Need help !

2000-04-14 Thread Vagel Argyrakis




Hi all,
 
I have problems with ssl on my apache 
server (rh 6.1)
The certicicate has been created with make 
certificate
On launch with apachectl startssl i enter the 
passphrase and everything seems to be correct, the server starts-up giving 
as output : 
 
Server my.server.name:443 (RSA)Enter pass 
phrase:
Ok: Pass Phrase Dialog successful../apachectl 
startssl: httpd started
 
But when i try to connect to it using https:// i 
receive no answer. I also tried to scan the ports and it seems that port 443 is 
not open.
This is the ssl related section of my httpd.conf 
file:
Listen 80Listen 
443
AddType application/x-x509-ca-cert 
.crtAddType application/x-pkcs7-crl    
.crl
 
SSLPassPhraseDialog  builtinSSLSessionCache 
dbm:/usr/local/apache/logs/ssl_scacheSSLSessionCacheTimeout  
300SSLMutex  
file:/usr/local/apache/logs/ssl_mutexSSLRandomSeed startup builtinSSLRandomSeed connect 
builtin
 
SSLLog 
/usr/local/apache/logs/ssl_engine_logSSLLogLevel info
 
DocumentRoot /www/htdocs/
ErrorLog 
/usr/local/apache/logs/error_logTransferLog 
/usr/local/apache/logs/access_log
SSLEngine onSSLVerifyClient 
requireSSLCertificateFile 
/usr/local/apache/conf/ssl.crt/server.crtSSLCertificateKeyFile 
/usr/local/apache/conf/ssl.key/server.keySSLLogFile 
/usr/local/apache/logs/ssl_misc_log
 
    SSLOptions 
+StdEnvVars    SSLOptions 
+StdEnvVars
 
SetEnvIf User-Agent ".*MSIE.*" nokeepalive 
ssl-unclean-shutdown
 

 
This is the log in ssl_engine_log 
:
 
[11/Apr/2000 08:11:30 01141] [info]  
Server: Apache/1.3.12, Interface: mod_ssl/2.6.2, Library: 
OpenSSL/0.9.5a[11/Apr/2000 08:11:30 01141] [info]  Init: 1st startup 
round (still not detached)[11/Apr/2000 08:11:30 01141] [info]  Init: 
Initializing OpenSSL library[11/Apr/2000 08:11:33 01141] [info]  Init: 
Wiped out the queried pass phrases from memory[11/Apr/2000 08:11:33 01141] 
[info]  Init: Seeding PRNG with 136 bytes of entropy[11/Apr/2000 
08:11:33 01141] [info]  Init: Generating temporary RSA private keys 
(512/1024 bits)[11/Apr/2000 08:11:34 01141] [info]  Init: Configuring 
temporary DH parameters (512/1024 bits)
 
 
When i manually test ssl with the command : # ./openssl s_client -connect 
localhost:443 -state -debug
i receive the answer :connect: Connection 
refusedconnect:errno=111 
Anyone could give me some help?
 
Thanks in advance
 
Vagel Argyrakis
 
[EMAIL PROTECTED]


Need help !

2000-04-21 Thread Vagel Argyrakis




Hi,
Thanks for the ideas. I tried both using the ip address 
instead of localhost and i commented out the setting : SSLVerifyClient require, 
but it still doesn't work.
Anything else that i could do?
Thank you
Vagel
Try (instead of localhost:443) using 192.168.0.225:443, in your openssl
s_client commandline.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++ 
RLCT/M*/LW* a cl/u/v>+ !d e- f> h++ iwf+++ j p->+ 
sm++
End FurryCode v1.3
 
On Fri, 14 Apr 2000, Vagel Argyrakis wrote:
> Hi all,
> 
> I have problems with ssl on my apache server (rh 6.1)
> The certicicate has been created with make certificate
> On launch with apachectl startssl i enter the passphrase and everything 
seems to be correct, the server starts-up giving as output : 
> 
> Server my.server.name:443 (RSA)
> Enter pass phrase:
> 
> Ok: Pass Phrase Dialog successful.
> ./apachectl startssl: httpd started
> 
> But when i try to connect to it using https:// i receive no answer. I 
also tried to scan the ports and it seems that port 443 is not open.
> This is the ssl related section of my httpd.conf file:
> 
> 
> Listen 80
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
> 
> 
> SSLPassPhraseDialog builtin
> SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
> SSLSessionCacheTimeout 300
> SSLMutex file:/usr/local/apache/logs/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> SSLLog /usr/local/apache/logs/ssl_engine_log
> SSLLogLevel info
> 
> 
> 
> DocumentRoot /www/htdocs/
> ErrorLog /usr/local/apache/logs/error_log
> TransferLog /usr/local/apache/logs/access_log
> SSLEngine on
> SSLVerifyClient require
> SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
> SSLLogFile /usr/local/apache/logs/ssl_misc_log
> 
> 
> SSLOptions +StdEnvVars
> 
> 
> SSLOptions +StdEnvVars
> 
> 
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> 
> 
> 
> 
> 
> This is the log in ssl_engine_log :
> 
> [11/Apr/2000 08:11:30 01141] [info] Server: Apache/1.3.12, Interface: 
mod_ssl/2.6.2, Library: OpenSSL/0.9.5a
> [11/Apr/2000 08:11:30 01141] [info] Init: 1st startup round (still not 
detached)
> [11/Apr/2000 08:11:30 01141] [info] Init: Initializing OpenSSL 
library
> [11/Apr/2000 08:11:33 01141] [info] Init: Wiped out the queried pass 
phrases from memory
> [11/Apr/2000 08:11:33 01141] [info] Init: Seeding PRNG with 136 bytes of 
entropy
> [11/Apr/2000 08:11:33 01141] [info] Init: Generating temporary RSA 
private keys (512/1024 bits)
> [11/Apr/2000 08:11:34 01141] [info] Init: Configuring temporary DH 
parameters (512/1024 bits)
> 
> 
> When i manually test ssl with the command : # ./openssl s_client 
-connect localhost:443 -state -debug
> i receive the answer :
> connect: Connection refused
> connect:errno=111
> 
> Anyone could give me some help?
> 
> Thanks in advance
> 
> Vagel Argyrakis
> 
> [EMAIL PROTECTED]
> 
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]


need help !!

