I made the tests with IE from at least 4 different computers, located in
networks from 3 different ISP's.
Yes, the connection is done, because ith shows up instantly with
tail -f /var/log/apache/ssl_engine_log
I am running Apache 1.3.37 and openssl 0.9.8b from Slackware-current
packages. I
If IE allows you might change the protocl or cipher
used (apache config also you to adjust order). Using
curl i noticed somethign funky (some of the times)
with ssl2 that did not appear with ssl3 (curl at
least does not capture the full data). Not sure if
this was a problem with curl, openssl or
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of BB
Sent: Friday, October 06, 2006 11:18 AM
To: modssl-users@modssl.org
Subject: Re: Encripted page would not load into IE
I made the tests with IE from at least 4 different computers, located in
networks from
BB said:
I made the tests with IE from at least 4 different computers, located in
networks from 3 different ISP's.
Yes, the connection is done, because ith shows up instantly with
tail -f /var/log/apache/ssl_engine_log
Sounds weird. You could try installing an HTTP capture tool like IE
, October 06, 2006 11:18 AM
To: modssl-users@modssl.org
Subject: Re: Encripted page would not load into IE
I made the tests with IE from at least 4 different computers, located in
networks from 3 different ISP's.
Yes, the connection is done, because ith shows up instantly with
tail -f /var/log
I made the tests with IE from at least 4 different computers, located in
networks from 3 different ISP's.
Yes, the connection is done, because ith shows up instantly with
tail -f /var/log/apache/ssl_engine_log
Sounds weird. You could try installing an HTTP capture tool like IE Watch
and
Toomas Aas wrote:
I was thinking of putting this large block of directives into separate
file and Include it in both vhost sections, to tidy up my main config
file. But in order to do that, I would need to define some logic in this
file for those cases where http and https need to be
Hi,
I am facing below problem causing performance deterioration:
[Fri Sep 15 15:09:17 2006] [error] mod_ossl: SSL call to NZ function
nzos_Handshake failed with error 28864 (server apssrv.com:443, client
xxx.xxx.x.xxx)
[Fri Sep 15 15:09:17 2006] [error] mod_ossl: SSL IO error [Hint: the
Make sure you have these statements in your httpd.conf:
LoadModule ssl_module modules/mod_ssl.so
IfModule mod_ssl.c
Include conf/ssl.conf
/IfModule
As for your ssl.conf, there are couple things that could be tripping you
up, you can try posted a scrubbed version if you'd like, but the first
On Thu, Aug 31, 2006 at 09:17:10AM -0400, Patrick Patterson wrote:
On Thursday 31 August 2006 09:14, Patrick Patterson wrote:
(I'll probably take this over to modssl-devel, but since you asked, I
thought that I would bring it up here.)
Hmm - I thought there WAS a developers mailing
Hi There:
The limitations of mod_ssl for path validation are further than what you have
described, in that it also cannot perform policy mapping up the entire
certificate chain, and also has no concept of how to deal with AIA or SIA
fields. I'm not sure where the developers are in terms of
On Thursday 31 August 2006 09:14, Patrick Patterson wrote:
(I'll probably take this over to modssl-devel, but since you asked, I
thought that I would bring it up here.)
Hmm - I thought there WAS a developers mailing list, but apparently I was
mistaken - so I guess I have to ask is this the
VirtualHost 209.1.0.0:443 192.1.1.0:443
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of DEVAL SHAH
Sent: Thursday, July 27, 2006 2:06 PM
To: modssl-users@modssl.org
Subject: Apache and multiple IP address
Hello,
I just configured Apache to use SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 23 Jun 2006, Arsen Hayrapetyan wrote:
Hello,
I am trying to install mod_ssl-2.8.27-1.3.36
and I've faced the following problem when I do 'make' in the
the directory where the apache's source resides:
gcc -DLINUX=22
On Tue, Jun 06, 2006 at 03:36:37PM -0400, Paul D. Robertson wrote:
I'm trying to get mod_proxy to work as an SSL proxy using a client
certificate on the proxy to connect to a backend IIS server that's set up
to use any client certificate signed by my OpenSSL-based CA.
