely bound to the
hello ...
The whole thing ... apache 1.3.12, the newest mod_ssl, newest mod_perl and php
compiled nicely for me in Red
Hat 5.2. The only bug I had was the php/database support ... but this list is not
about that :-))
Question: should all this compile out of the box on a Red Hat 6.1 box as
Okie,
Slap me around and call me an idiot!! After a careful look through my
httpd.conf I discovered that Apache was listening on port 8080 (http)
and 8443 (https). After changing this to the standard ports 80 (http)
and 443 (https) it is now accepting connections through http. However I
am
-Original Message-
From: Karl Denninger [mailto:[EMAIL PROTECTED]]
Sent: 03 March 2000 15:39
To: [EMAIL PROTECTED]
Subject: Re: Certificate questions...
Hi John,
On Fri, Mar 03, 2000 at 10:06:19AM -, Airey, John wrote:
Assuming we are talking about Thawte's server test
[info] Init: Requesting pass phrase via builtin terminal dialog
[error] Init: Private key not found (OpenSSL library error follows)
The openssl error messages could be a little less vague every now and then,
but basically it states your private key cannot be found. I can't look into
your
Robin,
| read from 08105D80 [0810B328] (7 bytes = 7 (0x7))
| - 3c 21 44 4f 43 54 59 !DOCTY
Looks like your server speaks plaintext on port 443. Have you started
the server with apachectl startssl? Did it even ask you for a passphrase
at startup?
Later,
Kos
--
Sorry, I'll be not attending ApacheCon 2000 in Orlando this week because
of disease. This means the proposed session "Security Solutions with
SSL" on Friday has to be cancelled. Those of us who attend ApacheCon and
wanted to visit my session should be not too much disappointed, please.
Yours,
On Mon, Mar 06, 2000, Gsandtner Michael wrote:
My situation:
browser -https- proxy -https- SSL Server
A RewriteRule on proxy (mod_ssl+mod_proxy):
RewriteRule ^/(.*) https://server.intern/$1 [P]
mod_proxy/mod_ssl acts as a SSL client.
How I can control on proxy , whether the
[Jason Terry]
I am running
Apache/1.3.11 (Unix) mod_perl/1.21 PHP/3.0.14 mod_ssl/2.5.0 OpenSSL/0.9.4
I have this line in my http.conf
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
However my mod_ssl server still has problems connecting with
MSIE and I can find
Gsandtner Michael wrote:
How I can control on proxy , whether the connected SSL server (in the
example server.intern) is trusted or not ?
Well, you might want to try:
o SSLProxyVerify on|off
(whether to verify the remote certificate)
o SSLProxyVerifyDepth N
On Mon, Mar 06, 2000 at 09:48:47AM -, Airey, John wrote:
-Original Message-
From: Karl Denninger [mailto:[EMAIL PROTECTED]]
Sent: 03 March 2000 15:39
To: [EMAIL PROTECTED]
Subject: Re: Certificate questions...
Hi John,
On Fri, Mar 03, 2000 at 10:06:19AM -, Airey, John
Karl Denninger [EMAIL PROTECTED] writes:
Well, I understand that, but it seems that people (including Thawte,
Microslug and Nutscrape) are missing the point.
There are to separate things that secure web servers do.
1.Authenticate who you're talking to, so that when you engage in
It seems there is restraint of trade since only a few 'selected'
companies can get on the CA root of IE and Navigator. To pay USD 300
every couple of years to prove you exist is silly. The price of domaine
registration is coming down, why not certs since there is more e-commerce?
In the
Hi !
I am facing a problem while configuring Global server
certificate - SGC support !
1 I got a verisign Global Serv ID(for SGC) : gsid.crt
2 specified the gsid.crt under SSLCertificateFile
3 specified the key file
4 Got the intermediate verisign CA root(gsid_ca.crt)
and specified the same
In order for the stepup to work, you have to allow 40-bit encryption so it
can figure out that it needs to step it up.
Regards,
-Mat
---
Mat Butler, Winged Wolf [EMAIL PROTECTED]
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode
18 matches
Mail list logo