Re: [us...@httpd] Re-negotiation handshake failed

your help. > > Kenneth Yeung > > > > *Serge Dubrouski * > > 04/15/2010 09:44 AM > Please respond to > users@httpd.apache.org > > To > users@httpd.apache.org > cc > Subject > Re: [us...@httpd] Re-negotiation handshake failed > > > >

Re: [us...@httpd] Re-negotiation handshake failed

sl.crt/mysite.crt" >     SSLCertificateKeyFile "C:/Apache2.2/conf/ssl.crt/mysite.key" > >     SSLInsecureRenegotiation on > >     >             Order deny,allow >             Allow from all > >         SSLVerifyClient require >         SSLVerifyDepth 1 &

Re: [EMAIL PROTECTED] Generic questions on Alias, JkMount etc.. priorities

es and would use only JkMount for active content. > > (I think I found the "SetHandler jakarta-servlet" somewhere in the > documentation of either Apache or Tomcat, but I think it's not at the same > place as the "JkMount/JkUnMount" documentation) > > > Many t

Re: [EMAIL PROTECTED] Question about the connector Apache x Tomcat

> The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the diges

Re: [EMAIL PROTECTED] how to configure apache+ssl+mod_jk+tomcat

n have different workers defined for different Tomcat instances and point different mounts to different workers. > > Thanks Again > > > On Mon, Jun 30, 2008 at 3:46 PM, Serge Dubrouski <[EMAIL PROTECTED]> wrote: >> It sounds like you have an HTTP virtual server configured

Re: [EMAIL PROTECTED] how to configure apache+ssl+mod_jk+tomcat

e" connectionTimeout="0" threadPriority="5" >connectionUploadTimeout="0" connectionLinger="0" >maxSpareThreads="50" maxThreads="200" > maxKeepAliveRequests="100" disableUploadTimeout=

Re: [EMAIL PROTECTED] how to configure apache+ssl+mod_jk+tomcat

er support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Serge Dub

Re: [EMAIL PROTECTED] balancer-manager gui issue

> the email posted by Mr. Narendra > > Cheers > > > > On Mon, May 12, 2008 at 6:09 PM, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > > > That is well understood, but why does balance-manager reports "Ok" > > status for members that failed on prev

Re: [EMAIL PROTECTED] balancer-manager gui issue

e done or is it issue related to balancer manager gui. > > > > Or can I change somewhat related to it. > > > > > > > > Please reply its a production issue.. > > > > > > > > Thanks > > > > Narendra > > > &g

Re: [EMAIL PROTECTED] balancer-manager gui issue

it gives > status 'err'. > > > > > > So issue is if I up the tomcat then this gui must change the status, > > How this can be done or is it issue related to balancer manager gui. > > Or can I change somewhat related to it. > > > > Please reply

Re: [EMAIL PROTECTED] Configure Apache to propagate servlet down condition back to load balancer

other. I am glad > that a better solution exists. > > Thanks for your help. > > > > Serge Dubrouski wrote: > > > I think it's quite possible and fairly easy. BigIP allows you to > > create a custom HTTP/S monitors for a particular URL. So create a > >

Re: [EMAIL PROTECTED] Configure Apache to propagate servlet down condition back to load balancer

; Thanks for any help. > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail:

Re: [EMAIL PROTECTED] client certification config (root and intermediate cert)

h another client certificate that only had > one certificate and that worked fine), so this is the only difference in > configuration I have done and that is why I dont include all the other > configuration. > > Any suggenstions? > > Thanks > > Cheers > Chris -

Re: [EMAIL PROTECTED] Client certificate - handshake failed

etrieve client certs in Java. > Any other suggestions what is going wrong are highly appreciated. Check this https://issues.apache.org/bugzilla/show_bug.cgi?id=12355 for more details on this problem. > > Cheers > Chris > > > > > > On Tue, Apr 8, 2008 at 9:54 PM, Serge Du

Re: [EMAIL PROTECTED] Client certificate - handshake failed

ror] Re-negotiation handshake failed: Not > accepted by client!? > > What am I missing? I got this working in Tomcat using the exact same > certificate. Is there a way to keep the client certificate > handling in Tomcat. > > Regards > /Christopher > > -- Serge Dubr

