ursday, October 30, 2008 10:21 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_ssl + basic auth
That doesn't seem to work for me. I mean, it asks me for the
certificate, however if the certificate is accepted, it will still check
if it is inside the lan or if the user/pass is ok. Wh
e of the , just in your
> .
>
> Also, seems that "optional" is not supported by all browsers. You must use
> "require".
>
>
> --
> *From:* Ricardo Ramos [mailto:[EMAIL PROTECTED]
> *Sent:* Wednesday, October 29, 2008 11:06 PM
> *T
Ramos [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2008 11:06 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] mod_ssl + basic auth
Hi!
I want to do this: check if the client sends me a certificate which my
self-signed CA has signed or if the client is inside the same network or
if
Hi!
I want to do this: check if the client sends me a certificate which my
self-signed CA has signed or if the client is inside the same network or if
the client enters a username+password.
However, with this, I can't have my browser(s) prompting me for a
certificate.. it just seems that that par
Hi all,
It's me again ;-))
After the succesful build of httpd-2.2.9 under Solaris 10 SPARC, i ran into a
SSL problem during the tests - the error_log output (Level: debug) is attached.
Any ideas?
Liebe Grüsse,
Wulf Kaiser
___
IT Services - Web & Database Developmen
On Thu, 2008-06-12 at 15:57 +0200, André Warnier wrote:
>
> Agnello George wrote:
> >> The openssl command will always prompt you for a password.
>
> Just by curiosity : you cannot just enter for the pass-phrase I
> guess, or ?
With the versions I've used, it won't accept an empty passphrase
> Is this the way to go about creating ssl certificates fro multiple domains,
> or is there any other alternate way ??
You can't have namevirtual hosts with ssl support. what you are trying
won't work, unless you have the SNI patch...
Krist
--
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Bremgarten b.
Agnello George wrote:
The openssl command will always prompt you for a password.
Just by curiosity : you cannot just enter for the pass-phrase I
guess, or ?
-
The official User-To-User support forum of the Apache HTTP Se
> The openssl command will always prompt you for a password. The trick is
> to *remove* the password afterward by passing the cert through openssl
> again. I believe the command is like this:
>
> openssl rsa -in server.crt -out server-nopasswd.crt
>
> I'm working from memory here, so check this pag
On Thu, 2008-06-12 at 18:37 +0530, Agnello George wrote:
>
>
> Try re-creating your keys, but this time without entering a
> passkey.
> Otherwise you'll have to enter it each time you start Apache.
>
> how is that done i use the following command to create the
>
>
> Try re-creating your keys, but this time without entering a passkey.
> Otherwise you'll have to enter it each time you start Apache.
how is that done i use the following command to create the certificate
cd /usr/local/apache2/conf/
openssl req -new -x509 -days 30 -keyout server.key -out ser
Hi.
Try re-creating your keys, but this time without entering a passkey.
Otherwise you'll have to enter it each time you start Apache.
Agnello George wrote:
Hi
I am trying to implement ssl on my Apache server for multiple domains . I
have created a self -signed certificate using the followin
Hi
I am trying to implement ssl on my Apache server for multiple domains . I
have created a self -signed certificate using the following command .
( For domain agnello.com )
openssl req -new -x509 -days 30 -keyout
/usr/local/apache2/conf/domains_ssl/agnello.com/server.key -out
/usr/local/apac
Hi there.
I realized I didn't have the right files, so I redid the cert
generation by restructuring that command, and it started to work.
Now if I could only get my browser to respect the self signed cert.
On Mar 17, 2008, at 5:00 PM, Krist van Besien wrote:
# openssl errstr 0B080074
er
On Mon, Mar 17, 2008 at 5:04 PM, Rich <[EMAIL PROTECTED]> wrote:
> Hi folks. I'm having some issues with mod_ssl and I was told this is
> the place to be asking such questions.
>
> [Mon Mar 17 11:47:58 2008] [error] mod_ssl: Init: (wasabi.local:443)
> Unable to configure RSA server private key
Hi folks. I'm having some issues with mod_ssl and I was told this is
the place to be asking such questions.