If I use a browser
On Wed, 7 Jun 2006, BJ Swope wrote:
From everything I've heard and read, mod-proxy will not proxy HTTPS on the
back like what you are asking. You can have HTTPS on the front end but not
on the back. It will have to be HTTP to the back.
If you get this working I would LOVE to hear how you
Guess I've been hearing wrong for 3 years now ;)
Time to go digging...On 6/8/06, Paul D. Robertson [EMAIL PROTECTED] wrote:
On Wed, 7 Jun 2006, BJ Swope wrote: From everything I've heard and read, mod-proxy will not proxy HTTPS on the back like what you are asking.You can have HTTPS on the front
Hi Diarmuid:
On Wednesday 07 June 2006 14:50, Diarmuid Curtin wrote:
Hi,
How does MOD_SSL call OpenSSL for the purpose of Certificate Verification?
I have a certificate which has the critical extension 'Name Constraints',
when I parse the cert with OpenSSL 0.9.8(b) it seems OpenSSL
Hi Patrick -
I agree, it acting in accordance to the RFC - any critical extensions it does not understand, it rejects.
Seems to me that name constraint handling marked as critical would be nice to have...
DC
On 6/7/06, Patrick Patterson [EMAIL PROTECTED] wrote:
Hi Diarmuid:On Wednesday 07
>From everything I've heard and read, mod-proxy will not proxy HTTPS on
the back like what you are asking. You can have HTTPS on the
front end but not on the back. It will have to be HTTP to the
back.
If you get this working I would LOVE to hear how you got it done
On 6/6/06, Paul D.
Hi Cliff,
Cliff Woolley wrote:
You're doing IP-based virtual hosting, not named-based virtual hosting.
(You only have one virtual host per IP/port combination.) Thus you
don't need NameVirtualHost. If you scroll down in the page you gave,
you'll see an example of IP-based virtual hosting,
Hi Ron,
R. DuFresne wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm sure this has been answered, but in case it has not;
You can not virtualize https to more then one hostsite, you have to have
real IP addresses for https.
Thanks for your reply.
I understand your confusion. In
On 5/30/06, Frank van Beek [EMAIL PROTECTED] wrote:
I understand your confusion. In my post I masked out the first twonumbers of the IP-addresses.But we do have 4 VirtualHosts on 4 different IP-addresses. As it turnedout (see a previous post), our problem was caused by a misconfigured
reverse DNS.
Hey Cliff,
Cliff Woolley wrote:
On 5/30/06, *Frank van Beek* wrote:
I understand your confusion. In my post I masked out the first two
numbers of the IP-addresses.
But we do have 4 VirtualHosts on 4 different IP-addresses. As it turned
out (see a previous post), our problem
On 5/30/06, Frank van Beek [EMAIL PROTECTED] wrote:
I checked a couple of pages on VirtualHosts in the Apache documentation.As far as I can see in the examples in most of them there aNameVirtualHost for every VirtualHost, even when it's running on adifferent port.
See the examples here:
Hi all,
Frank van Beek wrote:
Hi all,
This morning we migrated 4 of our websites to a new server. Each of
these websites uses a certificate for https connections. We've got only
one Apache instance running with 4 virtual hosts on 4 different
IP-addresses.
Today we discovered the cause of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm sure this has been answered, but in case it has not;
You can not virtualize https to more then one hostsite, you have to have
real IP addresses for https.
Thanks,
Ron DuFresne
On Wed, 24 May 2006, Frank van Beek wrote:
Hi all,
This
I upgraded an old installation of apache 1.3.26 with Openssl
0.9.6/mod_ssl-2.8.10 to OpenSSL
0.9.8b/mod_ssl-2.8.27 + Apache 1.3.36, but it seems that mod_ssl is still
compling against 0.9.6.
When I do a GET the server returns:
Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.6
Even
or another question does someone have a complet UBER noob step be step
guide to install mod_ssl on a apache1.3.36 with php4.4.2 and mysql
4.1.19-standart log?
But must be a real uber noob step be step, becouse im even below an uber
noob status.