Re: [EMAIL PROTECTED] One IP, several vhosts with distinct SSL certificates

t; To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Serge Dubrouski. - The official User-To-User support forum

Re: [EMAIL PROTECTED] How to know the status of backend server(worker) running in loadbalancing environment (With mod_proxy_loadbalancer)

On Wed, Mar 19, 2008 at 8:47 AM, Narendra Verma <[EMAIL PROTECTED]> wrote: > Hi Serge Dubrouski > > First of all thanks a lot for giving idea about it. > Can you please tell me more about that how load balancer-manager shows that > how many times this or that balancer membe

Re: [EMAIL PROTECTED] High availability

On Wed, Mar 19, 2008 at 8:37 AM, Melanie Pfefer <[EMAIL PROTECTED]> wrote: > thanks but I also need whether apache can work with > Sun Cluster or veritas. Can you please advise? > thanks > > > --- Serge Dubrouski <[EMAIL PROTECTED]> wrote: > > > www.linu

Re: [EMAIL PROTECTED] How to know the status of backend server(worker) running in loadbalancing environment (With mod_proxy_loadbalancer)

, or traffic load then you need to use other tools, perhaps SNMP monitors. -- Serge Dubrouski. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To u

Re: [EMAIL PROTECTED] High availability

User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] >

Re: [EMAIL PROTECTED] How to know the status of backend server(worker) running in loadbalancing environment (With mod_proxy_loadbalancer)

ndler that can give you some limited information about balancer memebers. You can configure it like that: SetHandler balancer-manager Order allow,deny Allow from 127.0.0.1 > > I am using Apache2.2.8 mod_proxy2.2.8 with tomc

Re: [EMAIL PROTECTED] How to integrate Apache HTTPD 2.0.x + Tomcat 6.0.x

Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Serge Dubrouski. ---

Re: [EMAIL PROTECTED] https can;t be good for work

ificate CommonName (CN) > `localhost.localdomain' does NOT match server name!? > > > Edward. > > Serge Dubrouski wrote: > > What is the error message when you try selfsigned cert? > > On 9/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Hello

Re: [EMAIL PROTECTED] https can;t be good for work

? > Due to http need the 80 port, and https need the 443 port... > > Thanks ! > > Edward. > > > Serge Dubrouski wrote: > > This guide tells you how to create your own Certificate Authority. You > can't use CA cert as a server SSL cert you have to use it for s

Re: [EMAIL PROTECTED] http and https

OTECTED] >" from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Serge Dubrouski. - The official User-To-User support forum of the Apache HTTP Server Project. S

Re: [EMAIL PROTECTED] https can;t be good for work

ECTED] <[EMAIL PROTECTED]> wrote: > > Hello, > > Following this guide ! > http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca > > Edward. > > > Serge Dubrouski wrote: > > Where did you get you SSL certificate? Look like it's not the right one.

Re: [EMAIL PROTECTED] https can;t be good for work

self-signed SSL Certificate, and the Web Server come > with FC6 System. > > Thanks ! > > Edward. > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apac

Re: [EMAIL PROTECTED] need mod_proxy_ajp example

ial User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: [EMAIL PROTECTED] LoadBalancing with sessions

choose the way they develop. We couldn't say users to store sessions on DB or Disk As I said the standard practice is to use sticky sessions and have shared storage with presistent sessions for failover case if one node dies. thanks, Cheers! Serge Dubrouski escribió: > 1. Apache + mo

Re: [EMAIL PROTECTED] LoadBalancing with sessions

he.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Serge Dubrouski. - The official User-To-User su

Re: [EMAIL PROTECTED] Monitoring apache's mod_proxy_balancer

On 6/14/07, Tom Haddon <[EMAIL PROTECTED]> wrote: On Thu, 2007-06-14 at 13:02 -0600, Serge Dubrouski wrote: > I wouldn't rely on balancer_manager for a such monitoring because I've > seen situations when it reported "Ok" status for workers that were > down. Is

Re: [EMAIL PROTECTED] Monitoring apache's mod_proxy_balancer

I wouldn't rely on balancer_manager for a such monitoring because I've seen situations when it reported "Ok" status for workers that were down. As alternative method you can use sniffing Apache error_log file for the messages about disabled workers. You can OSSEC for that for example. On 6/14/07