2001-03-12 Thread Anish M (EHPT)



hi 
all,
apche fails to 
compile with mod -ssl on win nt ..says cant find 
 
ap_aquire_pool
ap_make_shared_pool
in  apachecore.def
thnks in 
advcne
anish

-- Choose the Internet payment 
standard!   http://www.jalda.com   http://www.ehpt.com     
ANISH.M
Systems Engineerphone +91 116510101
internet payment systems   	mobile +91 9810304174
EHPT India Pvt Ltde:mail [EMAIL PROTECTED]  
 [EMAIL PROTECTED] 
 


Need help

2001-09-14 Thread Bill_Irwin




I am trying to install a 3rd party user authentication product on one of our RH
Linux/Apache intranet servers.  Originally I was told that their product was
only tested, approved and supported on Red Hat Linux 6.2 running an SSL enabled
Apache 1.3.12.  On Wednesday, with help from their tech support, I was able to
finally get their product up and running on our test box, but I was informed
that the "tested, approved and supported" version of mod_ssl was 2.8.1, not the
2.6.6 I had used.  I see that there is a mod_ssl --force configuration option
for installing to a version of Apache other than the one it was designed for.
Today when ran the mod_ssl 2.8.1 configuration script with the --force option I
was prompted for "File to patch:".  Not knowing what to enter I hit ctrl-c to
abort.  I received 3 or 4 of these "File to patch:" prompts, hitting ctrl-c each
time, before the configuration script aborted.  I am unable to find additional
information, in the documentation or on the mod_ssl web site, about the --force
option or the file names I need to enter when prompted "File to patch".  Here's
the command line I used:

./configure --with-apache=../apache_1.3.12 --with-ssl=../openssl-0.9.6b
--with-rsa=../rsaref-2.0/local --prefix=/usr/local/apache --enable-shared=ssl
--force

Any help would be greatly appreciated.

Bill Irwin
[EMAIL PROTECTED]



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



NEED HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

2010-01-12 Thread Chris DiLorenzo
Hi, Am Sorry for this message because it may get to you as supprise but it's
because of the situation of things right now. I want use this opportunity to
explain my problem. I was here in London on Vacation but yesterday thing
change because i was mugged at hotel am staying.

The worse of it is that bags, cash and cards and my cell phone was stolen at
during the incident and it's such a crazy experience for me. Now, am
stranded here without any money with me and i need flying back home.
Although am so happy that am physically ok and my passport still save with
me.

I have been to police to make report about the inccident but the best help
they could render to me is that they lead me to the embassy. Now, embassy
have arrange a flight for me which was schedule on 25th of February 2010 but
i dont want to wait long anymore before i can get back home.

I have been able to raise some money through my friends and family but am
short of $950 USD to complete the money for my flight ticket. Please, i need
you to loan me with sum amount $950 USD and i promise you i will pay you
back any amount you can afford to loan as soon as i get back home.

You can check Western Union Website to locate the nearest outlet around you
or wire the money online on their website (www.westernunion.com)

I need you to wire the money to me via Western Union Money Transfer with my
name:

Receiver Name : Chris DiLorenzo

My location : Dunstable Beds, LU5 5SD, United Kingdom.

As soon as you wire the money you will need provide me the below information

MTCN: ???

Amount Send: ???

Sender's Name: ???

So that i can visit any nearest Western Union Outlet to pick up the money
with my passport here in United Kingdom. Please do not see this message as
virus or spam and i will be very happy if you can help me out.

Thank you

Chris DiLorenzo


Re: Need help !

2000-04-14 Thread Winged Wolf

Try (instead of localhost:443) using 192.168.0.225:443, in your openssl
s_client commandline.

---
Mat Butler, Winged Wolf   <[EMAIL PROTECTED]>
SPASTIC Web Engineer  SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++ 
RLCT/M*/LW* a cl/u/v>+ !d e- f> h++ iwf+++ j p->+ sm++
End FurryCode v1.3


On Fri, 14 Apr 2000, Vagel Argyrakis wrote:

> Hi all,
> 
> I have problems with ssl on my apache server (rh 6.1)
> The certicicate has been created with make certificate
> On launch with apachectl startssl i enter the passphrase and everything seems to be 
>correct, the server starts-up giving as output : 
>  
> Server my.server.name:443 (RSA)
> Enter pass phrase:
> 
> Ok: Pass Phrase Dialog successful.
> ./apachectl startssl: httpd started
>  
> But when i try to connect to it using https:// i receive no answer. I also tried to 
>scan the ports and it seems that port 443 is not open.
> This is the ssl related section of my httpd.conf file:
> 
> 
> Listen 80
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl.crl
> 
>  
> SSLPassPhraseDialog  builtin
> SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
> SSLSessionCacheTimeout  300
> SSLMutex  file:/usr/local/apache/logs/ssl_mutex
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>  
> SSLLog /usr/local/apache/logs/ssl_engine_log
> SSLLogLevel info
>  
> 
> 
> DocumentRoot /www/htdocs/
> ErrorLog /usr/local/apache/logs/error_log
> TransferLog /usr/local/apache/logs/access_log
> SSLEngine on
> SSLVerifyClient require
> SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
> SSLLogFile /usr/local/apache/logs/ssl_misc_log
> 
> 
> SSLOptions +StdEnvVars
> 
> 
> SSLOptions +StdEnvVars
> 
> 
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> 
> 
> 
> 
>  
> This is the log in ssl_engine_log :
> 
> [11/Apr/2000 08:11:30 01141] [info]  Server: Apache/1.3.12, Interface: 
>mod_ssl/2.6.2, Library: OpenSSL/0.9.5a
> [11/Apr/2000 08:11:30 01141] [info]  Init: 1st startup round (still not detached)
> [11/Apr/2000 08:11:30 01141] [info]  Init: Initializing OpenSSL library
> [11/Apr/2000 08:11:33 01141] [info]  Init: Wiped out the queried pass phrases from 
>memory
> [11/Apr/2000 08:11:33 01141] [info]  Init: Seeding PRNG with 136 bytes of entropy
> [11/Apr/2000 08:11:33 01141] [info]  Init: Generating temporary RSA private keys 
>(512/1024 bits)
> [11/Apr/2000 08:11:34 01141] [info]  Init: Configuring temporary DH parameters 
>(512/1024 bits)
> 
> 
> When i manually test ssl with the command : # ./openssl s_client -connect 
>localhost:443 -state -debug
> i receive the answer :
> connect: Connection refused
> connect:errno=111
>  
> Anyone could give me some help?
> 
> Thanks in advance
> 
> Vagel Argyrakis
> 
> [EMAIL PROTECTED]
> 

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need help !

