You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2005/10/05 08:42:33 UTC
Re: make_cert.sh?
Paul Querna wrote:
> William A. Rowe, Jr. wrote:
>
>>Folks,
>>
>> should we restore the missing feature to actually help folks create
>>their first cert/key with a support/ .sh/.bat file to generate a key
>>and a cert?
>
> No, I think we should give a URL to our online documentation that tells
> you how.
That's one solid, and objective suggestion. After all, openssl, for
all it's wrinkles, is really not that hard to use...
...anyone on the Docs team want to write something up? There's really
no call for an offsite link.
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: make_cert.sh?
Posted by Joshua Slive <jo...@slive.ca>.
Noirin Plunkett wrote:
> On Tue, Oct 04, 2005 at 11:50:15PM -0700, Paul Querna wrote:
>> I agree, we should make it part of our docs. We already have:
>> http://httpd.apache.org/docs/2.1/ssl/ssl_faq.html#aboutcerts
>>
>> All the ideas are there, it just needs to be distilled into a simple
>> page with the steps for key generation and where to get more info (That
>> FAQ, other mod_ssl docs?)
>>
>> On a separate note, several things inside the SSL FAQ are completely
>> outdated and seem to only apply to 1.3...
>
> Patch was submitted here:
> http://mail-archives.apache.org/mod_mbox/httpd-docs/200509.mbox/%3c20050901170342.GA18075@stdlib.net%3e
> (see also:)
> http://mail-archives.apache.org/mod_mbox/httpd-docs/200509.mbox/%3c20050902103830.GA15811@stdlib.net%3e
Committed with some minor tweaks. I don't have enough ssl expertise to
do a proper review, but it certainly seems like an improvement so I
pushed it in.
Thanks!
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: make_cert.sh?
Posted by Noirin Plunkett <fi...@nerdchic.net>.
On Tue, Oct 04, 2005 at 11:50:15PM -0700, Paul Querna wrote:
>
> I agree, we should make it part of our docs. We already have:
> http://httpd.apache.org/docs/2.1/ssl/ssl_faq.html#aboutcerts
>
> All the ideas are there, it just needs to be distilled into a simple
> page with the steps for key generation and where to get more info (That
> FAQ, other mod_ssl docs?)
>
> On a separate note, several things inside the SSL FAQ are completely
> outdated and seem to only apply to 1.3...
Patch was submitted here:
http://mail-archives.apache.org/mod_mbox/httpd-docs/200509.mbox/%3c20050901170342.GA18075@stdlib.net%3e
(see also:)
http://mail-archives.apache.org/mod_mbox/httpd-docs/200509.mbox/%3c20050902103830.GA15811@stdlib.net%3e
Updates suggested can be seen here:
http://www.nerdchic.net/httpd-docs/manual/ssl/ssl_faq.html
Any feedback would be great =)
Thanks
Noirin
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: make_cert.sh?
Posted by Paul Querna <ch...@force-elite.com>.
William A. Rowe, Jr. wrote:
> Paul Querna wrote:
>> William A. Rowe, Jr. wrote:
>>
>>> Folks,
>>>
>>> should we restore the missing feature to actually help folks create
>>> their first cert/key with a support/ .sh/.bat file to generate a key
>>> and a cert?
>>
>> No, I think we should give a URL to our online documentation that tells
>> you how.
>
> That's one solid, and objective suggestion. After all, openssl, for
> all it's wrinkles, is really not that hard to use...
>
> ...anyone on the Docs team want to write something up? There's really
> no call for an offsite link.
I agree, we should make it part of our docs. We already have:
http://httpd.apache.org/docs/2.1/ssl/ssl_faq.html#aboutcerts
All the ideas are there, it just needs to be distilled into a simple
page with the steps for key generation and where to get more info (That
FAQ, other mod_ssl docs?)
On a separate note, several things inside the SSL FAQ are completely
outdated and seem to only apply to 1.3...
-Paul
Re: make_cert.sh?
Posted by Paul Querna <ch...@force-elite.com>.
William A. Rowe, Jr. wrote:
> Paul Querna wrote:
>> William A. Rowe, Jr. wrote:
>>
>>> Folks,
>>>
>>> should we restore the missing feature to actually help folks create
>>> their first cert/key with a support/ .sh/.bat file to generate a key
>>> and a cert?
>>
>> No, I think we should give a URL to our online documentation that tells
>> you how.
>
> That's one solid, and objective suggestion. After all, openssl, for
> all it's wrinkles, is really not that hard to use...
>
> ...anyone on the Docs team want to write something up? There's really
> no call for an offsite link.
I agree, we should make it part of our docs. We already have:
http://httpd.apache.org/docs/2.1/ssl/ssl_faq.html#aboutcerts
All the ideas are there, it just needs to be distilled into a simple
page with the steps for key generation and where to get more info (That
FAQ, other mod_ssl docs?)
On a separate note, several things inside the SSL FAQ are completely
outdated and seem to only apply to 1.3...
-Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: make_cert.sh?
Posted by Mads Toftum <ma...@toftum.dk>.
On Wed, Oct 05, 2005 at 01:53:00AM -0500, William A. Rowe, Jr. wrote:
> FYI... my favorite trick is to pre-touch the .key file with 600 perms,
> so that the resulting, generated key is never, in it's lifetime, world
> readable. (I'm also not a big fan of passphrases, thus a bit of extra
> paranoia for good measure :-)
>
That's what the rest of us use umask for.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: make_cert.sh?
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
FYI... my favorite trick is to pre-touch the .key file with 600 perms,
so that the resulting, generated key is never, in it's lifetime, world
readable. (I'm also not a big fan of passphrases, thus a bit of extra
paranoia for good measure :-)
Bill
Re: make_cert.sh?
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
FYI... my favorite trick is to pre-touch the .key file with 600 perms,
so that the resulting, generated key is never, in it's lifetime, world
readable. (I'm also not a big fan of passphrases, thus a bit of extra
paranoia for good measure :-)
Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org