Hello All,
We have opened a java web service our clients are facing issues while
accessing it. They are consistently getting SSL / TLS connection failure
message. All these clients are using VeriSign class 1 certificates. In
apache error logs we see below message:
[Fri Oct 12 17:42:04
I have a third-party XML application compiled into Apache as a module that
requires using port 8081. I have run it successfully for years using HTTP
on Apache 1.3.27 (the version required by the vendor), but now I need to run
it using HTTPS.
So, I installed openssl-0.9.4 and
On Tue, Oct 19, 2010 at 04:35:49PM -0400, Jeff Blaine wrote:
Works: SSL via my corporate cert, SSL via 3 other people's
corporate certs
Fails: 1 person's cert so far, yet is logged as SUCCESS
when logging SSL_CLIENT_VERIFY via CustomLog
Your verbose description of something goes is not
On 11/1/2010 7:14 AM, Joe Orton wrote:
On Tue, Oct 19, 2010 at 04:35:49PM -0400, Jeff Blaine wrote:
Works: SSL via my corporate cert, SSL via 3 other people's
corporate certs
Fails: 1 person's cert so far, yet is logged as SUCCESS
when logging SSL_CLIENT_VERIFY via CustomLog
Your verbose
Hello all,
Sorry for the delay. We found a work around and quit looking into
the below issue. Thanks to Peter for the static library suggestion and Lee
for the same and for getting me back on the topic. We were able to get
everything working how it should. A note, we are compiling modssl
Still trying to solve this, I stood up a separate
brand-spanking-new Apache 2.2.17 from source with builtin
SSL. I am using the same Apache SSL config as quoted below.
I experience the following failure (further context is in
my quoted message below):
...
[Tue Oct 19 16:20:42 2010] [info]
Good Afternoon Everybody,
I am not sure if it is the right forum to ask this question. If not
please guide me.
mod_ssl provides fabulous mechanism of doing client authentication. It
does so by issuing client certificates signed by your own CA
certificate ca.crt.
How we can use mod_ssl (
Hi folks. I'm *really* stumped here. If anyone has any
ideas, I would love to hear them. How can I debug this
further? I need more information that Apache + mod_ssl
is giving me right now.
All version information and configuration detail is after
this next paragraph.
Works: SSL via my
Hello Gunner,
Have you tried
--enable-ssl --with-ssl=/path/to/just/compiled/openssl ?
Regards,
Gregg
Gunner Geller wrote:
Hello,
We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
separate from the default install. We have also rolled our own OpenSSL to
the latest
In our Apache conf file, we have the following directives:
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite
ALL:!DH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eNULL:!aNULL
When we use a browser (Internet Explorer, or Firefox) to connect, it will work
if we have both SSLv3 and TLSv1
Thanks,
Why didn't I check that? Well, I made it validate correctly by doing a very
strange and not usable workaround. I believe something is broken.
I followed your suggestion and posted a more complete entry to the
us...@httpd.apache.org list. I will file a bug report if no one can point out
I still don't get it. I used Wireshark and found out that the certificate sent
to the OCSP-responder is the CA-cert, not the client-cert to be validated! I am
clueless.
Online Certificate Status Protocol
tbsRequest
requestList: 1 item
Request
reqCert
On Tue, Aug 17, 2010 at 12:47:26PM +0200, Ulf Wahlqvist wrote:
I still don't get it. I used Wireshark and found out that the
certificate sent to the OCSP-responder is the CA-cert, not the
client-cert to be validated! I am clueless.
The code tries to verify each cert in the client cert chain
I have now verified that if I use openssl directly from command line it will
verify OK. Apparently there is no need for signing the request.
openssl ocsp -issuer /usr/local/apache2/conf/SITHS_CA_v3.cer -CAfile
/usr/local/apache2/conf/SITHS_CA_v3.cer -cert /mnt/download/uwcert.cer -text
-url
Hi
I'm trying to get Apache to do Client certificate verification with
OCSP-validation.
It works without OCSP, but OCSP-validation fails when I turn it on.
The error is OCSP_check_validity:status too old, but that doesn't make sense
because the clocks are within 2 seconds.