Okay got everthing working. Except images.
On any page what uses images they dont show.
They show perfect in http but not in https.
the call is: https://xxx/image.gif
if I paste the image into the browser direct it shows, but not via the
page? any hint ?
oops found it.. rewrite in .htaccess :)
forgot to ad https :)
Markus wrote:
Okay got everthing working. Except images.
On any page what uses images they dont show.
They show perfect in http but not in https.
the call is: https://xxx/image.gif
if I paste the image into the browser direct it
GET request, SSL handshake occurs without the
server requesting for certificate, then I see that the HTTP GET request
coming through to HTTP layer and then the server initiates another SSL
handshake(re-negotiation) during which the server is requesting for the
client certificate.
My client
Phil Ehrens wrote:
Markus wrote:
Phil Ehrens wrote:
Markus wrote:
Made all the ca.key and the server.key and sign it via sign.sh everthing
looked good so far.
then the misery begins.
./configure --with apache... --with-ssl --with-mm
Markus wrote:
Phil Ehrens wrote:
Markus wrote:
Phil Ehrens wrote:
Markus wrote:
Made all the ca.key and the server.key and sign it via sign.sh everthing
looked good so far.
then the misery begins.
./configure
Markus wrote:
Made all the ca.key and the server.key and sign it via sign.sh everthing
looked good so far.
then the misery begins.
./configure --with apache... --with-ssl --with-mm
--with-crt=/var/local/certs --with -key=/var/local/private
--prefix=../apache_1.3.35
Phil Ehrens wrote:
Markus wrote:
Made all the ca.key and the server.key and sign it via sign.sh everthing
looked good so far.
then the misery begins.
./configure --with apache... --with-ssl --with-mm
--with-crt=/var/local/certs --with -key=/var/local/private
Markus wrote:
Phil Ehrens wrote:
Markus wrote:
Made all the ca.key and the server.key and sign it via sign.sh everthing
looked good so far.
then the misery begins.
./configure --with apache... --with-ssl --with-mm
--with-crt=/var/local/certs --with -key=/var/local/private
Phil Ehrens wrote:
Markus wrote:
Phil Ehrens wrote:
Markus wrote:
Made all the ca.key and the server.key and sign it via sign.sh everthing
looked good so far.
then the misery begins.
./configure --with apache... --with-ssl --with-mm
FYI - if you are asking, there's no announce yet since 1.3.36 simply fixes
the Include directive regressions introduced in 1.3.35, if you either nested
your Include directive in a Something /Something block, or you used the
wildcard match for your Include directive. It will be some time before
Joe Orton wrote:
On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
On Tue, Apr 04, 2006, Love Hörnquist Åstrand wrote:
(gdb) bt
#0 CRYPTO_get_ex_data (ad=0xe8, idx=137019688) at ex_data.c:628
#1 0x4035c035 in SSL_get_ex_data (s=0x1, idx=296) at ssl_lib.c:2220
Looks
8 maj 2006 kl. 10.09 skrev Joe Orton:
On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
On Tue, Apr 04, 2006, Love Hörnquist Åstrand wrote:
(gdb) bt
#0 CRYPTO_get_ex_data (ad=0xe8, idx=137019688) at ex_data.c:628
#1 0x4035c035 in SSL_get_ex_data (s=0x1, idx=296) at
On Fri, May 05, 2006, William A. Rowe, Jr. wrote:
Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
I didn't see any feedback, do any of the Apache guru's have comments? Any
clarifications? (I hope I made the specifics clear enough, below.)
Hmmm... the cleanup is done in
Ralf S. Engelschall wrote:
On Fri, May 05, 2006, William A. Rowe, Jr. wrote:
Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
I didn't see any feedback, do any of the Apache guru's have comments? Any
clarifications? (I hope I made the specifics clear enough, below.)