[EMAIL PROTECTED] LimitRequestBody and mod_ssl

igger than 128K over HTTPS, in spite of the fact that default limit for HTTP is 2Gb. Apache sends "Request Entity Too Large" error to the client. Was it designed like that on purpose or mod_ssl developers just overlooked support for LimitRequestBody? Should I create a Bugzilla repor

Re: [EMAIL PROTECTED] httpd 2.2.4 rpm file

Build it yourself with rpmbuild and 2.2.4 sources. On 6/6/07, allen green <[EMAIL PROTECTED]> wrote: where can i find httpd-2.2.4 i386.rpm ? Send instant messages to your online friends http://uk.messenger.yahoo.com - The offi

Re: [EMAIL PROTECTED] mod_proxy_balance never recovers from a worker error with stickysession

x27;t think that after restart Tomcat will be able to restore previous session unless you set up some kind of session persistence. Serge Dubrouski. On 5/30/07, Dale Ogilvie <[EMAIL PROTECTED]> wrote: Hello, I am running Apache 2.2.3 on RedHat EL 5. I am trying to use Apache to load balance

Re: [EMAIL PROTECTED] Apache load balancing https request

Something isn't clear here. If you use mod_jk that means that you use AJP connector on Tomcat side. That's not HTTP neither HTTPS. https://192.168.62.2:8443/login.do probably works because you configured HTTPS connectors along with AJP but did you configure Apache to connect to those connectors?

Re: [EMAIL PROTECTED] Multiple certs & virtual hosts

You can't have 2 different SSL certificates on one IP address. See the FAQ. On 5/9/07, Mark Drummond <[EMAIL PROTECTED]> wrote: Hi all, I have two different key files and their associated certs in PEM encoded files. I have two virtualhosts defined. The virtualhosts are working fine, in as much

Re: [EMAIL PROTECTED] any luck using shared memory for mod_ssl SSLSessionCache ?

Works fine for me. Apache 2.2.3 compiled with gcc 2.95.3 under Solaris 8. On 4/23/07, Yannick Mercier <[EMAIL PROTECTED]> wrote: I wonder if anyone is succesfully using shm for mod_ssl SessionCache I dont.. under Solaris8 with apache 2.2 when I set SSLSessionCache to shm:/opt/apache/logs/ss

Re: [EMAIL PROTECTED] Is it possible for Apache to randomly select different URLs to serve up?

A simple JavaScript serving as a main page and redirecting users to a random URI from your site would do. I don't think that it would be possible to do on Apache configuration level On 4/18/07, mraible <[EMAIL PROTECTED]> wrote: Is it possible for Apache to randomly select different URLs to ser

Re: [EMAIL PROTECTED] Is it possible to use SSLRequire to give differentially access to a directory and asubdirectory?

I'm affraid you are mixing up 2 different things: control of user access to the site and control type of access to your site. SSLRequireSSL can't control what users can get access to the particular directory but it can control that access to that directory will be provided through SSL enabled conn

Re: [EMAIL PROTECTED] A newbie question about mod_rewrite configuration

On 3/20/07, Charles Michener <[EMAIL PROTECTED]> wrote: Hi - I'm trying to create a mod_rewrite solution to the following problem: I want to enter http://www.myvirtualdomain.com/1234abc.htm and have mod_rewrite translate that URL to http://www.myvirtualdomain.com/index.php?SKU=1234abc Also,

Re: [EMAIL PROTECTED] Russian characters

On 3/12/07, Thomas Blanchin <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I have a problem getting some httpd servers displaying russians characters. I have different machines serving the same content (mounted via nfs). - - All servers run httpd 2.0.52 and php

Re: [EMAIL PROTECTED] Getting apxs

mod_jk isn't deprecated and currently is actively developed. To get apxs install httpd-devel rpm On 2/28/07, Mike VanHorn <[EMAIL PROTECTED]> wrote: On 2/28/07 11:31 AM, "Nick Kew" <[EMAIL PROTECTED]> wrote: > On Wed, 28 Feb 2007 11:22:40 -0500 > Mike VanHorn <[EMAIL PROTECTED]> wrote: > >>

Re: [EMAIL PROTECTED] RE: Load balancing among remote proxies.