The client
Hello,
Adding Location around SSLVerifyClient and SSLVerifyDepth is causing my
mutual
authentication to fail with a ssl_error_handshake_failure_alert message. I
can't seem to determine what might be causing this. I'll just jump right to
the code below:
[WORKS]
Excerpting my
Hello,
here are the facts about our mirror:
* URL of mirror: http://artfiles.org/modssl.org
* URL of mirror: ftp://artfiles.org/modssl.org
* Hosting institution, country and city where the mirror is located:
Artfiles New Media GmbH, Hamburg, Germany
* Contact email address: mir...@artfiles.org
*
HI!
For security reasons I'm using env var SSL_SESSION_ID to cross-check the
application's session ID with the SSL session ID in my web application. This
works without any issues on my openSUSE boxes. Browser is Seamonkey 2.0.4.
But I have problems with Apache 2.2.3 shipped with
Red Hat
I will be out of the office starting Sat 08/05/10 and will not return until
Mon 17/05/10.
I will respond to your message when I return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
hey guys,
I hope you're all doing fine. I need a little support here on ssl client
verification, tell me please if this is not the right place.
I need to check for specific extensions field value from x509 client
certificates to grant access to defined users.
I read this could be possible
Hi
I recently found a patch for mod_ssl trunk
(http://svn.apache.org/viewvc?view=revisionrevision=779005) and it is
in 2.3.5-alpha the SSL_SESSION_RESUMED, that is Initial or Resumed
SSL Session. Note: multiple requests may be served over the same
(Initial or Resumed) SSL session if HTTP
How do I get rid of these errors?
FIPS Openssl 1.2
[Thu
Apr 29 15:41:22 2010] [notice] Operating in SSL FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 bit
RSA
private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init:
Skipping
How do I get rid of these errors?
FIPS Openssl 1.2
[Thu Apr 29 15:41:22 2010] [notice] Operating in SSL FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary 512 bit
RSA private key in FIPS mode
[Thu Apr 29 15:41:22 2010] [error] Init: Skipping generating temporary
Hi,
That is not a bug, it is a feature! With the TLS renegotiation there
is a theoretical man-in-the-middle-attack possible. To prevent that
the developers decided to deactivate the TLS renegotiation.
Solution: use SSLInsecureRenegotiation on
Hello,
In a host where client certificate is optional and in some directories
requirement. Server is SNI, and this configuration works fine before
SNI.
VirtualHost *:443
SSLVerifyClient optional
Location /certrequirement
SSLVerifyClient require
/Location
...
I use SNI client (firefox) with
I updated the patch. The most recent version is now available at
http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_31-1_3_41-v4.patch
In addition to the v3 version of the patch, it now also contains a
backport of the SSLInsecureRenegotiation directive introduced in Apache
Hi,
I've set up a SVN with access via apache with and without SSL. I like to
confire that anoymous users have ro-access to the svn via http and https
and authenticated users have rw-access only via https.
I've seen a few examples on the internet where this has been made by
adding
I will be out of the office starting Wed 17/02/10 and will not return until
Thu 18/02/10.
I will respond to your message when I return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
On 02/17/2010 02:08 AM, NT984 wrote:
I am converting from a Verisign SSL Certificate to a Network Solutions EV SSL
Cert on my site. My existing configuration uses the following directives:
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
SSLCertificateFile
I am converting from a Verisign SSL Certificate to a Network Solutions EV SSL
Cert on my site. My existing configuration uses the following directives:
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
SSLCertificateFile /etc/apache2/ssl.crt/my.blah.com.cert
I found a solution, it looks like a dirty hack and making a security
hole, but it works for our custom purposes. So I don't recommend to use
this way. Somehow it may be interested for somebody.
It's needed to patch openssl.
In 'openssl/ssl/ssl_cert.c' file, in 'ssl_verify_cert_chain' function
Hi all!
I have an https server with apache/2.2.12+mod_ssl/2.2.14 and OpenSSL/0.9.8g.
I want to perform authentication based on client S/MIME certificates.
Clients have certificates with only the following purposes:
- S/MIME signing
- S/MIME encryption
But no SSL client or SSL server.
So I'm
The Apache Group is pleased to announce the legacy release of the 1.3.42 version of the Apache HTTP
Server.
This version of Apache is principally a security release.
__
Apache Interface to OpenSSL (mod_ssl)
I wouldn't expect an update until it's in sync with the final 0.9.8m from
the group, as a (probably final) update. Without 0.9.8m finished, due to
an unfinished RFC, it's a bit trickier to move ahead.
