httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jose Correia (J)" <Corr...@telkom.co.za>
Subject RE: mod-ssl and authz modules
Date Mon, 26 Aug 2002 15:01:50 GMT
Thanks Dirk.

I do have open-ssl installed (vs 2.8.4-1.3.20) and I think I did run
that option when I installed it. When I sent you the httpd.conf file I
didn't send the commented out lines, which included:

#SSLCertificateFile /opt/apache/conf/ssl.crt/server.crt
#SSLCertificateFile none
#SSLCertificateFile /opt/apache/conf/ssl.crt/server-dsa.crt

Must I enable the first one or the third one? I think the first one
because we are using RSA right?

I took a look at the first above certificate pass and it does exist.

I'll try this first and if it doesn't work, I'll use your script files
(which I thank you very much for).

thanks
Jose


-----Original Message-----
From: Dirk-Willem van Gulik [mailto:dirkx@webweaving.org]
Sent: 26 August 2002 16:32
To: Jose Correia (J)
Cc: users@httpd.apache.org
Subject: RE: mod-ssl and authz modules



> "[Mon Aug 26 16:10:39 2002] [error] mod_ssl: Init: Server
> descartes.telkom.co.za:443 should be SSL-aware but has no
certificate
> configured [Hint: SSLCertificateFile]"
>
> Does SSL always require a certificate...? I just want basic
> authentication but no certificate authentication... maybe I'm
missing
> the point and one does need at least some kind of fake certificate
to
> bypass this??

Though not strictly needed - in practice SSL needs at the very least a
server side Certificate. Assuming you are using the open source
openssl/modssl combinatatio; type the following commands to make
yourself
a home grown signed certificate:

>From the section 'Installation' in the INSTALL readme file of mod_ssl:

	... `make certificate' is to create a test
        server test certificate. Read the message box which occurs

	$ make certificate TYPE=custom

Or alternatively copy the attached script/file into your apache
configuration directory and run them as illustrated. Note that you
will need to edit the PATH in *both* files if you are using anything
but the default.

Dw.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message