2000-04-15 Thread Mads Toftum

On Fri, Apr 14, 2000 at 08:16:18AM +0200, Vagel Argyrakis wrote:
[SNIP]
> SSLVerifyClient require

By having this setting, you require that the client should present a
valid certificate signed by a CA given in either SSLCACertificateFile
or SSLCACertificatePath - but you don't seem to have either of those
two set. You should probably start out by commenting out 
SSLVerifyClient. 

vh

Mads Toftum
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need help !

2000-04-17 Thread Francesco D'Inzeo

--Original Message Text---
From: Vagel Argyrakis
Date: Fri, 14 Apr 2000 08:16:18 +0200

>Hi all,

>I have problems with ssl on my apache server (rh 6.1)
>The certicicate has been created with make certificate
>On launch with apachectl startssl i enter the passphrase and everything seems to be 
>correct, the server starts-up 
>giving as output : 
>
>Server my.server.name:443 (RSA)
>Enter pass phrase:
>
>Ok: Pass Phrase Dialog successful.
>./apachectl startssl: httpd started
>
>But when i try to connect to it using https:// i receive no answer. I also tried to 
>scan the ports and it seems 
that >port 443 is not open.
>This is the ssl related section of my httpd.conf file:

I had same problem in Win NT, but, when I removed the password from the key
certificate because I didn' t want to digit the password when Apache starts
everything went the right way.

Hope it helps.
Regards.


---
"On a day not different than the one now dawning, Leonardo drew the
first strokes of the Mona Lisa, Shakespeare wrote the first words
of Hamlet, and Beethoven began work on his Ninth Symphony."
And Windows98 Crashed!
---
 Francesco D'Inzeo
 WinTech S.r.l.
 Via Lisbona 7
 35127 PADOVA (Italy)
 Tel. (+39)-(0)49-8703033
 Fax. (+39)-(0)49-8703045
 e-mail [EMAIL PROTECTED]



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need help !

2000-04-22 Thread Mads Toftum

On Wed, Apr 19, 2000 at 10:24:48AM +0200, Vagel Argyrakis wrote:
> Hi,
> 
> Thanks for the ideas. I tried both using the ip address instead of localhost and i 
>commented out the setting : SSLVerifyClient require, but it still doesn't work.
> 
> Anything else that i could do?
> 

I'm sure that you have to do it without SSLVerifyClient - other things
that could be wrong is a bit harder to guess ;-)
There is one thing you could try - checking to see wether the server is
listening on the SSL port at all, because the error you get from s_client
looks exactly like what I get when my server isn't started yet. So my 
guess is that you don't get any connect because there is no server to
answer s_client. You could try some of the steps that I've mentioned in
http://marc.theaimsgroup.com/?l=apache-modssl&m=95631272704634&w=2.
You could also set SSLLogLevel to debug to get extra info.


vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



ODP: Need help !

2000-04-26 Thread Marcin Badtke

Thanks for the ideas. I tried both using the ip address instead of localhost
and i commented out the setting : SSLVerifyClient require, but it still
doesn't work.

Anything else that i could do?

You can check also:

netstat -vat - to see if httpd is listening on https port (443) and /or

ipchains -L -v - to see if your port is open

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need help

2001-09-14 Thread Cliff Woolley

On Fri, 14 Sep 2001 [EMAIL PROTECTED] wrote:

> Today when ran the mod_ssl 2.8.1 configuration script with the --force
> option I was prompted for "File to patch:".  Not knowing what to enter
> I hit ctrl-c to abort.  I received 3 or 4 of these "File to patch:"
> prompts, hitting ctrl-c each time, before the configuration script
> aborted.  I am unable to find additional information, in the
> documentation or on the mod_ssl web site, about the --force option or
> the file names I need to enter when prompted "File to patch".  Here's
> the command line I used:

This won't work well in general, particularly for widely varying versions
of Apache.  If you're going to get it to work at all, you'll probably have
to apply the EAPI patches by hand (where "by hand" I mean actually open up
the patch, see what change it's trying to make, find the equivalent code
if it exists in the other version of Apache, and make the equivalent
change).  While this will sort of work, it's obviously a less-than-optimal
solution.

The company you're dealing with must support a mod_ssl version and an
Apache version that match up.  If they tell you to use a certain mod_ssl
version, as I see it you have to assume that they want you to use the
Apache version that that mod_ssl is designed to work with.  Forcing people
to patch Apache by hand is not conducive to a stable, supportable server,
and I just can't believe that that's really what they want you to do.

--Cliff

--
   Cliff Woolley
   [EMAIL PROTECTED]
   Charlottesville, VA


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



need help! please..

1999-05-19 Thread System Admin.

Hi all,
 I try to create and use my own CA. I followed the steps in the
F.A.Q. in modssl.org webpage and at the end I ran  sign.sh script from
mod_ssl-2.2.8 distribution. It gave me this message:

error 7 at 0 depth lookup:certificate signature failure 

is that normal? but it also told me that the database has been updated,CA
verifying: server.crt <-> CA cert.

Please help!

TIA

pe'


--
UNIX System Admin.
Distributed Computing Services
Lake Superior State University
650 W. Easterday Ave.
Sault Ste. Marie. MI
49783 USA.
--

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



I need help please!

2002-03-01 Thread MARTIN Pierre



Hi, im using an apache server with mod_ssl.  
(the last one, newest one version...)
I get the error
 
724:error:140770FC:SSL 
routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:D:\MyProjects\Applications\opensa\openssl\ssl\s23_clnt.c:460:
 
When i'm trying to connect. I can only read this 
with the openssl s_client mode, because the broser just search forever when i 
type the secured domain name.
 
Notice that the number of the error is sometimes 
724, sometimes 982, sometimes 972,...
 
I red about my config was pointing to a wrong port 
and i may had "Listen 80" instead of "Port 80". That is all i found about this 
error, and it was already done in my config.
 
Thanks a lot,
Regards, MARTIN Pierre
 
 
PS: Sorry for my bad english...
 
http://hickscorp.dyndns.orghttp://3dMeeting.dyndns.orghttp://Iloa.dyndns.orghttp://StatsAGogo.dyndns.orghttp://www.Lv4-26.com
 
MSN: [EMAIL PROTECTED]ICQ: 
73133239


Need help with configure.bat

2002-03-02 Thread Nate Davis



I am running apache under win2k... when i run the 
configure.bat file it gives me an error saying "No Perl script found in input". 
That is with the command line syntax of:
 
configure --with-ssl=c:/openssl 
--with-apache=--with-apache=C:/Program Files/Apache Group/Apache
 
any help someone could provide would be much 
apreciated, thanks
 
- Nate


Need Help with Virtual Hosts

2000-05-22 Thread Pete Navarra

Hi!  I need some help with using Virtual Hosts on Apache.  I realize that
this isn't really something about SSL, but I use SSL and have been a regular
reader of this newsgroup, so I thought I would post this message.