On 2/5/2010 6:19 AM, Bernard PREVOSTO wrote:
The Apache Group is pleased to announce the
When using SSLVerifyClient optional is there a way (or are there plans for
this) to redirect when mod_ssl detects a revoked certificate? What about
setting $_SERVER[SSL_CLIENT_VERIFY] == FAIL just as it is when no
certificate is installed? In other words, why should the action be any
different
I proposed this a while back but never got any responses.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46897
-Original Message-
From: owner-modssl-us...@modssl.org [mailto:owner-modssl-us...@modssl.org]
On Behalf Of Jaz
Sent: Friday, January 22, 2010 9:11 AM
To:
Thanks so much for your tip. Now I have a much better understanding of
the problem.
Aaron
Hello,
I faced the same issue.
Actually, client authentication has been disabled on recent versions. It
has nothing to do with your configuration.
See (on my blog):
I'm trying to go through the most basic tutorials on mod_ssl and I'm
having a problem trying to get my server to issue a certificate request
for a particular URL. I'm listing my Apache and OpenSSL version
information.
# httpd -v
Server version: Apache/2.2.14 (Unix)
Server built: Dec 3 2009
Hello,
I faced the same issue.
Actually, client authentication has been disabled on recent versions. It
has nothing to do with your configuration.
See (on my blog):
http://www.phocean.net/2009/11/28/openssl-cve-2009-3555-security-fix-and-mod_ssl-client-authentication-breakage.html
and then :
Hi, Am Sorry for this message because it may get to you as supprise but it's
because of the situation of things right now. I want use this opportunity to
explain my problem. I was here in London on Vacation but yesterday thing
change because i was mugged at hotel am staying.
The worse of it is
On 29.12.2009 22:57, John Lightsey wrote:
On Mon, 2009-11-23 at 22:12 +0100, Rainer Jung wrote:
On 23.11.2009 18:57, John Lightsey wrote:
On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
Thanks again. I updated the patch:
On Mon, 2009-11-23 at 22:12 +0100, Rainer Jung wrote:
On 23.11.2009 18:57, John Lightsey wrote:
On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
Thanks again. I updated the patch:
http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41-v2.patch
The only changes
I will be out of the office starting Fri 25/12/09 and will not return until
Mon 04/01/10.
I will respond to your message when I return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
Hello,
here are the facts about our mirror:
* URL of mirror: http://artfiles.org/modssl.org
* Hosting institution, country and city where the mirror is located:
Artfiles New Media GmbH, Hamburg, Germany
* Contact email address: mir...@artfiles.org
* Update frequency: daily
* IP: 80.252.110.38
*
I am still stack with the same issue :
[Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL:
Handshake: start
[Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL:
Loop: before accept initialization
[Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1893):
I continue talking to myself about it.
Just to let people know that I submitted a bug to openSUSE, because it
took me less than 5 minutes to get a blank Debian virtual machine to
work with the exact same certificates, virtual host configuration and
browser.
There is definitely something
On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
Backport is not totally straightforward, because the original patches
use the filter architecture not present in Apache 1.3.
Any Feedback on the patch is welcome. Some additional debug output can
be activated by using -DRENEG_DEBUG.
On 23.11.2009 18:57, John Lightsey wrote:
On Sun, 2009-11-22 at 01:21 +0100, Rainer Jung wrote:
Backport is not totally straightforward, because the original patches
use the filter architecture not present in Apache 1.3.
Any Feedback on the patch is welcome. Some additional debug output can
Hi,
I backported the patch against CVE-2009-3555 from Apache trunk, 2.2 and
2.0 (proposed). The patch is available at
http://people.apache.org/~rjung/patches/cve-2009-3555_mod_ssl_2_8_21-1_3_41.patch
CVE-2009-3555 is about the Man in the Middle attack against HTTPS.
The patch disables the use
On Thu, Nov 19, 2009 at 03:19:00PM -0500, David Rosenstrauch wrote:
Hi. I'm tearing my hair out over an SSLRequire directive that doesn't
seem to be working. Can anyone help?
The directive is actually quite simple:
# Require SSL over non-obvious port 81 for SVN access
SSLRequire
On 11/20/2009 04:50 AM, Joe Orton wrote:
On Thu, Nov 19, 2009 at 03:19:00PM -0500, David Rosenstrauch wrote:
Hi. I'm tearing my hair out over an SSLRequire directive that doesn't
seem to be working. Can anyone help?
