Re: Mod_SSL for Windows 2000/NT/XP
-- Original Message -- I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip I'm somewhat confused. I downloaded and uncompressed the above archive, uncompressed and was delighted to find that mod_ssl was present in the modules directory. But I couldn't find any openssl.exe and, from what I gather, I need this www.openssl.org/download/win32 ?? :) executable/toolkit to generate a key pair and CSR? I'm a bit new to web server security and have just had responsibility thrust upon me, so I thank you all for your patience :) Kind regards, Brendan Lloyd __ D O T E A S Y - Join the web hosting revolution! http://www.doteasy.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
Guillaume wrote:: I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip Brendan replied: I'm somewhat confused. I downloaded and uncompressed the above archive, uncompressed and was delighted to find that mod_ssl was present in the modules directory. But I couldn't find any openssl.exe [...] arcean followed with: www.openssl.org/download/win32 ?? :) As notified yesterday I've found what I needed. My point was that I couldn't find the openssl.exe in the Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip archive, so I had to download it separately. Kind regards, Brendan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
Could the mirror sites not host ssl enabled version as they are not in the US as they are in the Uk, Austrailia etc? On 16 Jul 02, at 0:50, Cliff Woolley wrote: On Tue, 16 Jul 2002, Brendan Lloyd wrote: And last but not least: can anyone clarify what the state of Apache 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that Apache 2.0 supports/includes these, but then when I went to download the Windows binary distribution it had the suffix no_ssl? Source distributions of Apache 2.0 include mod_ssl. Binary distributions are a different story, but only because of ambiguities surrounding the (IMHO silly) export restrictions of the US government. We know we're allowed to export *source* for strong encryption software... but whether we're able to legally distribute *binaries* of strong encryption software is unclear. So we don't. Of course, that's more of a burden on our Windows users than on our Unix users, since the former tend to rely on binaries and the latter tend to roll their own since they tend to have the compilation tools on hand. The solution, as has been pointed out, is that somebody outside the US contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them to www.modssl.org/contrib, which is physically located in Germany, as opposed to www.apache.org, which is physically located in the western US. Sigh. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Technical Manager Online Learning Support Unit Middlesex University Business School [EMAIL PROTECTED] 020 8411 5092 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
On Tue, 16 Jul 2002, Alex Moon wrote: Could the mirror sites not host ssl enabled version as they are not in the US as they are in the Uk, Austrailia etc? The way our mirroring system works, the mirrors do an rsync of www.apache.org/dist. So they can't have files on their sites that aren't on the main sites (or at least not for long), since rsync would delete those files. Additionally, it requires somebody outside the US do actually do the compiling and uploading -- and all our Win32 guys (who are committers and thus allowed to create official binaries) are in the US. :-/ --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
At 00:50 -0400 16/07/02, Cliff Woolley wrote: On Tue, 16 Jul 2002, Brendan Lloyd wrote: And last but not least: can anyone clarify what the state of Apache 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that Apache 2.0 supports/includes these, but then when I went to download the Windows binary distribution it had the suffix no_ssl? Source distributions of Apache 2.0 include mod_ssl. Binary distributions are a different story, but only because of ambiguities surrounding the (IMHO silly) export restrictions of the US government. We know we're allowed to export *source* for strong encryption software... but whether we're able to legally distribute *binaries* of strong encryption software is unclear. So we don't. Of course, that's more of a burden on our Windows users than on our Unix users, since the former tend to rely on binaries and the latter tend to roll their own since they tend to have the compilation tools on hand. The solution, as has been pointed out, is that somebody outside the US contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them to www.modssl.org/contrib, which is physically located in Germany, as opposed to www.apache.org, which is physically located in the western US. Sigh. Those interested in details on this legal stuff can see this site: http://www.bxa.doc.gov/Encryption/ What is nice with this policy update is that source code is now considered unrestricted (like Cliff said): - Also for the first time, all encryption source code that would be considered publicly available under Section 734.3(b)(3) of the EAR (such as source code posted to the Internet) and the corresponding object code may be exported and reexported under License Exception TSU -- Technology and Software Unrestricted (specifically, Section 740.13(e) of the EAR), once notification (or a copy of the source code) is provided to BIS and the ENC Encryption Request Coordinator. See Note. Even if a license fee or royalty is charged for commercial production or sale of products developed using the source code, such source code is eligible for license exception TSU and no post-export reporting is required. - The complete content of the Export Administration Regulation (EAR) is available at: http://w3.access.gpo.gov/bis/ear/ear_data.html Disclamer: reading the content of the EAR may cause an headache. 8) It looks like binaries made from publically available source code are still considered unrestricted. They explicitly say [publically available source code] and the corresponding object code may be exported and reexported under License Exception TSU. But the License Exception TSU states: - (2) Provisions and Destinations. (i) Provisions. Operation software may be exported or reexported provided that both of the following conditions are met: (A) The operation software is the minimum necessary to operate equipment authorized for export or reexport; and (B) The operation software is in object code. - mod_ssl is not the minimum necessary to operate equipment since it's an add-on module; Apache can work without mod_ssl. And part B totally confused me, it says that ONLY object code can be exported... I guess Apache's official policy is let's not take chance. That sucks... Couldn't they hire a legal advisor that could sort this out? Or easier, can't we just give a call to the BXA and ask them Do object code made from publically available source-code still falls under the License Exception TSU?, that would clear up the question... We could ask them for a signed letter, and if we get problems in the future, we could just show the letter and say that we did our homework. Ok, putting everything on modssl.org/contrib is MUCH MUCH easier. GFK's -- Guillaume Filion Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/ (this will redirect) PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