I'm currently using Apache 1.3.9 with mod_ssl 2.4.6.  Not having any
problems there, but I'm trying to setup Apache for Name Virual Hosts.  I've
read and reread the Apache Documentation on Virtual Hosts, and have been
unable to get a configuration that will work for me.  I  have one IP
address, but want to link different domain names to the same IP, but use a
different set of logs, and host different websites.  I can get IP based
virtual hosting to work, but I can't for the life of me get Non-IP based
Name Virtual Hosting to work.

Please Help!


Pete Navarra
Infinium Web Services

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: I need help please!

2002-03-01 Thread Owen Boyle

> MARTIN Pierre wrote:
> 
> Hi, im using an apache server with mod_ssl. (the last one, newest one
> version...)
> I get the error
> 
> 724:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:D:\MyPro
> jects\Applications\opensa\openssl\ssl\s23_clnt.c:460:
> 
> When i'm trying to connect. I can only read this with the openssl
> s_client mode, because the broser just search forever when i type the
> secured domain name.
> 
> Notice that the number of the error is sometimes 724, sometimes 982,
> sometimes 972,...
> 
> I red about my config was pointing to a wrong port and i may had
> "Listen 80" instead of "Port 80". That is all i found about this
> error, and it was already done in my config.

You're trying to connect to an SSL-aware server with plain HTTP.

Do you want an SSL server? If so, you must set up a VH on port 443 then
access it using "https://servername/";  <-- NB "https", *not* "http".

rgds,

Owen Boyle.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



I need help with this....

1999-10-24 Thread Pete Navarra



I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 
along with FrontPage extensions, PHP, and mod Perl.  Everything installed 
perfectly, and I am having no problems except for one thing.  When you try 
to connect to my site using HTTPS, you get my certificate presented like it 
should, however, once you accept the certificate, I get one of two errors 
saying there is either no data to send (in Netscape), or that the DNS Server 
could not be reached. ( in Explorer).  It doesn't display my website, 
and  pops up with nothing.  Any suggestions?
 
 
            
            Any help would be 
greatly appreciated!
 
            
                
            Thanks,
            
                
                
    Pete
            
                
                
    https://www.infiniumweb.com
 


Re: Need Help with Virtual Hosts

2000-05-22 Thread Mike King

Pete,

How about some clues on what your setup is ?

Have you set up your DNS entries correctly ?

#
# If you want to use name-based virtual hosts you need to define at
# least one IP address (and port number) for them.
#
NAMEVIRTUALHOST 216.117.143.120:80

The VirtualHost directive should look something like this:


 ServerName www.pollies.market-research.com
 ServerAlias pollies.market-research.com www.pollies.market-research.com
 ServerAdmin [EMAIL PROTECTED]
 ScriptAlias /cgi-pol/ /www/cgi-pol/
 DocumentRoot /usr/local/etc/httpd/htdocs/kevin
 ErrorLog logs/pollies-error_log
 TransferLog logs/pollies-access_log


Should be as easy as that

Cheers

Mike

At 02:50 PM 22/05/2000 -0500, you wrote:
>Hi!  I need some help with using Virtual Hosts on Apache.  I realize that
>this isn't really something about SSL, but I use SSL and have been a regular
>reader of this newsgroup, so I thought I would post this message.
>
>I'm currently using Apache 1.3.9 with mod_ssl 2.4.6.  Not having any
>problems there, but I'm trying to setup Apache for Name Virual Hosts.  I've
>read and reread the Apache Documentation on Virtual Hosts, and have been
>unable to get a configuration that will work for me.  I  have one IP
>address, but want to link different domain names to the same IP, but use a
>different set of logs, and host different websites.  I can get IP based
>virtual hosting to work, but I can't for the life of me get Non-IP based
>Name Virtual Hosting to work.
>
>Please Help!
>
>
>Pete Navarra
>Infinium Web Services
>
>__
>Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>User Support Mailing List  [EMAIL PROTECTED]
>Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need Help with Virtual Hosts

2000-05-22 Thread James Lyon

> Hi!  I need some help with using Virtual Hosts on Apache.  I realize that
> this isn't really something about SSL, but I use SSL and have been a regular
> reader of this newsgroup, so I thought I would post this message.
>
> I'm currently using Apache 1.3.9 with mod_ssl 2.4.6.  Not having any
> problems there, but I'm trying to setup Apache for Name Virual Hosts.  I've
> read and reread the Apache Documentation on Virtual Hosts, and have been
> unable to get a configuration that will work for me.  I  have one IP
> address, but want to link different domain names to the same IP, but use a
> different set of logs, and host different websites.  I can get IP based
> virtual hosting to work, but I can't for the life of me get Non-IP based
> Name Virtual Hosting to work.

I probably don't know any more than you, judging by your description and what
I've done in the past, but I recall some mention about SSL and name-based
virtual hosting. I *think* there might be a problem in as far as the SSL
protocol actually prevents the support of name-based virtual hosting. I haven't
thought this through, so with some consideration my comments may turn out to be
obviously true, or obviously wrong!

I know that's not a lot of an answer, but it might just help a little!

Best regards,
James.


begin:vcard 
n:Lyon;James
tel;pager:24-hour contact via Work number
tel;cell:+44 (7973) 824857
tel;fax:+44 (24) 7670 2501
tel;home:Please use Cellular number.
tel;work:+44 (24) 7670 2500
x-mozilla-html:TRUE
url:http://www.aztec.co.uk/
org:Business IT Research Ltd t/a Aztec Business Solutions
version:2.1
email;internet:[EMAIL PROTECTED]
title:Managing Director
adr;quoted-printable:;;Enterprise House=0D=0ACourtaulds Way;Coventry;;CV6 5NX;UK
fn:James Lyon
end:vcard



Re: Need Help with Virtual Hosts

2000-05-23 Thread rwidmer

Addressed to: [EMAIL PROTECTED]
  "Pete Navarra" <[EMAIL PROTECTED]>

** Reply to note from "Pete Navarra" <[EMAIL PROTECTED]> Mon, 22 May 2000 14:50:53 
-0500
>   
> Hi! I need some help with using Virtual Hosts on Apache. I realize
> that this isn't really something about SSL, but I use SSL and have
> been a regular reader of this newsgroup, so I thought I would post
> this message.
>   
> I'm currently using Apache 1.3.9 with mod_ssl 2.4.6. Not having any
> problems there, but I'm trying to setup Apache for Name Virual Hosts.
> I've read and reread the Apache Documentation on Virtual Hosts, and
> have been unable to get a configuration that will work for me. I have
> one IP address, but want to link different domain names to the same
> IP, but use a different set of logs, and host different websites. I
> can get IP based virtual hosting to work, but I can't for the life of
> me get Non-IP based Name Virtual Hosting to work.
>   


Sorry about the second post, I just reread your message and noticed
your desire to use separate log files.  Be aware that will severely
reduce the number of VirtualHosts you can have.  There is a per-process
limit on the number of open files, and if I remember right I ran out of
file handles around 30 VirtualHosts when I allowed each to have its own
access and error logs.  I am now over 60 VirtualHosts with no problems
after eliminating private log files.