The directive is actually quite simple:
# Require SSL over non-obvious
Hi. I'm tearing my hair out over an SSLRequire directive that doesn't
seem to be working. Can anyone help?
The directive is actually quite simple:
# Require SSL over non-obvious port 81 for SVN access
SSLRequire %{SERVER_PORT} == 81
This is actually working fine when the client is a
Dear User List,
is there any plan to have a backport of Apache HTTPD Patch 2.2.15 (as an
alternative Workaround for the OpenSSL issue about Renegotiating
TLS-Connections) for mod_ssl in combination with Apache HTTPD 1.3?
Regards,
Jens Schoenershoven
I will be out of the office starting Fri 06/11/09 and will not return until
Mon 16/11/09.
I will respond to your message when I return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
LoadModule ssl_module modules/mod_ssl.so
SSLSessionCache shm:logs/ca(8192)
SSLCertificateFile conf/ca.crt
SSLCertificateKeyFile conf/ca.key
SSLEngine off
dbm shmht shmct does not fix the problem
tested on apache 2.2.13
__
Apache
Hello
I'm looking to proxy a site which has an SSL admin from a backend server
using mod_proxy and mod_proxy_ssl.
So far, any non-ssl traffic is being proxied perferctly, with urls fixed
with mod_proxy_html.
However, i'm yet to correctly proxy ssl traffic, and am not sure i
understand the best way
I have generated a CSR, sent it to Verisign and they sent me back a
cer file that I have renamed to public.crt. As per their support
instructions I installed their Intermediate CA
(https://knowledge.verisign.com/support/ssl-certificates-support/index?page=contentid=AR193)
My virtualhost
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robin escribió:
| My virtualhost configuration is as follows:
|
| SSLEngine on
| SSLCertificateFile /etc/apache2/public.crt
- ^
| SSLCertificateKeyFile /etc/apache2/private.key
| SSLCACertificateFile
Got it. Well, almost.
It seems that where my https connection was concerned, I was running with
AllowOverride None, so none of the rewrite directives in the .htaccess file
were being processed.
So I've solved this by 'opening up' my development machine by specifying on
all directories:
Well the AllowOverride manages what you are allowed to configure in
.htacces
Order deny, allow
deny from all
Allow from 127.0.0.1
This manage who can access these server from where.
In your case you can only access from 127.0.0.1 aka. localhost your
computer
See the docs for more details
Hi!
What is in your error log about that?
Mario
-Original Message-
From: owner-modssl-us...@modssl.org
[mailto:owner-modssl-us...@modssl.org] On Behalf Of glowkeeper
Sent: Sunday, July 19, 2009 9:38 PM
To: modssl-users@modssl.org
Subject: modssl - URL's under domain name not found
I
The error log says (for example):
[Mon Jul 20 09:40:21 2009] [error] [client 127.0.0.1] File does not exist:
/Library/WebServer/Documents/drupal/electric-heater-info, referer:
https://devel.cosyheart.com/
Actually, my original post is a bit misleading - the content is delivered
via drupal and a
I guess the rewriting is not turned on in the SSL vhost. Else there
should be a rewriting to a php file which works with PATH_INFO
You may check that out.
Mario
-Original Message-
From: owner-modssl-us...@modssl.org
[mailto:owner-modssl-us...@modssl.org] On Behalf Of glowkeeper
Sent:
Sounds good - I have checked that I'm loading mod_rewrite.so and tried
RewriteEngine On in the ssl vhost on the dev machine - but that didn't
work. So what else do I need to check regarding? I'm also confused why it
should then be working on my live machine when the config' files are almost
I am running modssl under apache 2.2.11 on my development server using mac os
x 10.5.
I have created self signed certificates using openssl for this machine.
https://devel works just fine.
https://devel/directory generates a 404 file not found error.
https://devel/anotherdirectory/etcetc also
I've got a website which uses Apache 2.2 as the front end with Tomcat
5.5.23 as the backend and am using mod_ssl and mod_proxy to link to the
two together in Windows server 2003. Normally there isn't an issue with
two servers serving the website but recently (and mainly with , it
appears, mobile
I will be out of the office starting Sat 27/06/09 and will not return until
Mon 20/07/09.
I will respond to your message when I return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
Iain:
Wow! Am I glad to hear from you! I've been wrestling with exactly this problem
- error on: OpenSSL: read 5/5 bytes from BIO - for a few weeks now; was
beginning to think I was losing my mind. (while we leave that possibility aside
for the moment(!),) here's what's different about our
Please remove my email from the list
Hello !
