httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <i...@cnet.com>
Subject Re: Please help with this Snake Oil problem
Date Wed, 28 Nov 2001 18:05:53 GMT
Austin Gonyou wrote:

> Subject:
> 
> Re: Please help with this Snake Oil problem
> From:
> 
> Austin Gonyou <austin@coremetrics.com>
> Date:
> 
> Wed, 28 Nov 2001 09:37:38 -0800
> 
> To:
> 
> dev@httpd.apache.org
> 
> 
> Unless someone is willing to provide official Entrust, Thawte, VeriSign,
> etc Certs, I doubt Apache coming from apache.org will EVER have proper
> certs. They do cost money and all. Not to mention, Thawte, VeriSign, and
> Entrust all have docs on how to create certificates using OpenSSL. 
> 
> 

In the mean time you should probably just remove the snake-oil certs from
the distribution and point them somewhere via a README to get a 'sample' cert


> 
> On Tue, 2001-11-27 at 21:32, Justin Erenkrantz wrote:
> 
>>> On Tue, Nov 27, 2001 at 09:24:36PM -0600, William A. Rowe, Jr. wrote:
>>
>>>> > this is a perception problem for end users [much like the "It
>>>
> Worked!
> 
>>>> > Apache is successfully installed." message] that should be avoided
>>>
>>> when
>>
>>>> > Apache 2.0's final SSL components are put in place.
>>>
>>> 
>>> Which is why we don't enable SSL by default and instead point
>>> them at the docs for mod_ssl.
>>> 
>>> However, I believe this runs contrary to how httpd-2.0 will be 
>>> packaged by third-parties - I think Henri mentioned that he is 
>>> enabling mod_ssl by default in his RPM builds.  I'm not sure
>>> if he is including a "Snake Oil" certificate or not.  -- justin
>>
> -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 
> 512-796-9023 email: austin@coremetrics.com
> 




Mime
View raw message