Rick Widmer
http://www.developersdesk.com


P.S.  If these replies are not helpful, maybe you should be more
specific about what you want to do, and how it fails.




__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need Help with Virtual Hosts

2000-05-23 Thread rwidmer

Addressed to: [EMAIL PROTECTED]
  "Pete Navarra" <[EMAIL PROTECTED]>

** Reply to note from "Pete Navarra" <[EMAIL PROTECTED]> Mon, 22 May 2000 14:50:53 
-0500
>   
> Hi! I need some help with using Virtual Hosts on Apache. I realize
> that this isn't really something about SSL, but I use SSL and have
> been a regular reader of this newsgroup, so I thought I would post
> this message.
>   
> I'm currently using Apache 1.3.9 with mod_ssl 2.4.6. Not having any
> problems there, but I'm trying to setup Apache for Name Virual Hosts.
> I've read and reread the Apache Documentation on Virtual Hosts, and
> have been unable to get a configuration that will work for me. I have
> one IP address, but want to link different domain names to the same
> IP, but use a different set of logs, and host different websites. I
> can get IP based virtual hosting to work, but I can't for the life of
> me get Non-IP based Name Virtual Hosting to work.


There are examples here.

   http://www.apache.org/docs/vhosts/examples.html


Be aware, you only get _ONE_ SSL enabled VirualHost per NameVirtualHost
block. (or per IP address)  Sorry, that is just the way SSL works.
There is an explination in the FAQ on why, and we just finished a long
thread on that and the use of NameVirtualHost.  I won't repeat it here,
but you can look in the archive for a recent (the last 3 days or so)
thread on:  VeriSign keys.


Bottom line, one IP address - one SSL Virtual Host.  You can have all
the non-SSL virtual hosts you want, but there is no way around needing
an IP address for each SSL host.  (Using different ports may be a
possiblity, but I have not yet done it, and don't know anyone who has.)
If you get it to work, let us know.  Also let us know how customers
respond to it.  It will require a somewhat unusual URL.


Rick Widmer
http://www.developersdesk.com







__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need Help with Virtual Hosts

2000-05-23 Thread JoshNarins

Rick Widmer ([EMAIL PROTECTED]) writes:
>Sorry about the second post, I just reread your message and noticed
>your desire to use separate log files.  Be aware that will severely
>reduce the number of VirtualHosts you can have.  There is a per-process
>limit on the number of open files, and if I remember right I ran out of
>file handles around 30 VirtualHosts when I allowed each to have its own
>access and error logs.  I am now over 60 VirtualHosts with no problems
>after eliminating private log files.

The per process file opening limit was a configurable parameter of your OS.
It was either a user resource limit (ulimit) or a tunable kernel config found 
in 
param.c or param.h (NFILES??) or UNIX has invented yet another way to put
reins on processes.

So, you just might be able to make one log per process, if you change the
ulimit's for the user the web server is running as OR you tune your kernel
and rebuild.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need Help with Virtual Hosts

2000-05-23 Thread James Treworgy

Wouldn't it be simpler to set up a little cron job to break up your log 
file by virtual host every day?

At 09:03 AM 5/23/00 -0400, [EMAIL PROTECTED] wrote:
>The per process file opening limit was a configurable parameter of your OS.
>It was either a user resource limit (ulimit) or a tunable kernel config found
>in
>param.c or param.h (NFILES??) or UNIX has invented yet another way to put
>reins on processes.
>
>So, you just might be able to make one log per process, if you change the
>ulimit's for the user the web server is running as OR you tune your kernel
>and rebuild.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need Help with Virtual Hosts

2000-05-23 Thread Rusty Wright

I'll send him a copy of my config file.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



RE: Need Help with Virtual Hosts

2000-05-24 Thread Airey, John

That doesn't sound simple to me! You'd either have to do it as either a
multi-pass for each virtual host, or parse the log file once to give several
output files. You'd also have to write the name of the virtual host into
every log file entry, which I don't believe is done by default. Seems like
using a sledgehammer to crack a nut. 

No doubt though some sed or awk guru can figure the code to do this in their
head!

I'd rather find a way to continue to write multiple log files, via ulimit
etc...

John

-Original Message-
From: James Treworgy [mailto:[EMAIL PROTECTED]]
Sent: 23 May 2000 18:05
To: [EMAIL PROTECTED]
Subject: Re: Need Help with Virtual Hosts


Wouldn't it be simpler to set up a little cron job to break up your log 
file by virtual host every day?

At 09:03 AM 5/23/00 -0400, [EMAIL PROTECTED] wrote:
>The per process file opening limit was a configurable parameter of your OS.
>It was either a user resource limit (ulimit) or a tunable kernel config
found
>in
>param.c or param.h (NFILES??) or UNIX has invented yet another way to put
>reins on processes.
>
>So, you just might be able to make one log per process, if you change the
>ulimit's for the user the web server is running as OR you tune your kernel
>and rebuild.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



RE: Need Help with Virtual Hosts

2000-05-24 Thread Steve Fairhead

James Treworgy [[EMAIL PROTECTED]] said:

>> Wouldn't it be simpler to set up a little cron job to break up your log
file by virtual host every day? <<

My tuppence worth: I have separate access/error log files for each of the 40
or so (and rising) virtual hosts on my system, running OpenBSD 2.6. They are
also rotated by syslogd with no problem. I don't recall what/where the
file-open limit is off-hand, but it's not been an issue here - yet :).

Steve

--
Steve Fairhead - SFD - Solutions by Design
   www: http://www.sfdesign.co.uk
--

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



RE: Need Help with Virtual Hosts

2000-05-24 Thread James Treworgy

Ought to be a piece of cake with perl, and to set to a log format that 
includes the virtual host is easy enough with a single configuration 
directive.  You could even do it with a single grep for each virtual server 
if you wanted.

