[mdlug] CentOS/linux security package recommendations
Ron Blanchett
muteid10t at gmail.com
Fri Jun 20 13:50:26 EDT 2008
try adding the SSLCACertificateFile directive in with the rest of the
SSL directives in the appropriate point in your apache config files.
Make sure the SSLCACertificateFile directive points to the CA Cert
file of the CA you created.
This might fix things.
-Ron
On Fri, Jun 20, 2008 at 1:21 PM, Robert Meier
<list1c30fe42 at bellsouth.net> wrote:
> Security officers,
>
> Does anyone have any (dis)recommendations for auxilliary tools to
> aid secure apache2 use?
>
> In particular I'm looking for ease-of-use by IE users
> accessing a CentOS+apache2 box.
>
> 1. report fingerprint of self-signed https certificate
> 2. sign self-signed https certificate as own certificate authority
> 3. mail certificate authority public key
>
> Point 1 is currently covered for firefox, opera, and other web client
> users by a script around openssl accessed via ssh.
>
> I am aware that self-signing as CA a self-signed public key certificate
> adds no security, but points 2 and 3 appear necessary to prevent IE
> displaying the location in pink with a "Certificate Error" button (which
> reports "Certificate is OK".)
>
> For clarity, I'm looking for executables that run on the Centos box,
> accessed by some channel (e.g. ssh) other than http.
>
> TIA,
> --
> Bob
>
> "Anyone who attempts to generate random numbers by deterministic means is,
> of course, living in a state of sin."
> -- John von Neumann
>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
--
Calvin Coolidge - "I have never been hurt by what I have not said."
More information about the mdlug
mailing list