On Mon, May 08, 2006 at 08:58:42AM +0200, Ralf S. Engelschall wrote:
On Tue, Apr 04, 2006, Love Hörnquist Åstrand wrote:
(gdb) bt
#0 CRYPTO_get_ex_data (ad=0xe8, idx=137019688) at ex_data.c:628
#1 0x4035c035 in SSL_get_ex_data (s=0x1, idx=296) at ssl_lib.c:2220
Looks like
Please rmove me from your list"Ralf S. Engelschall" [EMAIL PROTECTED] wrote: On Fri, Feb 10, 2006, William A. Rowe, Jr. wrote: The following patches mop up some unnecessary compile warnings, when the functions are properly decorated. It's been sitting in my drafts waiting for a subscription to go
D i have to report you as spam or what please remove! THANKYOU"William A. Rowe, Jr." [EMAIL PROTECTED] wrote: Ralf S. Engelschall wrote: On Fri, May 05, 2006, William A. Rowe, Jr. wrote: Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)I didn't see any feedback, do any of the
Ping, in anticipation of a 2.8.26 for 1.3.35 (are we expecting one?)
I didn't see any feedback, do any of the Apache guru's have comments? Any
clarifications? (I hope I made the specifics clear enough, below.)
Yours,
Bill
William A. Rowe, Jr. wrote:
Maintainers,
This patch addresses a
On Wed, Apr 26, 2006 at 01:12:50PM +0800, Ken Chen wrote:
FYI.
We had to choose to test that by using other versions and we found
that the problem is resolved if we downgrade to 2.0.50.
Was this an exhaustive search: 2.0.51 failed but 2.0.50 worked? That
would be a little surprising: there
I am not sure. The version I encountered problem is 2.0.55.
On 4/26/06, Joe Orton [EMAIL PROTECTED] wrote:
On Wed, Apr 26, 2006 at 01:12:50PM +0800, Ken Chen wrote:
FYI.
We had to choose to test that by using other versions and we found
that the problem is resolved if we downgrade to
Every item the browser requests, such as images, comes from a unique/distinct connection.
So the links to the other web servers will result in independent
connections to the other web servers. So you should be good to go.
On 4/24/06, Vishwas [EMAIL PROTECTED] wrote:
Hello there,I have few
The first hit is going to be pretty expensive on the client, since it has
to negotiate four different sets of keys. Subsequent requests will be
better, but still take a bit of overhead on the client to decrypt each
connction pseduo-simultaneously.
Perhaps a better plan would have been to create
remove now!BJ Swope [EMAIL PROTECTED] wrote: Every item the browser requests, such as images, comes from a unique/distinct connection.So the links to the other web servers will result in independent connections to the other web servers. So you should be good to go. On 4/24/06, Vishwas [EMAIL
FYI.
We had to choose to test that by using other versions and we found
that the problem is resolved if we downgrade to 2.0.50.
Ken
On 4/22/06, Ken Chen [EMAIL PROTECTED] wrote:
FYI.
I have tried to test upload with Firefox. But it turns out that it
fails too. Then, it might not be only a
On Fri, Apr 21, 2006 at 10:23:24AM +0800, Ken Chen wrote:
Cliff,
I have reset the timeout to 600, but the problem remains. I wonder
whether it's the timeout problem because the problem appears
immediately after presssing Upload!
Sometimes the problem is Page can't be displayed; sometimes
Hi Joe,
We are using 2.0.55 already. Is it already include that patch?
Ken
On 4/21/06, Joe Orton [EMAIL PROTECTED] wrote:
On Fri, Apr 21, 2006 at 10:23:24AM +0800, Ken Chen wrote:
Cliff,
I have reset the timeout to 600, but the problem remains. I wonder
whether it's the timeout
ic. Thanks so much. I will apply that patch and see what is going on later.
On 4/21/06, Joe Orton [EMAIL PROTECTED] wrote:
On Fri, Apr 21, 2006 at 03:19:35PM +0800, Ken Chen wrote:
Hi Joe,
We are using 2.0.55 already. Is it already include that patch?
No, it will be in 2.0.56 and
Joe,
Do you mind telling me how to apply the patch? Type command as follow?
patch -s .patch
Do I need to stop the httpd server? or recompile or anything else?
Thanks.