Also, from my reading of the file limit problem on apache's docs, it's not 
always a simple problem to increase the limit depending on what OS you're 
running.  If the server hosts other services as well, the resource would be 
taxed further.

Hmm, I might need to write such a script... I host a bunch of virtual sites 
that are currently all being dumped into one log file.  Now the time is 
coming that I need to analyze the sites...

Jamie

At 09:36 AM 5/24/00 +0100, Airey, John wrote:
>That doesn't sound simple to me! You'd either have to do it as either a
>multi-pass for each virtual host, or parse the log file once to give several
>output files. You'd also have to write the name of the virtual host into
>every log file entry, which I don't believe is done by default. Seems like
>using a sledgehammer to crack a nut.
>
>No doubt though some sed or awk guru can figure the code to do this in their
>head!
>
>I'd rather find a way to continue to write multiple log files, via ulimit
>etc...
>
>John

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: I need help with this....

1999-10-24 Thread Brett Peters

I had the same problem with a similar configuration... What's in your error
logs?

Brett
[EMAIL PROTECTED]

- Original Message -
From: Pete Navarra
To: [EMAIL PROTECTED]
Sent: Sunday, October 24, 1999 6:12 AM
Subject: I need help with this


I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with
FrontPage extensions, PHP, and mod Perl.  Everything installed perfectly,
and I am having no problems except for one thing.  When you try to connect
to my site using HTTPS, you get my certificate presented like it should,
however, once you accept the certificate, I get one of two errors saying
there is either no data to send (in Netscape), or that the DNS Server could
not be reached. ( in Explorer).  It doesn't display my website, and pops up
with nothing.  Any suggestions?


Any help would be greatly appreciated!

Thanks,
Pete
https://www.infiniumweb.com

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: I need help with this....

1999-10-24 Thread Joshua Gerth


> I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with
> FrontPage extensions, PHP, and mod Perl.  Everything installed
> perfectly, and I am having no problems except for one thing.  When you
> try to connect to my site using HTTPS, you get my certificate
> presented like it should, however, once you accept the certificate, I
> get one of two errors saying there is either no data to send (in
> Netscape), or that the DNS Server could not be reached. ( in
> Explorer).  It doesn't display my website, and pops up with nothing.  
> Any suggestions?

Howdy,

You might try compiling your server without PHP, mod_perl, or
FrontPage.  If you still get the error then it is with apache/mod_ssl.  
If not, add each one of the modules in until you are able to repeat the
error.  Either way it should help narrow it down to which module is
causing you the problems.  As it is now its a little hard to track down.

Hope that helps,
Joshua
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: I need help with this....

1999-10-24 Thread Brett Peters



I had the same problem with a similar 
configuration... What's in your error logs?
 
Brett
[EMAIL PROTECTED]

  - Original Message - 
  From: 
  Pete 
  Navarra 
  To: [EMAIL PROTECTED] 
  Sent: Sunday, October 24, 1999 6:12 
  AM
  Subject: I need help with this
  
  I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 
  along with FrontPage extensions, PHP, and mod Perl.  Everything installed 
  perfectly, and I am having no problems except for one thing.  When you 
  try to connect to my site using HTTPS, you get my certificate presented like 
  it should, however, once you accept the certificate, I get one of two 
  errors saying there is either no data to send (in Netscape), or that the DNS 
  Server could not be reached. ( in Explorer).  It doesn't display my 
  website, and pops up with nothing.  Any suggestions?
   
   
              
              Any help would be 
  greatly appreciated!
   
              
                  
              Thanks,
              
                  
                  
      Pete
              
                  
                  
      https://www.infiniumweb.com
   


Re: I need help with this....

1999-10-24 Thread Eli Marmor

I don't know if the following reason is also the reason for the
problems in your case, but such a problem happens usually because of
a non-writable log directory or a log location which was mis-
configured. Sometimes the normal HTTP server can write to its logs
while the SSL stuff has problems (it sounds funny, I know!  It must
be an idiotic thing, but I never had the time to examine it...).
Look at your log files (both access_log and error_log); You'll
probably find a warning about this problem.

I can witness that I had the same problem (although there was no PHP
or Perl or FP in that installation), and after fixing the permission
problem, everything worked perfectly.

BTW: You mentioned PHP; Does anybody know when PHP4-beta3 will be
released?  There were already 3 deadlines, but no sign for a final
date...

Brett Peters wrote:
> 
> I had the same problem with a similar configuration... What's in your error
> logs?
> 
> Brett
> [EMAIL PROTECTED]
> 
> - Original Message -
> From: Pete Navarra
> To: [EMAIL PROTECTED]
> Sent: Sunday, October 24, 1999 6:12 AM
> Subject: I need help with this
> 
> I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with
> FrontPage extensions, PHP, and mod Perl.  Everything installed perfectly,
> and I am having no problems except for one thing.  When you try to connect
> to my site using HTTPS, you get my certificate presented like it should,
> however, once you accept the certificate, I get one of two errors saying
> there is either no data to send (in Netscape), or that the DNS Server could
> not be reached. ( in Explorer).  It doesn't display my website, and pops up
> with nothing.  Any suggestions?

-- 
Eli Marmor
[EMAIL PROTECTED]
El-Mar Software Ltd.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: I need help with this....

1999-10-25 Thread Eli Marmor

I forgot to write it in my original message, but you must get the
following message in your error_log in this case:

[Mon Oct 25 14:49:48 1999] [error] mod_ssl: Child could not open SSLMutex lockfile 
/your/path/logs/ssl_mutex.26336 (System error follows)

It happens with the default permissions in a default installation
(using Apache's "src/helpers/binbuild.sh" and "./install-bindist.sh"),
so it is common. Otherwise, if it was a local problem because of local
permissions, I would not write it.

I wrote:

> I don't know if the following reason is also the reason for the
> problems in your case, but such a problem happens usually because of
> a non-writable log directory or a log location which was mis-
> configured. Sometimes the normal HTTP server can write to its logs
> while the SSL stuff has problems (it sounds funny, I know!  It must
> be an idiotic thing, but I never had the time to examine it...).
> Look at your log files (both access_log and error_log); You'll
> probably find a warning about this problem.
> 
> I can witness that I had the same problem (although there was no PHP
> or Perl or FP in that installation), and after fixing the permission
> problem, everything worked perfectly.


