Arcady Genkin wrote:
The documentation states that being one's own CA is insecure in the
Internet environment, while is acceptable on the intra-net. Could
anyone explain the issues implied by that statement?
SSL is not less secure if you are your own CA, at least from a technical
point
I'm running openssl-engine-0.9.6, mod_ssl-2.8.2-1.3.19 , and apache
1.3.19. I have a cert from Verisign. Our certificate class from
verisign is: Digital ID Class 3 - Global Server ID. It's a 128 bit
cert that I believe is supposed to do a step down to 56 bit when
that's all the browser can
I presume you're not trying to explicitly construct the server certificate
chain that is being sent to the browser, together with the actual server
cert?
This is what I'm trying to do. I'm trying to send all the certificates
in the chain (expect the root) to the browser. This includes my
Hi,
i did read through the FAQ. The following are the steps i did in order to
fix the error :
1. installed Sun patch 105710-01 (Sparc) which adds a /dev/random device.
2. added 'setenv RANDFILE /export/home/tmp/randfile.rnd'
3. did procedure make certificate and didn't see any error
But, i
Since I haven't gotten too much of a response yet (expect for thanks to
Juha) I'll post my VirtualHost in httpd.conf, which I probably should
have done in the first place.
If I uncomment the SSLCertificateChainFile line then the following
appears in the log and apache won't start...
[error]
:: Since I haven't gotten too much of a response yet (expect for thanks to
:: Juha) I'll post my VirtualHost in httpd.conf, which I probably should
:: have done in the first place.
::
:: If I uncomment the SSLCertificateChainFile line then the following
:: appears in the log and apache won't
Juha Saarinen wrote:
Stupid suggestion, perhaps, but can Apache read the CA file? Are the
permissions OK?
Good suggestion, but the permissions are OK (identical to server.crt).
thanks again,
Damon.
__
Apache Interface to