On 2/27/07, Mark Lavi <[EMAIL PROTECTED]> wrote: Apache is not a load balancer. http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html I am not aware of a third party module that adds balancing functionality (try searching the web or http://modules.apache.org/). You may wish to look a

Re: [EMAIL PROTECTED] Apache mod_jk ssh port_forwarding

May be you shouldn't use mod_jk at all? I'd configure HTTPS connector in Tomcat and use mod_proxy between Apache and Tomcat. In this case the channel will be encrypte with standard SSL. On 2/19/07, AFrieze <[EMAIL PROTECTED]> wrote: Hi everyone I am using Apache to serve static content and to a

Re: [EMAIL PROTECTED] mod_jk HOW to

http://tomcat.apache.org/connectors-doc/index.html On 2/15/07, Tracy12 <[EMAIL PROTECTED]> wrote: Hi, Can somebody point out a documentation to install mod_jk on apache 2.2. What are the dependencies? and pre requists that I should have Thanks -- View this message in context: http://www.n

Re: [EMAIL PROTECTED] unknown requests from localhost/127.0.0.1

On 2/6/07, Joshua Slive <[EMAIL PROTECTED]> wrote: On 2/6/07, Coach-X <[EMAIL PROTECTED]> wrote: > Just updated apache from 2.0.59 to 2.2.4. Server is running fine but > the log file shows hundreds of request like the following in the main > access log: > > 127.0.0.1 - - [06/Feb/2007:14:33:29 -0

Re: [EMAIL PROTECTED] simple rewrite rule

There is a RewriteCond with which you can build any kind of rewriting/redirection rules. On 2/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, Is there a rewrite option for stopping the redirects, like ReverseProxyPass? I looked in the manual but could not find. thanks H.Todorov > Quot

Re: [EMAIL PROTECTED] Re:Re: [EMAIL PROTECTED] simple rewrite rule

On 2/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: On 2/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> Hi, >> >> I would like to have a path like /go/ after which the address to be proxied. >> This is the config: >> >> >> >>SSLCipherSuite MEDIUM >>SSLRequireSSL >> >> Auth

Re: [EMAIL PROTECTED] simple rewrite rule

On 2/2/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, I would like to have a path like /go/ after which the address to be proxied. This is the config: SSLCipherSuite MEDIUM SSLRequireSSL AuthType Digest AuthName "Restricted Area" AuthDigestDomain /go/ AuthDigestPr

Re: [EMAIL PROTECTED] apache + ssl: client denied by server configuration

Have you tried to add Order Allow,Deny Allow from all into your config? On 1/26/07, Sam Carleton <[EMAIL PROTECTED]> wrote: I am trying to get SSL up and running on my new apache server. The server starts up just fine and serves up regular pages on port 80, but when I direct it towards th

Re: [EMAIL PROTECTED] SSL Certificate on Intranet Virtual Host

For SSL it won't work because SSL session gets established before URL is parsed. On 1/25/07, Rob Sterenborg <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] wrote: > I run several intranet sites for our company on a linux > server using VirtualHosts. I've created a wildca

Re: [EMAIL PROTECTED] Turning Off Access Log

Remove all CustomLog/TransferLog from your httpd.conf as Sander already said. On 1/24/07, Arthur Kreitman <[EMAIL PROTECTED]> wrote: But its on windows! > -Original Message- > From: Serge Dubrouski [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 24, 2007 10:53

Re: [EMAIL PROTECTED] Turning Off Access Log

CustomLog /dev/null common if it's UNIX/Linux On 1/24/07, Arthur Kreitman <[EMAIL PROTECTED]> wrote: I don't see an option to stop logging http requests. Is there one? - The official User-To-User support forum of the Apa

Re: [EMAIL PROTECTED] Using multiple virtual hosts with SSL on a single IP system

The only way to make it work is by adding additional IP addresses and setting VirtualHosts on those addresses, each with it's own certificate. You can't have several certs on one IP address. On 1/24/07, Bijan Vakili <[EMAIL PROTECTED]> wrote: Hi, I have a Solaris 10 system running Apache

Re: [EMAIL PROTECTED] Re: Apache-Jboss Connector - file was not found

lem is related to the > session across JBoss / Tomcat and Apache HTTP. > Am I missing anything in the Virtual Host configuration? Something > related to cookies or session id? > Thanks again for your help. > > Alessandro Ilardo > > Serge Dubrouski ha scritto: >> On 1/23/07,

Re: [EMAIL PROTECTED] Does apache check client certificate even if SSLVerifyClient is none?