On 4/21/06, Ken Chen [EMAIL PROTECTED] wrote:
ic. Thanks so much. I will apply that patch and see what is going on
I think the first thing you need to do is connect to this URL
from someplace that doesn't have any certs related to you
installed, like your local library:
https://www.hill.af.mil/main/index.html
I am not trying to be funny, I am just worried that either you
are going to get yourself into
...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phil Ehrens
Sent: Friday, April 21, 2006 11:11 AM
To: modssl-users@modssl.org
Subject: Re: CRL Checking Uses Excessive Memory
I think the first thing you need to do is connect to this URL
from someplace that doesn't
Hi Rob,
I also work for the DoD and am using the same CRLs as you (downloaded and
converted on a daily basis). We're running a Linux webserver with a single
1.8Ghz Celeron, 512MB of RAM, and 1GB of swap.
I haven't noticed any memory issues when checking CRLs.
My Apache server starts multiple
FYI.
I have tried to test upload with Firefox. But it turns out that it
fails too. Then, it might not be only a MSIE issue.
On 4/22/06, Ken Chen [EMAIL PROTECTED] wrote:
Hi,
My colleague has helped to deploy the patch and the ssl vhost has been
configured as follow:
VirtualHost test:443
Hi, Cliff,
The below is the error in ssl-error_log when I am trying to save a large image:
[Thu Apr 20 16:55:36 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/O
error, 5 bytes expected to read on BIO#81f94a8 [mem: 81f9640]
[Thu Apr 20 16:55:36 2006] [info] (70007)The timeout specified has
On 4/20/06, Ken Chen [EMAIL PROTECTED] wrote:
[Thu Apr 20 17:04:46 2006] [debug] ssl_engine_io.c(1523): OpenSSL: I/Oerror, 5 bytes expected to read on BIO#81d53d8 [mem: 81eeef8]Just like it sounds from the message, this error occurs when the call to SSL_read() in ssl_io_input_read() fails with the
Cliff:
It's been set as the default one: 300.
I wonder how many I need to set, say possibly my application has the
functionality of uploading attachment, max 2.5MB.
I have tried to search everywhere for solution for the same problem
(ssl_engine_io.c OpenSSL: I/O error). I surprisingly found
Cliff,
I have reset the timeout to 600, but the problem remains. I wonder
whether it's the timeout problem because the problem appears
immediately after presssing Upload!
Sometimes the problem is Page can't be displayed; sometimes it is
what I mentioned at the very beginning that file can't
Hi Cliff,
Thanks for your advice.
Now seems when uploading big file has problem in ssl. When I upload a
3K image file, it's ok. But when I upload a 35K image file. It
failed.
Is there any place to set the cache/buffer? Or I have to set
SSLSessionCache and SSLSessionCacheTimeout?
By the
On 4/19/06, Ken Chen [EMAIL PROTECTED] wrote:
Now seems when uploading big file has problem in ssl.When I upload a3K image file, it's ok.But when I upload a 35K image file.Itfailed.Ah, I see.
Is there any place to set the cache/buffer?Or I have to setSSLSessionCache and SSLSessionCacheTimeout?You
On 4/18/06, Ken Chen [EMAIL PROTECTED] wrote:
1.If users access our server via https:// through the webserver, it fails to upload.Backend source encounteredNullPointerException when accessing the FileItem requested.2.But if users access our server via http://... through the web
server, there
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Greetings
Oliver
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von Olaf Gellert
Gesendet: Mi 05.04.2006 14:08
An: modssl-users@modssl.org
Betreff: mod_ssl: SSLRequire
I try to do X.509 client
Do you have some lines like
ifmodule mod_ssl.c or ifmodule ssl_module
before the sslcache entry ?
I have to put this out of my ssl-config before it worked.
Greetings
Oliver
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von L. Steinbrügger - Fa. Rameder
Gesendet: Mi
[EMAIL PROTECTED] wrote:
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Good idea, but this is set already (otherwise the
client would not authentify with the certificate)
for this virtual host. Moving it into the directory
section does not change anything either. And
[EMAIL PROTECTED] wrote:
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Good idea, but this is set already (otherwise the
client would not authentify with the certificate)
for this virtual host. Moving it into the directory
section does not change anything either.