[Mon Mar 17 11:47:58 2008] [error] mod_ssl: Init: (wasabi.local:443)
Unable to configure RSA server private key (OpenSSL library error
follows)
[Mon Mar 17 11:47:58 2008] [error] Ope
I'm trying to compile 2.0.63 with a mod_ssl that will accept the
"SSLCryptoDevice" directive. I tried adding
--enable-rule=SSL_EXPERIMENTAL to ./configure and then doing make, but
that didn't work. How do I do this?
Thanks,
Brian
On 10/24/07, William Westbrooks <[EMAIL PROTECTED]> wrote:
>
> How do I unsubsribe to stop recieveing these emails?
Start by not being rude to all the other list subscribers. One such
request for help is more than enough.
Then read the bottom of each list message:
> See http://httpd.apache.org/u
How do I unsubsribe to stop recieveing these emails?
-Original Message-
>From: Joshua Slive <[EMAIL PROTECTED]>
>Sent: Oct 24, 2007 10:34 AM
>To: users@httpd.apache.org
>Subject: Re: [EMAIL PROTECTED] mod_ssl: behaviour with no client cert
>
>On 10/23/07, Peng, T
On 10/23/07, Peng, Thierry <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi
>
>
>
> I have a question about the mod_ssl. I've enabled the SSLVerifyClient in the
> apache2.conf with the parameter require. This works perfectly, although,
> when a user does not have a certificate, it sends only a not very mean
Hi
I have a question about the mod_ssl. I've enabled the SSLVerifyClient in
the apache2.conf with the parameter require. This works perfectly,
although, when a user does not have a certificate, it sends only a not
very meaningful failure code back: in example -12195.
Now, I'd like to replace t
> -Original Message-
> From: Jeff Fulmer [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 11, 2007 7:23 PM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] mod_ssl revisited
>
> Now I'm back to the original problem. I turned off name
> resolution
Now I'm back to the original problem. I turned off name resolution and I
restarted apache. The virtual host for www.myserver.com:443 works as
expected. However, this error continues to repeat itself in the logs:
[Wed Jul 11 13:14:39 2007] [info] Connection to child 22 established
(server www.myser
users@httpd.apache.org
Subject: [EMAIL PROTECTED] mod_ssl and client cert
Hello everyone.
I've an apache 2.2.4 up and running!
I've this configuration in my ssl.conf file:
Listen xxx.xxx.xxx.xxx:443
ServerName xxx.xxx.xxx.xxx:443
ErrorLog /opt/CHROOT/HTTPD-2.2.4/logs/error_log
TransferLog /o
Hello everyone.
I've an apache 2.2.4 up and running!
I've this configuration in my ssl.conf file:
Listen xxx.xxx.xxx.xxx:443
ServerName xxx.xxx.xxx.xxx:443
ErrorLog /opt/CHROOT/HTTPD-2.2.4/logs/error_log
TransferLog /opt/CHROOT/HTTPD-2.2.4/logs/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EX
Mike VanHorn wrote:
> The report that I got specifically refers to mod_ssl. It says that "mod_ssl
> older than 2.87" has a buffer overflow problem; does this sound like
> something that applies to Apache 1.x?
2.87 was modssl.org numbering. Someone doesn't know wth they are talking
about :)
-
The report that I got specifically refers to mod_ssl. It says that "mod_ssl
older than 2.87" has a buffer overflow problem; does this sound like
something that applies to Apache 1.x?
I have OpenSSL 0.9.7, so I would hope that's not what they're complaining
about.
Thanks!
On 4/13/07 2:13 PM, "W
Mike VanHorn wrote:
>
> I have Apache 2.2.2, and the version given for mod_ssl is 2.2.2.
>
> We were recently audited and the audit report notes that our version of
> mod_ssl is old.
2.2.4 is current.
Are you certain that is what they identified? It might also be that the
version of OpenSSL wa
On 4/13/07, Mike VanHorn <[EMAIL PROTECTED]> wrote:
I have Apache 2.2.2, and the version given for mod_ssl is 2.2.2.
We were recently audited and the audit report notes that our version of
mod_ssl is old. I can't find anything that tells me where I can go to get a
newer version of mod_ssl fo
I have Apache 2.2.2, and the version given for mod_ssl is 2.2.2.
