You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tom Browder <to...@gmail.com> on 2012/10/25 00:28:00 UTC
[users@httpd] Re: OpenSSL vs. Mozilla's NSS
On Wed, Oct 24, 2012 at 5:24 PM, Tom Browder <to...@gmail.com> wrote:
> Is it possible to use Apache with the NSS libraries instead of OpenSSL?
Oops, I just found mod_nss.
But I would appreciate any comments about the use of mod_ssl versus mod_nss.
Best,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: OpenSSL vs. Mozilla's NSS
Posted by Andrew Schulman <an...@alumni.utexas.net>.
> On Wed, Oct 24, 2012 at 5:24 PM, Tom Browder <to...@gmail.com> wrote:
> > Is it possible to use Apache with the NSS libraries instead of OpenSSL?
>
> Oops, I just found mod_nss.
>
> But I would appreciate any comments about the use of mod_ssl versus mod_nss.
I've used both, and I now prefer mod_nss, because I find the configuration a
little easier. With mod_ssl I have to specify all of the certificate file names
in the configuration (SSLCertificateKeyFile, SSLCertificateFile,
SSLCertificateChainFile). With mod_nss I just load all of the keys and
certificates into the database, specify one mnemonic name in the configuration
(NSSNickName), and mod_nss then figures out and serves up the whole certificate
chain. I also like certutil and pk12util for managing the key+cert database.
But the functionality is identical, and the differences are minor. It's
basically going to depend on which toolset you like best - mod_ssl + openssl, or
mod_nss + certutil/pk12util.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org