This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: secure shell question
From: Alan Mead <adm@ipat.com>
Date: Wed, 19 Jan 2000 11:24:13 -0600
At 08:44 AM 1/19/00 -0800, you wrote:
>
>i just installed mod_ssl to apache. i have been able
>to bring up a page using https://myserver/index.html.
>when the page comes up, i am prompted about the
>certificate. is there a way to bypass the multiple
>questions and just push the certificate?
If I understand your question the answer is: No. There is no such thing
as "pushing" a certificate. You need to buy a certificate that is already
in their (your) browser repository. For example, verisign or thawte.
>From a cyptographic standpoint, I'm not sure how you could securely "push"
over a insecure line. But maybe I'm just missing it.
It may be possible to self-sign if you can contact all of the people who
need access to your site before-hand (e.g., if it were just for friends).
But then friends can just ignore the pesky dialogs.
Or possibly you have a VeriSign or Thawte cert and are having difficulties
because when creating your root cert you chose a hostname that doesn't
match your hostname (like using the real name instead of the cname of a
virtual host).
Or perhaps you'd like to be clearer as to the problem in your next post.
For example, what prompt? what questions?
===
Subject: Re: POP + SSL?
From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Wed, 19 Jan 2000 12:24:03 -0500
On Wed, Jan 19, 2000 at 09:55:54AM -0700, Brad 'GreyBear' Davis wrote:
> Hi all,
> Anyone have any pointers to resources and files for SPOP (POP + SSL)?
Use one of the SSL wrappers or proxies from the OpenSSL site,
<www.openssl.org>. There's a little more information in the fetchmail
sources, which now support SSL for pop3s and imaps.
According to the IANA (Internet Assigned Numbers Authority) port
numbers document Official IANA designation for SSL encrypted pop3 is pop3s
and for SSL encrypted imap is imaps. I don't know why the RedHat
/etc/services file is still using the older terminology for them but
some programs may barf when they try to do a "getservicebyname" for
the official imaps and it's not there. Fetchmail will do that when
running in IPv6 mode.
===
Subject: apache-mod_ssl with php-3.0.14: Server doesn't start
From: Steve Frampton <frampton@j-com.co.jp>
Date: Tue, 8 Feb 2000 17:29:30 +0900 (JST)
Hash: SHA1
Hello:
Continuing from my weeks-long attempt to get either Apache-SSL or mod_ssl
working (turned out my problem was with my Netscape client, *not* with any
library problems with openssl ... grrr!). I discovered more up-to-date
RPM's were available on ftp.modssl.org in /pub/contrib. Therefore, I
installed:
apache-mod_ssl-1.3.9.2.4.9-0.6.0
apache-mod_ssl-devel-1.3.9.2.4.9-0.6.0
and it worked! But on to other problems. ;-)
I am trying to get things working with PHP3. I have downloaded the
tarball for php-3.0.14, did a:
./configure --with-apxs=/usr/sbin/apxs --with-mysql \
--with-apache=/usr/include
make
make install
I then made sure that the following lines were present in my httpd.conf
file:
LoadModule php3_module lib/apache/libphp3.so
AddModule mod_php3.c
AddType application/x-httpd-php3 .php3AddType
application/x-httpd-php3-source .phps
(PHP's "make install" procedure actually put the LoadModule and AddModule
lines within <IfDefine SSL> blocks, I assumed this was incorrect so I
moved them outside the blocks).
After starting the server, connections on both ports 80 and 443 are
refused, and there are no "httpd" processes in memory. There *are*,
however, a couple of gcache processes. There are no error messages in any
of the httpd logs, the only thing that appears after starting the server
is the following in ssl_engine_log:
[info] Server: Apache/1.3.9, Interface: mod_ssl/2.4.9, Library: OpenSSL/0.9.4
[info] Init: 1st startup round (still not detached)
[info] Init: Initializing OpenSSL library
[info] Init: Loading certificate & private key of SSL-aware server localhost:443
[info] Init: Generating temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
Those look normal enough. But I can *not* interact with the server unless
I comment out the LoadModule and AddModule lines and restart the
server. :-(
Any ideas?
===