[EMAIL PROTECTED] wrote:
How deep is VerifyDepth ?
I guess this is the wrong direction of error checking.
VerifDepth and VerifyRequire are used in evaluating the
certificate chain on SSL connection establishment, the
SSLRequire expression is evaluated after the HTTP request
is successfully
Hello,
We are running 2.8.25-1.3.34 with openssl 0.9.7g. When using
client authentication we have crashes in ssl_callback_SSLVerify
relasted calls. Please see backtrace below.
The last entires in the log before the child httpd starts crashing is:
Awaiting re-negotiation handshake
Have anyone
Thomas Binder schrieb:
SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} = 128 )
with this option, the user gets no https connection if he has
128 bit. but the user should get a error page. so it must be
possible to establish a connection with 128 bit but redirected
to the error page.
Try the
Well, I think as Apache2 is the root, you path is wrong for the
certificate file, as the error shows, you config should be as follows:
VirtualHost server-ip-address:443
SSLEngine On
SSLCertificateFile conf/ssl/servername.cert
SSLCertificateKeyFile conf/ssl/servername.key
/VirtualHost
Hello. Thanks for your input. I have tried your suggestion already and it
yielded the same Syntax error as mentioned below and the
SSLCertificateFile error was as follows:
SSLCertificateFile: Invalid file path conf/ssl/servername.cert
- Asad
On Wed, 8 Mar 2006, Kevin Smith wrote:
Well, I
Probably the best think to do is add the absolute path to the files as:
SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
The above paths are assumed to be correct.
Kevin
Asad Habib wrote:
Hello. Thanks
Kevin Smith schrieb:
Probably the best think to do is add the absolute path to the files as:
SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
If this still does not work try to surround the path with
Hi. Okay, I tried the absolute paths and now I am experiencing the
following error:
SSLCertificateFile takes one argument, SSL Server Certificate file
['/path/to/file/' - PEM or DER encoded]
What does this mean?
I also tried delimiting the paths with quotes but that yielded an invalid
file
Yep, as Eckard said, try surrounding the path with .
I know if you typed the cd command to get to the path C:/Program
Files/Apache2/conf/ssl/.cert in a Cmd DOS prompt, it would produce an
error. Surrounding the path with would then execute the cd command
successfully.
Regards,
Kevin
Ok, try the following 3 examples and let me know how it goes.
C:\Program Files\Apache2\conf\servername.cert
C:\\Program Files\\Apache2\\conf\\servername.cert
C://Program Files//Apache2//conf//servername.cert
Kevin
Asad Habib wrote:
Hi Kevin. I already tried this but it did not work. I got an
On Mar 8, 2006, at 2:50 PM, Kevin Smith wrote:
Ok, try the following 3 examples and let me know how it goes.
C:\Program Files\Apache2\conf\servername.cert
C:\\Program Files\\Apache2\\conf\\servername.cert
C://Program Files//Apache2//conf//servername.cert
Kevin
Asad Habib wrote:
Hi Kevin. I
Hi. I tried all of these but I am still receiving the same error.
- Asad
On Wed, 8 Mar 2006, Kevin Smith wrote:
Ok, try the following 3 examples and let me know how it goes.
C:\Program Files\Apache2\conf\servername.cert
C:\\Program Files\\Apache2\\conf\\servername.cert
C://Program
Permissions?
Hi. I tried all of these but I am still receiving the same error.
- Asad
On Wed, 8 Mar 2006, Kevin Smith wrote:
Ok, try the following 3 examples and let me know how it goes.
C:\Program Files\Apache2\conf\servername.cert
C:\\Program Files\\Apache2\\conf\\servername.cert
Eckard Wille wrote:
Kevin Smith schrieb:
Probably the best think to do is add the absolute path to the files as:
SSLCertificateFile C:/Program Files/Apache2/conf/ssl/servername.cert
SSLCertificateKeyFile C:/Program Files/Apache2/conf/ssl/servername.key
If this still does not work try to
Hi. Thanks for your input. By placing a tilde between Program and Files to
bridge the space, the path was recognized as a valid one when placed in
double quotes. However, the certificate is still inaccessible.