-- 
Eli Marmor
***
 *   ___ _  __ ___  ___ |__ _ _[EMAIL PROTECTED]  *
  * | | | \   | | \|  / |\/ El-Mar Software Ltd.*
   *| | | _)  | | _) /  | \  Tel.: 972-50-237338 *
*___  Fax: 972-9-766-1314 *
 *   \_ \  http://www.elmar.co.il  *
  *_  __   \ \  ___ *
   *   \___ \ \_\|  _ \  __ \ \ \ \  | | *
*  \ \   | | \ \ \_\ \ \ \ \ | |*
 *  \ \  | | _\ \ ) ) \ \ \_\_ *
  *  \ \ |_| \___)   (_/   \_\  \_\   *
   *  \ \___ *
*  \\   *
 * *
  *
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: I need help with this....

1999-10-25 Thread Sean D. Ackley


I had basically the same problem.  It had nothing to do with the version
of SSL, it was a dns and name server issue.  You need to make sure that
your A records, reverse record, and DNS names all match accordingly to the
certificate name.  Also, the name that shows up in the httpd.conf file
needs to match exactly as well.

What I did on my server, was made 1 SSL apache daemon that only responds
to port 443 (on all the different IP addresses I need).  Then, I have a
totally seperate daemon for the port 80 web server.  This way, I can
seperate both daemons.

Try that first.  If no help, send me an email.  I solved even more
problems by upgrading to the new Apache 1.3.9 (like you are using).


sean.

On Sun, 24 Oct 1999, Brett Peters wrote:

> I had the same problem with a similar configuration... What's in your error
> logs?
> 
> Brett
> [EMAIL PROTECTED]
> 
> - Original Message -
> From: Pete Navarra
> To: [EMAIL PROTECTED]
> Sent: Sunday, October 24, 1999 6:12 AM
> Subject: I need help with this
> 
> 
> I have recently installed Apache 1.3.9, and mod_ssl 2.4.5 along with
> FrontPage extensions, PHP, and mod Perl.  Everything installed perfectly,
> and I am having no problems except for one thing.  When you try to connect
> to my site using HTTPS, you get my certificate presented like it should,
> however, once you accept the certificate, I get one of two errors saying
> there is either no data to send (in Netscape), or that the DNS Server could
> not be reached. ( in Explorer).  It doesn't display my website, and pops up
> with nothing.  Any suggestions?
> 
> 
> Any help would be greatly appreciated!
> 
> Thanks,
> Pete
> https://www.infiniumweb.com
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> 

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Need help with Verisign's Global ID

1999-10-26 Thread Michal Hobot

Hi
I'm trying to use Apache with mod_ssl and with 128-bit exportable
certificate. The problem is Verisign requires selecting actual webserver
type during GID registration.
When I chose Apache - they're telling me it's not supported.
So, which type of server should I set for Apache with mod_ssl?
Stronghold? Is there any server-specific in SGC?

Michal Hobot
[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Need help with Apache 1.3.12+modssl WIN32

2000-04-19 Thread Reid M. Pinchback


Hi all,

I've been through an installation before using Apache 1.3.6
and Modssl, so I thought 1.3.12 should go relatively smoothly.
Hah!

I installed the Win32 build of Apache 1.3.12 (from the Apache
site), and grabbed the modssl/openssl materials from the modssl
site.  The particular file was:

  Apache_1.3.12-mod_ssl_2.6.1-openssl_0.9.5-WIN32-i386.zip

Apache worked before installing modssl.  It works after installing
modssl, until I try to load the module.  I did the obvious thing:

  LoadModule ssl_module modules/ApacheModuleSSL.dll

but when I try to start Apache from the Services control panel
I just get:

   Could not start the Apache service on \\SERVER
   Error 1067: The process terminated unexpectedly.

Commenting out the LoadModule directive makes the problem go away,
but then of course I don't have any SSL support.  No logs were written.
I went hunting around, and found that this WIN32 distribution doesn't 
actually have a file named ApacheModuleSSL.dll; it has something named
Apachemo.dll.  I tried using that name, but no joy.

Am I missing something here?




= Reid M. Pinchback=
= I/T Delivery, MIT=
=  =
= Email:   [EMAIL PROTECTED]  =
= URL: http://mit.edu/reidmp/www/home.html =


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need help with Verisign's Global ID

1999-10-26 Thread Ralf S. Engelschall

On Mon, Oct 25, 1999, Michal Hobot wrote:

> Hi
> I'm trying to use Apache with mod_ssl and with 128-bit exportable
> certificate. The problem is Verisign requires selecting actual webserver
> type during GID registration.
> When I chose Apache - they're telling me it's not supported.
> So, which type of server should I set for Apache with mod_ssl?
> Stronghold? Is there any server-specific in SGC?

Seems today is a Versign ordering day. I've answered this already in another
thread as following:

| The server type doesn't really matter as long as you at least select not a too
| esoteric server (then you might not get the cert/key in PEM or DER format).
| Just select Stronghold, Raven or some of those Apache servers.

The same is true independent whether you buy a standard cert or a SGC.

   Ralf S. Engelschall
   [EMAIL PROTECTED]
   www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



RE: Need help with Verisign's Global ID

1999-10-26 Thread Rob Bastille

Michal,

  Please select either Stronghold or Raven

Rob Bastille
IT Department Manager
WildcatBlue.Com - http://www.wildcatblue.com/
First Computer Solutions, Inc. - http://fcomsolutions.com/
(606) 625-9453 (Voice)
(606) 624-1233 (Fax)

"The soul would have no rainbow had the eyes no tears"

-Original Message-
From:   Michal Hobot [SMTP:[EMAIL PROTECTED]]
Sent:   Monday, October 25, 1999 3:30 PM
To: [EMAIL PROTECTED]
Subject:    Need help with Verisign's Global ID

 << File: ATT8.txt; charset = iso-8859-2 >> 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need help with Apache 1.3.12+modssl WIN32

2000-04-21 Thread Jan Dries

"Reid M. Pinchback" wrote:
> [...]
> but when I try to start Apache from the Services control panel
> I just get:
> 
>Could not start the Apache service on \\SERVER
>Error 1067: The process terminated unexpectedly.
> [...]
> 
> Am I missing something here?
>
If running it as a service gives problems, try running it as a console
app. Then you can at least see the prints to stdout as well.
Have all the mod_ssl parameters been set up correctly? I.e. do you have
a valid certificate, with a private key file, etc. and are they all
correctly configured in httpd.conf?
Further, if you run it as a service, make sure it doesn't ask for your
private key password interactively, since that won't work. Instead, use
a private key without password or use a password program (but notice
I've been experiencing problems with the latter; it works only if you
run apache using the -X option. In regular mode, there's a redirection
problem. The password program is run, but mod_ssl never gets to see it's
output. That though is not a mod_ssl problem, but rather an apache
problem, documented (but yet unsolved) in the Apache bug list.)