We were recently audited and the audit report notes that our version of
mod_ssl is old. I can¹t find anything that tells me where I can go to get a
newer version of mod_ssl for Apache 2.2.x; I did find some higher version
numbers fo
On Mar 29, 2007, at 1:25 PM, Rodman wrote:
A, that makes so much more sense. I didn't even think to have
two virtual hosts of the same site but have one of them SSL while
the other is standard port 80. Redirecting should be easy then.
Yes, if you put your Redirect in the main server
al Message -
From: "Joshua Slive" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 29, 2007 2:46 PM
Subject: Re: [EMAIL PROTECTED] mod_ssl question
On 3/29/07, Rodman <[EMAIL PROTECTED]> wrote:
Great!! Now I have to figure out how to do it. You wouldn't happen
On 3/29/07, Rodman <[EMAIL PROTECTED]> wrote:
Great!! Now I have to figure out how to do it. You wouldn't happen to have
a link handy with some basic instructions on how to secure just a directory
instead of an entire site? I'm guessing that I would have to use some sort
of SSL container insi
st a guess.
I'll check with godaddy and see what I can dig up for cheaper
certificates...
Rodman
- Original Message -
From: "Dragon" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 29, 2007 11:17 AM
Subject: Re: [EMAIL PROTECTED] mod_ssl question
Rodman
Rodman wrote:
Hello,
Have a question pertaining to using mod_ssl on one of my virtual
sites. I am running a web mail application in a directory on one of
my sites and I was wondering if it would be possible to secure just
a particular directory and everything under it. For example, my
site
Hello,
Have a question pertaining to using mod_ssl on one of my virtual sites. I am
running a web mail application in a directory on one of my sites and I was
wondering if it would be possible to secure just a particular directory and
everything under it. For example, my site is www.example.c
On Jan 22, 2007, at 8:21 AM, John Flores wrote:
I am looking for instrunctions on how to disable mod_ssl for 1.3
and 2.0.
Comment out the LoadModule line in httpd.conf and restart your server.
Alternatively, many server installations wrap the SSL configuration
in an block. To turn of mo
I am looking for instrunctions on how to disable mod_ssl for 1.3 and 2.0.
Thanks,
John Flores
Hello,
I'm just struggling around with using Connection: Upgrade. I issue a GET /
HTTP/1.1-request (see bottom for the exact one) and the part of the reply
which is generated by php is send in cleartext (the client naturally doesn't
want to accept that and closes the connection):
[pid 16349] recv
It'll be really hard to help you without seeing your config files. At
least proxy and ssl part. Usually people use mod_rewrite and mod_proxy
for proxying front-end HTTPS requests to the backend servers. With
SSLProxyEngine on it works just fine.
On 9/18/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> w
I've been trying to find a good reference for setting up ssl between our
Apache reverse proxy server and back-end web application servers. No luck
so far. Here's our setup:
Apache 2.2.2 reverse proxy server (RPS)
===
Reverse proxy function is working g
AIL PROTECTED]
> Sent: Thursday, August 10, 2006 3:48 PM
> To: users@httpd.apache.org
> Subject: Re: [EMAIL PROTECTED] mod_ssl with Httpd2.2
>
> Hi,
>
> [EMAIL PROTECTED] wrote:
>> Here is the error:
>>
>>
>> Starting httpd: httpd: Syntax error on
mod_ssl.so is not available at modules directory.
-Original Message-
From: Ashutosh Mohanty [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 3:48 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_ssl with Httpd2.2
Hi,
[EMAIL PROTECTED] wrote:
> Here is
les/mod_ssl.so
Ashutosh
SynaptiCAD Inc.
>
>
>
>
>
> -Original Message-
> From: Boyle Owen [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 10, 2006 3:16 PM
> To: users@httpd.apache.org
> Subject: RE: [EMAIL PROTECTED] mod_ssl with Httpd2.2
>
>
>
&g
[FAILED]
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 3:16 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] mod_ssl with Httpd2.2
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 10, 2006 11:18 AM
> To: users@httpd.apache.org
> Subject: RE: [EMAIL PROTECTED] mod_ssl with Httpd2.2
>
>
> Thanks for your Prompt response Boyle,
>
> I
apart from the listed rpms?
