[mdlug] CentOS/linux security package recommendations
Robert Meier
list1c30fe42 at bellsouth.net
Fri Jun 20 13:21:19 EDT 2008
Security officers,
Does anyone have any (dis)recommendations for auxilliary tools to
aid secure apache2 use?
In particular I'm looking for ease-of-use by IE users
accessing a CentOS+apache2 box.
1. report fingerprint of self-signed https certificate
2. sign self-signed https certificate as own certificate authority
3. mail certificate authority public key
Point 1 is currently covered for firefox, opera, and other web client
users by a script around openssl accessed via ssh.
I am aware that self-signing as CA a self-signed public key certificate
adds no security, but points 2 and 3 appear necessary to prevent IE
displaying the location in pink with a "Certificate Error" button (which
reports "Certificate is OK".)
For clarity, I'm looking for executables that run on the Centos box,
accessed by some channel (e.g. ssh) other than http.
TIA,
--
Bob
"Anyone who attempts to generate random numbers by deterministic means is,
of course, living in a state of sin."
-- John von Neumann
More information about the mdlug
mailing list