Thank you. >From: "Serge Dubrouski" <[EMAIL PROTECTED]> >Reply-To: users@httpd.apache.org >To: users@httpd.apache.org >Subject: Re: [EMAIL PROTECTED] Does apache check client certificate even if >SSLVerifyClient is none? >Date: Tue, 23 Jan 2007 15:46:12 -0700 >

Re: [EMAIL PROTECTED] Does apache check client certificate even if SSLVerifyClient is none?

How does a client send a certificate if Apache doesn't ask for it? What kind of a "client" do you have? Is it a regular browser? On 1/23/07, DEVAL SHAH <[EMAIL PROTECTED]> wrote: Hello, I have a configuration in Apache file setup for SSL. I am not doing client authentication as SSLVerifyClient i

Re: [EMAIL PROTECTED] Apache-Jboss Connector - file was not found

On 1/23/07, Alessandro Ilardo <[EMAIL PROTECTED]> wrote: I'm trying to set up an AJP connector between Apache 2 (red hat) and Jboss 3.2 (windows server) ServerName server1.domain.com DocumentRoot "/var/www/html" JkMount /id/admin/* jboss322 Here you set "a redirection" for all

Re: [EMAIL PROTECTED] IP based http->https redirection

mod_rewrite is your friend: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html You can build RewriteCond based on REMOTE_HOST/REMOTE_ADDR and use RewriteRules then. Something like RewriteCond %{REMOTE_HOST} ^host1.* RewriteCond %{REMOTE_HOST} ^host2.* RewriteCond %{REMOTE_HOST} ^host3.*

Re: [EMAIL PROTECTED] Apache gives SSL Library error complaining about common name - Help

t know what to tell then Any other idea? Can this be related to machine configuration. It could be related ro installed verision of OpenSSL. You said that your clients don't have problem with accessing other SSL server of yours. Compare their configration then. Thank you. Deval >Fro

Re: [EMAIL PROTECTED] Apache gives SSL Library error complaining about common name - Help

Ok. I believe that the problem in in the proxy. Client certificates AREN'T proxied. As far as I remember, you have you server configured with "SSLVerifyClient Required", that means that client MUST provide a certificate to get access, but their proxy doesn't ask for it and doesn't peresnt it tou y

Re: [EMAIL PROTECTED] Client Certificate authentication not working

What version of Apache do you use? There is a well known problem for this in Apache 2.0.XX (there is an unofficial patch for it but I didn't try it) and the only way to fix it is to upgrade to Apache 2.2.XX. On 1/19/07, DEVAL SHAH <[EMAIL PROTECTED]> wrote: Hello, Please help me I have been tryi

Re: [EMAIL PROTECTED] Problem with Apache + Tomcat + SSL + mod_rewrite

It would be good to take a look at you Tomcat's server.xml (connectors part) file as well. Without that it's hard to answer your questions. Bu there are some answers: On 1/18/07, Tomo <[EMAIL PROTECTED]> wrote: Could anyone help me with a problem I have using mod_rewrite to send an https reques

Re: [EMAIL PROTECTED] Simple perl question

s it's a really generic script. On 1/11/07, Israel Brewster <[EMAIL PROTECTED]> wrote: On Jan 11, 2007, at 6:22 AM, Serge Dubrouski wrote: > DO NOT REMOVE that #!/usr/bin/perl line. Without it OS tries to run it > as a binary (ELF or whatever is appropriate for your systen ) file and

Re: [EMAIL PROTECTED] Simple perl question

- On Jan 10, 2007, at 4:31 PM, Serge Dubrouski wrote: > So you don't have perl available at all? Then you definetely need > mod_perl. Have you tried to change your LoadModule line for mod_perl > like I suggested erlier? > > On 1/10/07, Israel Brewster <[EMAIL PROTECTED]&g