- Asad
On Wed, 8 Mar 2006, Ken Schweigert wrote:
On Mar 8, 2006, at 2:50 PM,
If this is Win XP try looking at protections. Does Apache have the
right to read the file?
[EMAIL PROTECTED] wrote:
Permissions?
Hi. I tried all of these but I am still receiving the same error.
- Asad
On Wed, 8 Mar 2006, Kevin Smith wrote:
Ok, try the following 3 examples and let me
Hello. I have modified permissions so that any user can access both the
cert and key file. Offcourse, I will change this once I get SSL running.
- Asad
On Wed, 8 Mar 2006, [EMAIL PROTECTED] wrote:
Permissions?
Hi. I tried all of these but I am still receiving the same error.
- Asad
Hi:
My question relates to the possibility of selectively enabling digital
encryption vs. digital signing when using the mod_ssl with Apache 2.0.
The motivation for the tradeoff is due to performance.
So ideally, we might want to enable a client to login using a secure
form over https
On 07 February 2006 at 22:02:43, in message
[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
On 2/7/06, Gordon Ross [EMAIL PROTECTED] wrote:
I've got a Linux box with OpenSSL 0.9.8a installed (configured with
threads, zlib shared) I then configured and installed Apache
2.0.55
with SSL support
On 07 February 2006 at 22:30:21, in message
[EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
Or upgrade to 2.2, which fixes this problem ;)
I had a quick go at that, but got build errors. Anyway, as the
--enable-ssl=static worked for 2.0.55, and I'm not a great fan of .0
releases I'm not too worried
Yes, the path is correct -- I triple checked it!
Possible issues -- this is running on a virtual server, so I guess the
given root isn't the real root, and maybe it's getting confused.
Or maybe... it's not clear which file it's not finding. In my google
search I found some semi-related posts
On 2/7/06, Gordon Ross [EMAIL PROTECTED] wrote: I've got a Linux box with OpenSSL 0.9.8a installed (configured with threads, zlib shared) I then configured and installed Apache
2.0.55 with SSL support (configure --enable-ssl --enable-mods-shared=all) When I try and start Apache, (httpd -D SSL)
On Tue, Feb 07, 2006 at 05:02:43PM -0500, Cliff Woolley wrote:
On 2/7/06, Gordon Ross [EMAIL PROTECTED] wrote:
I've got a Linux box with OpenSSL 0.9.8a installed (configured with
threads, zlib shared) I then configured and installed Apache 2.0.55
with SSL support (configure --enable-ssl
On 2/7/06, Liam Kirsher [EMAIL PROTECTED] wrote:
[07/Feb/2006 11:57:08 25653] [error] OpenSSL: error:02001002:system library:fopen:No such file or directory
Are you sure the path is correct? Is the path relative or absolute as you indicated in your post?
-- But we also know the dangers of a
On 1/30/06, Cliff Woolley [EMAIL PROTECTED] wrote:
On 1/30/06, Konstantin N. Bezruchenko [EMAIL PROTECTED] wrote: Because we already have password-protected certificates, and as i know we cant remove password protection from existing certificate.
That's not correct.Your certificate is not password
On 1/28/06, Konstantin N. Bezruchenko [EMAIL PROTECTED] wrote:
Greetings,I need setup new virtualhost with ssl certificate, and i dont want enterpasswords every time when apache restarts. When i have only onecertificate i use:SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl
I try set two
Greetings,
BJ Swope wrote:
So how can i use SSLPassPhraseDialog for 2 certificates what require
passwords?
Why not save the certificates without passphrases?
Because we already have password-protected certificates, and as i know
we cant remove password protection from existing
To remove the passphrase (on the key, not the certificate):
cp a.key temp
openssl rsa -in temp -out a.key
On Mon, 30 Jan 2006, Konstantin N. Bezruchenko wrote:
Greetings,
BJ Swope wrote:
So how can i use SSLPassPhraseDialog for 2 certificates what require
passwords?
Why
301 - 400 of 9305 matches
Mail list logo