Brian's stupid Apache+SSL questions of the day
Gerald Combs
gerald at zing.org
Thu Jan 11 20:22:29 CST 2001
On Thu, 11 Jan 2001, Brian Densmore wrote:
> I sent an e-mail this morning, but it looks like it didn't get posted.
>
> I have DNS, Sendmail, and Apache+SSL+PHP working on my server now. Apache is
> listening and answering on ports 80 and 443. HTTP and HTTPS are both working
> (with one minor config problem for one domain). I have created a certificate
> and signed it myself (I don' need no stinking CA, I am the CA!). Netscape
> reports that the certificate is either invalid or unknown (yeah,yeah), that
> I am using MD5 RSA v3 with 40 of 128 bits encrypted and SSL version
> TLSv1/SSLv3.
>
> Questions:
> Does this mean I have an encrypted channel open between the client and the
> server? Is it safe to now transmit usernames and passwords over this htttps
> connection? Or do I have to turn on more strict verification?
If selecting View->Page Info and/or clicking on shows that the page was
encrypted, then the page was encrypted. I'm concerned that Netscape
reports the cert as invalid or unknown - when you opened the page the
first time, were you able to use Netscape's wizard to accept the
certificate? When you click on the padlock icon and select
Certificates->Web Sites, is your certificate listed?
If you're really paranoid, you can use tools like ssldump
(http://www.rtfm.com/ssldump/), tcpdump, or Ethereal to verify that your
data payload isn't being sent in the clear.
>
> I am going to turn up the encryption to 128bit and maybe a different cipher
> later, I just wanted to get it working.
>
> Thanks,
> Brian Densmore
> Associate
> Computech Business Solutions
> voice: (816) 880-0988
> fax: (816) 880-0998
> :-{)>
>
>
>
More information about the Kclug
mailing list