I want to setup a proxy, allowing my internal hosts to connect on
external https servers (which forces client authentication by using a
certificate).
Excerpt of my .conf :
# TEST
#ProxyPass /proxy/TEST/https://laposte.net
#ProxyPassReverse/proxy/TEST/
Hello,
im using client certificates to authenticate myself with FakeBasicAuth to my
webserver. This works quite fine.
But there is one case where it doesnt work. When i open my website and then
wait a little time (1-2 minutes) and then do a POST to upload a file i get an
[error] Re-negotiation
Hello,
I'm using apache 1.3.41 with latest mod_ssl. In my https I'm using squrrelmail
and, after sending an email (pressing the SEND button) I get a firefox error:
SSL peer was not expecting a handshake message it received.
(Error codei: ssl_error_handshake_unexpected_alert)
Has anyone had
Zhumabekov - discussion of mod_ssl for httpd 2.x takes place on the
deveopment list for Apache httpd, CC'ed. (I'm quoting the full mail
inline for reference of dev@ readers)
On Wed, May 06, 2009 at 10:49:46AM +0600, Zhumabekov Yerden wrote:
mod_ssl can perform client authentication
mod_ssl can perform client authentication on certificate in
Apache and client authorization on certain certificate extensions. We
are setting up CA here and we want to restrict access to certain website
by checking the presence of certain certificate extension using its OID.
The
Hello,
I consume web services from an outside-of-my-firewall SSL server that requires
clients to be SSL-authenticated (clients must pre-register). My application
server resides inside of my firewall. I would like to access the
aforementioned web services through a proxy in order to not
Hi, I have https working with Apache 2.2.11, but SSLRequireSSL seems to have
no effect -- I can still browse docs in the htdocs directory with straight
http or https.
Here's the section I added to httpd-ssl.conf, which is Included from
httpd.conf. No .htaccess files exist.
Directory
I have a self signed ca, with multiple sub-ca's.
root
-sub-ca1
-sub-ca2
-server
I sign client certificates with either -sub-ca1 or -sub-ca2, and use server
to sign certificates for the actual website. So in my apache config, i have
this:
SSLEngine on
SSLOptions +stdEnvVars
Hi,
Same setup as works with both subCAs. Use the SSLRequire directive. Restrict on
the client certs issuer field (SSL_CLIENT_I_DN...).
Regards
Matt
- Original Message
From: leanmeandonothingmachine leanmeandonothingmach...@gmail.com
To: modssl-users@modssl.org
Sent: Thursday,
thanks that works, a little tricky if you want to use SSLVerifyClient
optional, as it 403s everything in that case instead just not filling in the
client variables. But I can always do that programmaticaly if I need it.
--
View this message in context:
thanks that works, a little tricky if you want to use SSLVerifyClient
optional, as it 403s everything in that case instead of just not filling in
the client variables. But I can always do that programmaticaly if I need it.
--
View this message in context:
Hi All,
I switched my LogLevel to info and noticed this error in the logs:
[client ::1] (70007)The timeout specified has expired: SSL input
filter read failed.
Furthermore, when I do a graceful restart, I get this error:
[client ::1] SSL library error 1 in handshake (server localhost:443)
Hello,
I am a stunnel user, which implements code from mod_ssl for
certificate/CRL verifications.
I noticed a strange behaviour when verifying a CRL which uses the
ssl_callback_SSLVerify_CRL function of mod_ssl :
If the CRLfile is not a valid CRL, stunnel starts and ignores the CRLfile.
Then, for
I've been asked to implement a somewhat strange setup. We are going to handle
ssl decryption on the load balancer then forward the connections to either an
IIS or Apache server. I'm tasked with configuring the Apache servers. I need to
be able to use multiple certs but I'm not sure how.
hi,
i'm in the setup of a ssl-enabled apache2 server with mod_ssl - works
fine so far *but* when a client-browser opens multiple simulanous
connections for one page to the server the Client-Certificate gets
requested the same number of times from the user.