Jan Dries
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



Re: Need help with Apache 1.3.12+modssl WIN32

2000-04-22 Thread Reid M. Pinchback

At 11:56 PM 4/21/00 -0400, Jan Dries wrote:
>If running it as a service gives problems, try running it as a console
>app. Then you can at least see the prints to stdout as well.

Good idea!  I'll try that.

>Have all the mod_ssl parameters been set up correctly? I.e. do you have
>a valid certificate, with a private key file, etc. and are they all
>correctly configured in httpd.conf?

As far as I can tell, yes.  I stuck with what worked for the previous
version I'd installed, and I can't find anything that should have changed.

>Further, if you run it as a service, make sure it doesn't ask for your
>private key password interactively, since that won't work.

This never came up before, but I'll double-check when I run as a
console ap.

Thanks!


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]



I need help with a very tricky problem

2000-09-06 Thread Doug Poulin



I need to figure out how to log a user off our web 
site and ensure that they re-authenticate the next time they hit our 
site.
 
On the surface this seems like a very simple 
problem but it is not.  Here is what happens.
 
A user logs on to our site using modauth, from an 
IE5 browser.  They do a bunch of things and then they go off to some other 
URL, or for a coffee.  If they don't close 
every single browser window then they remain authenticated to our site 
FOREVER!  They (or anyone else sharing the same PC) can return to our site 
and they get access right away without any authentication.  
 
We have hospitals using our site who have many 
staff sharing a PC, who each need to be able to sit down, look up some info, 
then log off without a lot of hassles.
 
Sending a 401 Unauthorized doesn't work because I 
can't tell the difference between someone legitimately logging in properly and 
one returning from a previous session.
 
There doesn't seem to be anything in the browser 
you can shut off, modify or otherwise fool.  CGI scripts come into play far 
too late since all of the authenticating (or non-authenticating) has already 
passed.  I tried looking at the SSL_SESSION_ID but it appears to be 
different for every single hit to our web site from the same PC and browser 
window.
 
My httpd.conf file is pretty much default.  
SSLSessionCache is set to shm:/var/cache/ssl_scache(512000)
SSLSessionCacheTimeout 
is set to 300
 
I can get back onto my site hours later (certainly 
more than 5 minutes) without re-authenticating.  Does anyone have any ideas 
where to go from here?  I'm really stumped...
 


RE: I need help with a very tricky problem

2000-09-06 Thread Kirk Benson



SSL 
and HTTP don't offer any solutions here.  What you need is to implement 
your own logon screen, set a session cookie, and maintain the timing in your 
application.  This implies that you are serving something other than static 
pages; i.e., you have something like cgi/jsp/servlet.
 
The 
HTTP auth process is not designed for what you're trying to 
do.

  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On 
  Behalf Of Doug PoulinSent: Wednesday, September 06, 2000 3:08 
  PMTo: [EMAIL PROTECTED]Subject: I need help with a 
  very tricky problem
  I need to figure out how to log a user off our 
  web site and ensure that they re-authenticate the next time they hit our 
  site.
   
  On the surface this seems like a very simple 
  problem but it is not.  Here is what happens.
   
  A user logs on to our site using modauth, from an 
  IE5 browser.  They do a bunch of things and then they go off to some 
  other URL, or for a coffee.  If they don't 
  close every single browser window then they remain authenticated to our site 
  FOREVER!  They (or anyone else sharing the same PC) can return to our 
  site and they get access right away without any authentication.  
  
   
  We have hospitals using our site who have many 
  staff sharing a PC, who each need to be able to sit down, look up some info, 
  then log off without a lot of hassles.
   
  Sending a 401 Unauthorized doesn't work because I 
  can't tell the difference between someone legitimately logging in properly and 
  one returning from a previous session.
   
  There doesn't seem to be anything in the browser 
  you can shut off, modify or otherwise fool.  CGI scripts come into play 
  far too late since all of the authenticating (or non-authenticating) has 
  already passed.  I tried looking at the SSL_SESSION_ID but it appears to 
  be different for every single hit to our web site from the same PC and browser 
  window.
   
  My httpd.conf file is pretty much default.  
  SSLSessionCache is set to shm:/var/cache/ssl_scache(512000)
  SSLSessionCacheTimeout 
  is set to 300
   
  I can get back onto my site hours later 
  (certainly more than 5 minutes) without re-authenticating.  Does anyone 
  have any ideas where to go from here?  I'm really stumped...
   


Re: I need help with a very tricky problem

2000-09-06 Thread Carlos Ramirez



Probably your best bet is to use mod_perl, Apache::Session or write your
own module to handle sessions.
These basically create a session file (cookie based or local file)
with a timestamp. This session file for is checked for every subsequent
request and force re-authentication if session expired (i.e. (now-timestamp)
> expiration).  This way logging off is automatic.
Hope this helps
-Carlos
 
Doug Poulin wrote:

I
need to figure out how to log a user off our web site and ensure that they
re-authenticate the next time they hit our site. On
the surface this seems like a very simple problem but it is not. 
Here is what happens. A
user logs on to our site using modauth, from an IE5 browser.  They
do a bunch of things and then they go off to some other URL, or for a coffee. 
If they don't close every single browser window then they remain authenticated
to our site FOREVER!  They (or anyone else sharing the same PC) can
return to our site and they get access right away without any authentication.
We have hospitals using our site who have
many staff sharing a PC, who each need to be able to sit down, look up
some info, then log off without a lot of hassles. Sending
a 401 Unauthorized doesn't work because I can't tell the difference between
someone legitimately logging in properly and one returning from a previous
session. There doesn't seem
to be anything in the browser you can shut off, modify or otherwise fool. 
CGI scripts come into play far too late since all of the authenticating
(or non-authenticating) has already passed.  I tried looking at the
SSL_SESSION_ID but it appears to be different for every single hit to our
web site from the same PC and browser window. My
httpd.conf file is pretty much default.  SSLSessionCache is set to
shm:/var/cache/ssl_scache(512000)   
SSLSessionCacheTimeout is set to 300 I
can get back onto my site hours later (certainly more than 5 minutes) without
re-authenticating.  Does anyone have any ideas where to go from here? 
I'm really stumped...

-- 
---
 Carlos Ramirez  +  Boeing  +  Reusable Space Systems  +  714.372.4181
---