This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: secure shell question From: Alan Mead <adm@ipat.com> Date: Wed, 19 Jan 2000 11:24:13 -0600 At 08:44 AM 1/19/00 -0800, you wrote: > >i just installed mod_ssl to apache. i have been able >to bring up a page using https://myserver/index.html. >when the page comes up, i am prompted about the >certificate. is there a way to bypass the multiple >questions and just push the certificate? If I understand your question the answer is: No. There is no such thing as "pushing" a certificate. You need to buy a certificate that is already in their (your) browser repository. For example, verisign or thawte. >From a cyptographic standpoint, I'm not sure how you could securely "push" over a insecure line. But maybe I'm just missing it. It may be possible to self-sign if you can contact all of the people who need access to your site before-hand (e.g., if it were just for friends). But then friends can just ignore the pesky dialogs. Or possibly you have a VeriSign or Thawte cert and are having difficulties because when creating your root cert you chose a hostname that doesn't match your hostname (like using the real name instead of the cname of a virtual host). Or perhaps you'd like to be clearer as to the problem in your next post. For example, what prompt? what questions? === Subject: Re: POP + SSL? From: "Michael H. Warfield" <mhw@wittsend.com> Date: Wed, 19 Jan 2000 12:24:03 -0500 On Wed, Jan 19, 2000 at 09:55:54AM -0700, Brad 'GreyBear' Davis wrote: > Hi all, > Anyone have any pointers to resources and files for SPOP (POP + SSL)? Use one of the SSL wrappers or proxies from the OpenSSL site, <www.openssl.org>. There's a little more information in the fetchmail sources, which now support SSL for pop3s and imaps. According to the IANA (Internet Assigned Numbers Authority) port numbers document Official IANA designation for SSL encrypted pop3 is pop3s and for SSL encrypted imap is imaps. I don't know why the RedHat /etc/services file is still using the older terminology for them but some programs may barf when they try to do a "getservicebyname" for the official imaps and it's not there. Fetchmail will do that when running in IPv6 mode. === Subject: apache-mod_ssl with php-3.0.14: Server doesn't start From: Steve Frampton <frampton@j-com.co.jp> Date: Tue, 8 Feb 2000 17:29:30 +0900 (JST) Hash: SHA1 Hello: Continuing from my weeks-long attempt to get either Apache-SSL or mod_ssl working (turned out my problem was with my Netscape client, *not* with any library problems with openssl ... grrr!). I discovered more up-to-date RPM's were available on ftp.modssl.org in /pub/contrib. Therefore, I installed: apache-mod_ssl-1.3.9.2.4.9-0.6.0 apache-mod_ssl-devel-1.3.9.2.4.9-0.6.0 and it worked! But on to other problems. ;-) I am trying to get things working with PHP3. I have downloaded the tarball for php-3.0.14, did a: ./configure --with-apxs=/usr/sbin/apxs --with-mysql \ --with-apache=/usr/include make make install I then made sure that the following lines were present in my httpd.conf file: LoadModule php3_module lib/apache/libphp3.so AddModule mod_php3.c AddType application/x-httpd-php3 .php3AddType application/x-httpd-php3-source .phps (PHP's "make install" procedure actually put the LoadModule and AddModule lines within <IfDefine SSL> blocks, I assumed this was incorrect so I moved them outside the blocks). After starting the server, connections on both ports 80 and 443 are refused, and there are no "httpd" processes in memory. There *are*, however, a couple of gcache processes. There are no error messages in any of the httpd logs, the only thing that appears after starting the server is the following in ssl_engine_log: [info] Server: Apache/1.3.9, Interface: mod_ssl/2.4.9, Library: OpenSSL/0.9.4 [info] Init: 1st startup round (still not detached) [info] Init: Initializing OpenSSL library [info] Init: Loading certificate & private key of SSL-aware server localhost:443 [info] Init: Generating temporary RSA private keys (512/1024 bits) [info] Init: Configuring temporary DH parameters (512/1024 bits) Those look normal enough. But I can *not* interact with the server unless I comment out the LoadModule and AddModule lines and restart the server. :-( Any ideas? ===