Re: [EMAIL PROTECTED] Simple perl question

Airport Industrial Rd Fairbanks, AK 99709 ------- On Jan 10, 2007, at 2:35 PM, Serge Dubrouski wrote: > Do not remove #!/usr/bin/perl line! Without it OS doesn't know how to > run that file. > > On 1/10/07, Israel Brewster <[EMAIL PROTECTED]> wrote: &g

Re: [EMAIL PROTECTED] Simple perl question

--- Israel Brewster Computer Support Technician Frontier Flying Service INC. 5245 Airport Industrial Rd Fairbanks, AK 99709 --- On Jan 10, 2007, at 1:39 PM, Serge Dubrouski wrote: > For this configuration you need to have mod_perl installed on y

Re: [EMAIL PROTECTED] Simple perl question

Sorry, didn't read your mail to the end. Try to replace LoadModule mod_perl /usr/local/lib/mod_perl.so With LoadModule perl_module /usr/local/lib/mod_perl.so On 1/10/07, Serge Dubrouski <[EMAIL PROTECTED]> wrote: For this configuration you need to have mod_perl installed on your

Re: [EMAIL PROTECTED] Simple perl question

For this configuration you need to have mod_perl installed on your server. Why don't you simply put your script into your cgi-bin directory? On 1/10/07, Israel Brewster <[EMAIL PROTECTED]> wrote: I don't know if what I am trying to do here is even possible (sane?) but I thought I'd ask. I am run

Re: [EMAIL PROTECTED] Apache and client certs

on to the application server only using mod_ssl and mod_proxy or... have I to add mod_jk too? You'll have to use mod_jk. Please let me know. Thanks manuciao *"Serge Dubrouski" <[EMAIL PROTECTED]>* 30/12/2006 16.32 Please respond to users@httpd.apache.org

Re: [EMAIL PROTECTED] Apache and client certs

On 12/30/06, toadie D <[EMAIL PROTECTED]> wrote: It is possible to use reverse proxy to pass a PEM Encoded Certificate as a HTTP header to a backend server. Make sure you have this directive in your config file SSLOptions +ExportCertData Then use mod_headers to set the header RequestHeader M

Re: [EMAIL PROTECTED] Apache 2.2.3 installation not as root

ooking into the file /etc/httpd/conf.d/ssl.conf ? 2. When or where in the Server code does it look for ssl.conf ? Basically I'm looking for the initial steps that occur once we call apachectl start Thanks again. On 12/29/06, Serge Dubrouski <[EMAIL PROTECTED]> wrote: > That because

Re: [EMAIL PROTECTED] Apache 2.2.3 installation not as root

That because in 2.2.3 it's extra/httpd_ssl.conf On 12/29/06, Shweta Patel <[EMAIL PROTECTED]> wrote: I do not have the permissions to do so and hence was looking for alternatives. I greped the source for httpd.2.2.3 but could not find an explicit reference to the path "/etc/httpd/conf.d/ssl.con

Re: [EMAIL PROTECTED] Apache and client certs

I've been watching this forum for sometime and this question appeared here several times. So far nobody posted a solution that would allow Apache working as proxy to pass client certificate to a backend server. The only worked way was Apache (2.2.3) + mod_jk + Tomcat which isn't applicable to your

Re: [EMAIL PROTECTED] httpd 2.2.3 as an SSL proxy with a client certificate fails on connect

Errors that you posted were from proxy server that couldn't connect to the backend, so: 1. It would be good to check log files on backend whatever it is. 2.. Also it would be a good idea to install browser ot the proxy server (or connect computer with browser to that network) and check direct co

Re: [EMAIL PROTECTED] httpd 2.2.3 as an SSL proxy with a client certificate fails on connect

If it used to work and now doesn't most probably that there is an expired certificate somewhere. It could be client certificate that proxy uses to authenticate on the backend server or root CA's certificate that signed that client's certificate. On 12/24/06, Shai Yallin <[EMAIL PROTECTED]> wrote:

[EMAIL PROTECTED] ap_get_scoreboard_lb failed

Hello - What could be the reason for the following error messages in the error log file: [error] proxy: ap_get_scoreboard_lb(4) failed in child 18765 for worker Platform is Solaris 8, Apache 2.2.3 some ProxyPass and ProxyPassReverse configured.

