httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Schulman <>
Subject [users@httpd] Re: OpenSSL vs. Mozilla's NSS
Date Thu, 25 Oct 2012 13:29:55 GMT
> On Wed, Oct 24, 2012 at 5:24 PM, Tom Browder <> wrote:
> > Is it possible to use Apache with the NSS libraries instead of OpenSSL?
> Oops, I just found mod_nss.
> But I would appreciate any comments about the use of mod_ssl versus mod_nss.

I've used both, and I now prefer mod_nss, because I find the configuration a
little easier.  With mod_ssl I have to specify all of the certificate file names
in the configuration (SSLCertificateKeyFile, SSLCertificateFile,
SSLCertificateChainFile).  With mod_nss I just load all of the keys and
certificates into the database, specify one mnemonic name in the configuration
(NSSNickName), and mod_nss then figures out and serves up the whole certificate
chain.  I also like certutil and pk12util for managing the key+cert database.

But the functionality is identical, and the differences are minor.  It's
basically going to depend on which toolset you like best - mod_ssl + openssl, or
mod_nss + certutil/pk12util.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message