-- Gannarapu
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 10, 2006 2:35 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] mod_ssl with Httpd2.2
> -Original Message-
> From: [EMAIL PRO
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 10, 2006 11:00 AM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] mod_ssl with Httpd2.2
>
>
> Hi Friends,
>
> I want to upgrade to http2.2 from http
Hi Friends,
I want to upgrade to http2.2 from http2.0.
I downloaded below rpms
apr-1.2.1-1.i386.rpm
apr-util-1.2.1-1.i386.rpm
httpd-2.2.3-1.i386.rpm
But I could not able to download the compatible version of mod_ssl rpm.
Please let me where I can download the mod_ssl r
Hi Laurence,
I propose you try to isolate your problem.
Try to get an ssl-setup without the authentication, rsa
and securid stuff working. If mod_ssl still does
not work, then you know where to dig further. Right now, it
is difficult to tell where the problem actually lies.
When you are locking d
Hi,
I’m having trouble getting SSL to
work on my apache 2.055 webserver, running on Solaris 8. When I start the
server up, everthing looks OK in the error_log.
start child 21965
rpc_server 21964 started by 21953
[Tue Aug 08 09:14:31 2006] [info] Init:
Initializing OpenSSL library
If your main quest is to harden Cipher Suite, something like
that is quite good :
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
you should remove SSLv2 as it as weakness.
Jerome
Qingshan Xie a écrit :
>I am using Apache 2.0.54 with.
All,
I am using Apache 2.0.54 with. The default
SSLCipherSuite is
SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
In this CipherSuite, I observed nearly all
browsers(IE, Netscape, Firefox) select RC4. Tried to
change it to 3DES, like
SSLCipherSuite
ALL:!ADH:3DES+RS
Hi there,
I run have a machine running Apache/2.0.54 (Win32) mod_ssl/2.0.54
OpenSSL/0.9.7g mod_perl/2.0.1 Perl/v5.8.7 From time to time in the
error log, I get a notice" [info] (OS 10054)An existing connection was
forcibly closed by the remote host. : core_output_filter: writing data
to the n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I have tested Apache + mod SSL and it works fine.
You need to download the windows version of OpenSSL to generate the
certificates.
Michael Louie Loria
-BEGIN PGP SIGNATURE-
Comment: Public Key: https://www.biglumber.com/x/web?qs=0x4A256EC
> -Original Message-
> From: Ivanov A.A. [mailto:[EMAIL PROTECTED]
> Sent: Donnerstag, 1. September 2005 11:47
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] mod_ssl for Apache 2.0.48 on Windows XP
>
>
> Hello all.
> I'l write on russian
I
Hello all.
I'l write on russian
Привет всем еще раз.
Может кто ответит на русском понятно.
Я не спец по Apache, только начинаю, но есть вопрос, знает ли кто, где найти
mod_ssl под Apache 2.0.48 или новее для установки по Windows XP. Все
дистрибутивы, находящиеся на официальном сайте только под Linu
> # openssl s_client -connect (sitename):443 -debug
> CONNECTED(0003)
> - 3c 21 44 4f 43 54 59 20771:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:475:
You didn't set SSLEngine on for this virtual host, so it's delivering
un
Craig-
To answer you question, no I was not. I did a search for mod_ssl.so and
I found it in /usr/lib/apache2 when I looked in httpd.conf however,
there was no reference to it. I also found reference to it in
loadmodule.conf under /etc/apache2 the line is:
LoadModule ssl_module
On Thu, 28 Jul 2005, Tom Ray [Lists] wrote:
> We built a box months ago using SuSE 9.1, and installed everything
> straight from the CD's via YaST but it seems that when we tried to get a
> SSL enabled site to work, it gave us errors. Doing a quick search on the
> box it seems that mod_ssl.c is
We built a box months ago using SuSE 9.1, and installed everything
straight from the CD's via YaST but it seems that when we tried to get a
SSL enabled site to work, it gave us errors. Doing a quick search on the
box it seems that mod_ssl.c isn't installed. When I do a
/usr/sbin/httpd2 -l mod_s
61 matches
Mail list logo