Subscribe: Comments on: SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls
http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/feed/
Added By: Feedage Forager Feedage Grade B rated
Language: Italian
Tags:
certificate  directive  firefox  george notaras  george  gnutls  mod gnutls  mod  notaras  org  root  sni  ssl  startcom certificate  startcom  work 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Comments on: SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls

Comments on: SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls



Open-source software and technology blog



Last Build Date: Fri, 01 Apr 2016 05:25:17 +0000

 



By: John

Mon, 29 Jun 2015 22:36:18 +0000

Hey guys, Make sure to install gnutls-utils before attempting the same.



By: George

Sat, 15 Sep 2007 02:35:45 +0000

Unfortunately I would need a Gentoo ebuild of OpenSSL working with Apache 2.0 for things to work well. Dont think these ebuilds exist yet.



By: George Notaras

Tue, 11 Sep 2007 03:02:36 +0000

In this comment, Vasili Sviridov points to a website that uses a snapshot version of OpenSSL 0.9.9. Perhaps you could try to contact them too and ask for some info about how well that snapshot version works.



By: George

Sun, 09 Sep 2007 02:18:17 +0000

Tried commenting out the GnuTLSClientCAFile directive and still no dice. Wonder if there is any way to make this work without having to wait for mod_ssl 0.9.9 to be released supporting SNI? Tried contacting the author of mod_gnutls and have not received any response.



By: George Notaras

Fri, 07 Sep 2007 15:06:36 +0000

Indeed. I checked the list of the root certificates in FF2 and the startcom certificate is there. From the mod_gnutls documentation:
GnuTLSClientCAFile Takes an absolute or relative path to a PEM Encoded Certificate to use as a Certificate Authority with Client Certificate Authentication.
This means that the certificate that has been specified by the GnuTLSClientCAFile directive is only used for client autrhentication via a certificate and actually not when the client enters the secure mode in the browser. Perhaps you should try commenting out this directive and see if it works.



By: George

Fri, 07 Sep 2007 14:19:13 +0000

It would appear according to this article that Firefox does include the Root Startcom Cert: http://www.startcom.org/?app=14&rel=22 .



By: George Notaras

Fri, 07 Sep 2007 04:13:32 +0000

@ Jeremy: Thanks for those links about the SNI browser support. @George: It would work without any popups only if the root startcom certificate had been added to the list of trusted certificate authorities in the browser. I seriously doubt that firefox includes this root certificate by default. The user has to trust it first. IIRC, the same happens with certificates from cacert.org.



By: George

Thu, 06 Sep 2007 18:20:49 +0000

Has onyone tried using mod_gnutls in conjunction with startcom (free as in beer) certificates? I have set the GnuTLSClientCAFile directive and am still receiving an invalid certificate error in Firefox 2.0. This _should_ work without any popups whatsoever. Has anyone had any experience with this?



By: Jeremy

Sun, 02 Sep 2007 03:32:05 +0000

Unfortunately SNI support in browsers is limited to these: Firefox 2, IE 7 on Vista, Opera 7.6+ and other modern browsers. (http://weblogs.mozillazine.org/gerv/archives/2007/08/virtual_hosting_ssl_and_sni.html) IE 6, lynx, safari and the like are not supported. (http://wiki.cacert.org/wiki/VhostTaskForce#head-7236c4e2c9932ef42056b3ff6d367053081887de)



By: George Notaras

Fri, 24 Aug 2007 16:15:49 +0000

I write this for other readers who run into issues: mod_gnutls requires the httpd and gnutls development libraries in order to compile.