I wrote: My situation is like Ike's: I too need to install mod_ssl and Open_SSL (ie. require secure web transaction capabilities) [on a Windows machine] is there a site from which I can download precompiled versions of (or an installation Wizard for) the above? Guillaume replied: I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip I'm somewhat confused. I downloaded and uncompressed the above archive, uncompressed and was delighted to find that mod_ssl was present in the modules directory. But I couldn't find any openssl.exe and, from what I gather, I need this executable/toolkit to generate a key pair and CSR? I'm a bit new to web server security and have just had responsibility thrust upon me, so I thank you all for your patience :) Kind regards, Brendan Lloyd I n f o r m a t i o n S y s t e m s A n a l y s t Wollongong UniCentre PO BOX U100 University of Wollongong NSW 2522 (02) 4221-8022 fax: (02) 4221-8026 [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
Brendan wrote: I downloaded and uncompressed the above archive, uncompressed and was delighted to find that mod_ssl was present in the modules directory. But I couldn't find any openssl.exe and, from what I gather, I need this executable/toolkit to generate a key pair and CSR? I'm a bit new to web server security and have just had responsibility thrust upon me, so I thank you all for your patience :) Thanks all, everything now solved (thanks in large part to the realisation that all the stuff needed is under http://www.modssl.org/contrib AND the help of a kind soul named Mark Anderson in Queensland Australia). Thanks again kind regards, Brendan Lloyd __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Mod_SSL for Windows 2000/NT/XP
Hi all, I am a new member to this group. I have a question which was asked on 2002-06-07 by Ike Ikonne (for which I could not locate any answer in the list archives) so please forgive me for the repetition... My situation is like Ike's: I too need to install mod_ssl and Open_SSL (ie. require secure web transaction capabilities), with questions as follows: * How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to buy compiler software)? * Alternatively, is there a sitfrom which I can download precompiled versions of (or an installation Wizard for) the above? Please advise, Thanks and kind regards, Brendan Lloyd __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
At 16:42 +1000 15/07/02, Brendan Lloyd wrote: I am a new member to this group. I have a question which was asked on 2002-06-07 by Ike Ikonne (for which I could not locate any answer in the list archives) so please forgive me for the repetition... My situation is like Ike's: I too need to install mod_ssl and Open_SSL (ie. require secure web transaction capabilities), with questions as follows: * How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to buy compiler software)? Yes you can, but you'll need to buy MS Visual C++ to compile Apache. Instructions are available at: http://httpd.apache.org/docs/windows.html http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 I guess you'll prefer to use the precompiled version avaiable below. * Alternatively, is there a sitfrom which I can download precompiled versions of (or an installation Wizard for) the above? I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip Hope this helps, GFK's -- Guillaume Filion Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/ (this will redirect) PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
Guillaume wrote: Yes you can, but you'll need to buy MS Visual C++ to compile Apache. Instructions are available at: http://httpd.apache.org/docs/windows.html http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 I note that the modssl install instructions are out of date (as are the versions of required software referenced). For example, the CygWin version has been deprecated since about 1998! I guess you'll prefer to use the precompiled version avaiable below. Yes, absolutely! * Alternatively, is there a sitfrom which I can download precompiled versions of (or an installation Wizard for) the above? I guess this is what you're looking for: http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip Eureka! I LOVE u, Guillaume Thank you s much! Much relieved, Brendan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Mod_SSL for Windows 2000/NT/XP
On Tue, 16 Jul 2002, Brendan Lloyd wrote: And last but not least: can anyone clarify what the state of Apache 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that Apache 2.0 supports/includes these, but then when I went to download the Windows binary distribution it had the suffix no_ssl? Source distributions of Apache 2.0 include mod_ssl. Binary distributions are a different story, but only because of ambiguities surrounding the (IMHO silly) export restrictions of the US government. We know we're allowed to export *source* for strong encryption software... but whether we're able to legally distribute *binaries* of strong encryption software is unclear. So we don't. Of course, that's more of a burden on our Windows users than on our Unix users, since the former tend to rely on binaries and the latter tend to roll their own since they tend to have the compilation tools on hand. The solution, as has been pointed out, is that somebody outside the US contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them to www.modssl.org/contrib, which is physically located in Germany, as opposed to www.apache.org, which is physically located in the western US. Sigh. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]