The corresponding
Hello,
I would like to do the following (Apache 2.2 config):
Directory /var/www/desert/storage/jctmirrorserver/dav/Service42
AuthUserFile /dev/null
#SSLOptions +ExportCertData +FakeBasicAuth
SSLOptions +FakeBasicAuth
#SSLRequire (%{SSL_CLIENT_S_DN_O} in {ClientO1, ClientO2})
AuthLDAPURL
Hi,
We are running a CA that has thousands of revoked certificates,
which leads to CRLs of several MBytes.
On the next nenewal of the CA, we are thinking of partitioning the
CRLs at each X number of issued certificates. The issued certificates
will have different CRL Distribution
Nuno Ponte a écrit :
Hi,
We are running a CA that has thousands of revoked certificates,
which leads to CRLs of several MBytes.
On the next nenewal of the CA, we are thinking of partitioning the
CRLs at each X number of issued certificates. The issued certificates
will have
Hi Gilles,
Thanks for your reply! :-)
The CA also offers OCSP, which is obviously the preferred way to
validate certificate status. I am just trying to make sure that there
is support from the applications world to such a CRL partitioning
scheme. Wide interoperability is a key goal.
Hi all,
i have a problem with an apache 2.2.9, maybe this is not the correct
mailing list but i am going to ask, my apologizes if this isn't the
properly place.
I had an instance of apache 2.2.9 with and IP serving contents with the
port 80 and 443, we bought a godaddy certificate and all went
Jorge Martín Cuervo a écrit :
Hi all,
i have a problem with an apache 2.2.9, maybe this is not the correct
mailing list but i am going to ask, my apologizes if this isn't the
properly place.
I had an instance of apache 2.2.9 with and IP serving contents with the
port 80 and 443, we bought
Hi Cuesta Guilles, thanks for your quickly reply. No i am going to read
the documentation about SSLPassPhraseDialog.
This is my apachectl -S output:
[EMAIL PROTECTED] bin]$ ./apachectl -S
VirtualHost configuration:
213.134.38.66:443 cv.smra.org
Jorge Martín Cuervo a écrit :
I tried with an SSLPassPhraseDialog in every VirtualHost and i get this
message:
[EMAIL PROTECTED] bin]$ ./apachectl -S
Syntax error on line 82
of /home/jmartin/apache22/conf/extra/httpd-ssl.conf:
SSLPassPhraseDialog cannot occur within VirtualHost section
or
I tried with an SSLPassPhraseDialog in every VirtualHost and i get this
message:
[EMAIL PROTECTED] bin]$ ./apachectl -S
Syntax error on line 82
of /home/jmartin/apache22/conf/extra/httpd-ssl.conf:
SSLPassPhraseDialog cannot occur within VirtualHost section
or unciphered key ? how can i do it? do
Hello,
Hopefully someone can help...
Environment:
Apache httpd 2.2 + mod_proxy + JK2 + mod_ssl -- JBoss (Tomcat 5.5)
IE 6/7 + WinXP Pro/Win 2003
Problem:
When a large file upload from a http form post reaches a max allowed
limit (e.g. 20Mb) on the server, the server returns a response (e.g.
in ssl_engine_vars, there seems to be a problem to me concerning the UID
field.
The syntax for the field is a bitstring and not a text.
static const struct {
char *name;
int nid;
} ssl_var_lookup_ssl_cert_dn_rec[] = {
{ C, NID_countryName},
{ ST,
Peter Sylvester wrote:
in ssl_engine_vars, there seems to be a problem to me concerning the UID
field.
The syntax for the field is a bitstring and not a text.
Nothing happened since I've filed this bug and raised the issue here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45107
It's
I will be out of the office starting Fri 10/10/08 and will not return until
Mon 27/10/08.
Je répondrai à votre message dès mon retour.
Cordialement.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
If a user is trying to authenticate himself with an SSL web server, he
needs to present a valid personal certificate, I understand. But what if
the purpose of the client certificate is not valid? I mean, for one
user's certificate, Mozilla SeaMonkey reports: This certificate has
been verified
Hi,
Asking every time does make it complicated. I can't remember if the firefox
default is to ask or auto supply (and it has changed behavior between 1/2/3
AFAIK), I have it as ask every time.
Anyway the ask every time FF behavior isn't very nice for users (auto supply is
probably fine for
Thank you very much Matt .
That solved it :).
I now have Client Certificate Authentication working with a CA signed
certificate and a Self Signed CA which in turn signs client certs.
If i can only ask for a bit more advice regarding this setup ?.
Although I think this problem might be Firefox
1 - 100 of 14612 matches
Mail list logo