Re: [EMAIL PROTECTED] mod_autoindex not cooperating

On 12/13/06, David Scott <[EMAIL PROTECTED]> wrote: David Scott wrote: Nope, this simply does not work for me. Here is the latest httpd.conf snippet: Listen 3002 Alias /static /home/david/pix/html/static DocumentRoot /home/david/pix/html Try to replace your tags with tags lik

Re: [EMAIL PROTECTED] Apache 2.2.3 monitor

If application is really critical take a look at http://www.linux-ha.org/ Otherwise a simple cronjon would do. On 12/6/06, Lucuk, Pete <[EMAIL PROTECTED]> wrote: Hello, I have Apache 2.2.3 with mod_ssl and mod_jk installed and they work like a champ! I am now wrapping up my Apache setup w

Re: [EMAIL PROTECTED] apache client authentication problem (somewhat long)

On 11/28/06, Bill Tangren <[EMAIL PROTECTED]> wrote: Serge Dubrouski wrote: > Your client submits certificate signed by CA which certificate you > don't have in your SSLCACertificatePath. Actually it looks like you > incorrectly configured it. You have: > > SSLCACerti

Re: [EMAIL PROTECTED] apache client authentication problem (somewhat long)

So you have a bunch of .cer files. Then you have to use SSLCACertificatePath and links with hashes as names. It can't be just one file with once certificate unless all your client have certificates signed by one CA. On 11/28/06, Bill Tangren <[EMAIL PROTECTED]> wrote: Serge Dubr

Re: [EMAIL PROTECTED] Apache, mod_jk, client certificates, and Jetty

ED] Apache, mod_jk, client >certificates, and Jetty > > > >>-Original Message- >>From: Serge Dubrouski [mailto:[EMAIL PROTECTED] >>Sent: Tuesday, November 28, 2006 12:08 PM >>To: users@httpd.apache.org >>Subject: Re: [EMAIL PROTECTED] Apache, mod_jk, c

Re: [EMAIL PROTECTED] apache client authentication problem (somewhat long)

Your client submits certificate signed by CA which certificate you don't have in your SSLCACertificatePath. Actually it looks like you incorrectly configured it. You have: SSLCACertificateFile /etc/httpd/conf/ssl.crt/root.crt SSLCACertificatePath /etc/httpd/conf/ssl.crt You should use just one o

Re: [EMAIL PROTECTED] Apache, mod_jk, client certificates, and Jetty

>> >> acutual mod_jk stuff? >> >> >> > >> >I'd put mod_jk stuff before mod_ssl stuff. But I don't >think that it >> >matters. >> >> I will try it and see if it works, once again, thank you >> >> > >> >

Re: [EMAIL PROTECTED] Apache, mod_jk, client certificates, and Jetty

On 11/28/06, Lucuk, Pete <[EMAIL PROTECTED]> wrote: >-Original Message- >From: Serge Dubrouski [mailto:[EMAIL PROTECTED] >Sent: Tuesday, November 28, 2006 11:18 AM >To: users@httpd.apache.org >Subject: Re: [EMAIL PROTECTED] Apache, mod_jk, client >certificates,

Re: [EMAIL PROTECTED] Apache, mod_jk, client certificates, and Jetty

k stuff? I'd put mod_jk stuff before mod_ssl stuff. But I don't think that it matters. Thanks for your responses, I appreciate your help >-Original Message- >From: Serge Dubrouski [mailto:[EMAIL PROTECTED] >Sent: Tuesday, November 28, 2006 10:53 AM >To: users

Re: [EMAIL PROTECTED] Apache, mod_jk, client certificates, and Jetty

On 11/28/06, Lucuk, Pete <[EMAIL PROTECTED]> wrote: I am trying to perform the following... Browser_client_with_client_certificate<--https-->apache_with_mod_jk<--ht tps-->Jetty Also, the browser client is passing a client certificate that I want Jetty to have access to perform A&A. Browser ve

Re: [EMAIL PROTECTED] Vhosts & Statistics

Configure you vhosts to log to separate files and use any kind of standard stat tools: awstats, analyze, etc. Also as far as I remember awstats allows you to configure building reports for particular site form common log files. On 11/27/06, Scott Wilcox <[EMAIL PROTECTED]> wrote: hey folks.

Re: [EMAIL PROTECTED] How to send WHOLE SSL_CLIENT_CERT in reverse proxy?

er is a 3.x version of Jboss that uses Jetty as the Servlet engine. Can you use AJP with Jetty? If not, is there some simple way to yank out the new lines in SSL_CLIENT_CERT on the reverse proxy? thanks >-Original Message- >From: Serge Dubrouski [mailto:[EMAIL PROTECTED] >Sent:

Re: [EMAIL PROTECTED] How to send WHOLE SSL_CLIENT_CERT in reverse proxy?

What is the backend serverf? If it's Tomcat or JBoss I'd suggest to use AJP connector that allows to pass client certificates to backend. On 11/22/06, Lucuk, Pete <[EMAIL PROTECTED]> wrote: Hello, I currently have a HTTPS reverse proxy setup and it works like a champ! I am trying to pass the c

[EMAIL PROTECTED] Apache 2.2.3 + SSL + NT 4.0 Client

ideas about the reason for the such strange behavior? Thanks. Serge Dubrouski. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe

Re: [EMAIL PROTECTED] client side certificates authentication in virtual hosts

On 11/8/06, Benjamin Cuthbert <[EMAIL PROTECTED]> wrote: They does not sound like such a good idea, what if i bound the new virtual host to a new IP address would i then be able to run both in different modes ?That sounds much better. And you will be able to have different Server certificates and

Re: [EMAIL PROTECTED] client side certificates authentication in virtual hosts

On 11/8/06, Benjamin Cuthbert <[EMAIL PROTECTED]> wrote: All Can you run two SSL virtual host URLS on the same IP address and have one running with no client certificate authentication and one running without It's possible if having one VirtualHost complaining about wrong Server Certificate i

Re: [EMAIL PROTECTED] Problem building apache 2.2.23 with mod_ldap_auth

support in apr-util is disabled. Don't forget to run make clean before recompiling. Regards. On 11/1/06, Serge Dubrouski <[EMAIL PROTECTED]> wrote: I'm not sure, but I think that there is a conflict between apr-utl-devel rpm installed on your CentOS box and apr delivered with Apac

Re: [EMAIL PROTECTED] Problem building apache 2.2.23 with mod_ldap_auth

ackages openldap.i3862.2.13-6.4E installed openldap-clients.i3862.2.13-6.4E installed openldap-devel.i386 2.2.13-6.4E installed All in /usr/lib and /usr/include as far as I can tell. > -Original Message- > From: Serge Dubrous

Re: [EMAIL PROTECTED] Problem building apache 2.2.23 with mod_ldap_auth

Do you have openldap-devel rpm installed? On 10/31/06, Quentin North <[EMAIL PROTECTED]> wrote: John Thanks for your reply > -Original Message- > From: John P. Dodge [mailto:[EMAIL PROTECTED] > > On Fri, 27 Oct 2006, Quentin North wrote: > > > Im trying to build apache 2.2.23 on Centos

Re: [EMAIL PROTECTED] Apache2 Proxy to Tomcat backend

Have you tried to use AJP connector instead of proxying? On 10/31/06, Roger Hendrix at Baldor-IS <[EMAIL PROTECTED]> wrote: Greetings: I am trying to configure an Apache front-end Proxy Service to talk to a backend Tomcat Server. The Apache Server is:apache2-2.0.49-27.59 The Tomcat Server

Re: [EMAIL PROTECTED] multiple vhosts on port 80 and port 443

On 10/19/06, Bill Angus <[EMAIL PROTECTED]> wrote: In my Windows 2k environment, there was no way I could manage to get Apache 2 (any version) to listen to port 443 and serve SSL to multiple name-based hosts or even to multiple ip based hosts. Then you did something wrong. Because it is legal

Re: [EMAIL PROTECTED] multiple vhosts on port 80 and port 443

On 10/19/06, Gregor Schneider <[EMAIL PROTECTED]> wrote: Hi owen, On 10/19/06, Boyle Owen <[EMAIL PROTECTED]> wrote: > The question is usually asked by people who haven't thought long enough > about why they want to use SSL. They think because it's encrypted on the > wire, that's already pretty

  1   2   >