headers
Eric Covener | 4 Aug 2011 15:27
Picon
Gravatar

Fwd: [users <at> httpd] Suggestion for Apache2 docs: add another (inexpensive) CA: StartSSL.com

On Thu, Aug 4, 2011 at 9:23 AM, Tom Browder <tom.browder <at> gmail.com> wrote:
> The Apache2 docs has an SSL FAQ here:
>
>  http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
>
> It has a list of Certifying Authorities (CAs) but is missing one
> important one for personal or small-scale server operators StartSSL:
>
>  http://www.startssl.com/
>
> They can provide an inexpensive wild-card certificate that can be used
> for multiple domains on the same server with a single IP address.
>
> I am using one for my personal server with four separate domains, and
> IE, Chrome, and Firefox are all happy with https for all of them.
>

I would just as well remove them all from the FAQ -- any thoughts?
Permalink | Reply | 4 comments |
headers
Rich Bowen | 4 Aug 2011 15:30
Favicon
Gravatar

Re: [users <at> httpd] Suggestion for Apache2 docs: add another (inexpensive) CA: StartSSL.com

+1

This was written when there was just a handful of CAs, and now that there are so many more, we really don't need
to be in the business of maintaining a list.

On Aug 4, 2011, at 9:27 AM, Eric Covener wrote:

> On Thu, Aug 4, 2011 at 9:23 AM, Tom Browder <tom.browder <at> gmail.com> wrote:
>> The Apache2 docs has an SSL FAQ here:
>> 
>>  http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html
>> 
>> It has a list of Certifying Authorities (CAs) but is missing one
>> important one for personal or small-scale server operators StartSSL:
>> 
>>  http://www.startssl.com/
>> 
>> They can provide an inexpensive wild-card certificate that can be used
>> for multiple domains on the same server with a single IP address.
>> 
>> I am using one for my personal server with four separate domains, and
>> IE, Chrome, and Firefox are all happy with https for all of them.
>> 
> 
> I would just as well remove them all from the FAQ -- any thoughts?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe <at> httpd.apache.org
> For additional commands, e-mail: docs-help <at> httpd.apache.org
>
(Continue reading)

Permalink | Reply | 3 comments |
headers
William A. Rowe Jr. | 4 Aug 2011 21:28

Re: [users <at> httpd] Suggestion for Apache2 docs: add another (inexpensive) CA: StartSSL.com

On 8/4/2011 8:30 AM, Rich Bowen wrote:
> +1
> 
> This was written when there was just a handful of CAs, and now that there are so many more, we really don't
need to be in the business of maintaining a list.

Should we at least point them to the Mozilla collection?
Permalink | Reply | 2 comments |
headers
Rich Bowen | 4 Aug 2011 21:38
Favicon
Gravatar

Re: [users <at> httpd] Suggestion for Apache2 docs: add another (inexpensive) CA: StartSSL.com

Yes, we should point to another more authoritative list. The Mozilla one seems reasonable, as they have an
interest in keeping it updated.

On Aug 4, 2011, at 3:28 PM, William A. Rowe Jr. wrote:

> On 8/4/2011 8:30 AM, Rich Bowen wrote:
>> +1
>> 
>> This was written when there was just a handful of CAs, and now that there are so many more, we really don't
need to be in the business of maintaining a list.
> 
> Should we at least point them to the Mozilla collection?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe <at> httpd.apache.org
> For additional commands, e-mail: docs-help <at> httpd.apache.org
> 

--
Rich Bowen
rbowen <at> rcbowen.com
rbowen <at> apache.org
Permalink | Reply | 1 comment |
headers
Vincent Bray | 4 Aug 2011 22:17
Picon
Gravatar

Re: [users <at> httpd] Suggestion for Apache2 docs: add another (inexpensive) CA: StartSSL.com

On 4 August 2011 20:38, Rich Bowen <rbowen <at> rcbowen.com> wrote:
> Yes, we should point to another more authoritative list. The Mozilla one seems reasonable, as they have an
interest in keeping it updated.

I find curl's version of mozilla's CA list helpful too.

http://curl.haxx.se/docs/caextract.html

--

-- 
noodl
Permalink | Reply | 0 comments |
headers
Apache Wiki | 12 Aug 2011 23:27
Picon
Favicon

[Httpd Wiki] Update of "ScratchPad" by DonBaker

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "ScratchPad" page has been changed by DonBaker:
http://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=36&rev2=37

Comment:
Understanding Multi-Use Digital Certificates

- == Table of content currently in the ScratchPad ==
+ ÐÏࡱá
Permalink | Reply | 2 comments |
headers
Apache Wiki | 12 Aug 2011 23:38
Picon
Favicon

[Httpd Wiki] Update of "ScratchPad" by DonBaker

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "ScratchPad" page has been changed by DonBaker:
http://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=37&rev2=38

Comment:
Working draft

+ Understanding Multi-Use Digital Certificates
- ÐÏࡱá
Permalink | Reply | 0 comments |
headers
Apache Wiki | 12 Aug 2011 23:42
Picon
Favicon

[Httpd Wiki] Update of "ScratchPad" by DonBaker

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "ScratchPad" page has been changed by DonBaker:
http://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=38&rev2=39

  
  Multi-domain, SAN, or UCC certificates are useful when organizations require different root domain
names to run Internet-facing services.  Subject alternate name certificates are also called Unified
Communications Certificates (UCC) since they were primarily designed to support real-time
communications infrastructures. For example, an organization providing both internal and external
unified communications services with two different domain names—for example,
SIP.VirtualSpaceShip.com the external domain and SIP.VirtualSpaceShip.com for the internal
name—would benefit from a multi-domain certificate because in this case, the wildcard certificate
would not work. In fact, if the organization was using wildcard certificates, two wildcard certificates
would be required because the root domain name is different in each case.

- A single multi-domain certificate could easily support the following names and more: www.
VirtualSpaceShip.com, www.VirtualSpaceShip.ws, www.VirtualCDVD.com,
www.VirtualWorkersInSpace.com 
+ A single multi-domain certificate could easily support the following names and more:
www.VirtualSpaceShip.com, www.VirtualSpaceShip.ws, www.VirtualCDVD.com,
www.VirtualWorkersInSpace.com 

  Multi-domain certificates are also useful for application service providers (ASP) who host
applications for multiple clients with each client using their own domain name. By using a multi-domain
certificate, ASPs can use a single certificate to support multiple clients. Note that the site seal and
certificate “Issued To” will only be for the primary domain name entered in the certificate and will not
include any of the other domain names. However, the certificate itself will include all of the domain
(Continue reading)

Permalink | Reply | 0 comments |
headers
Apache Wiki | 12 Aug 2011 23:43
Picon
Favicon

[Httpd Wiki] Update of "ScratchPad" by DonBaker

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "ScratchPad" page has been changed by DonBaker:
http://wiki.apache.org/httpd/ScratchPad?action=diff&rev1=39&rev2=40

  
  Multi-domain, SAN, or UCC certificates are useful when organizations require different root domain
names to run Internet-facing services.  Subject alternate name certificates are also called Unified
Communications Certificates (UCC) since they were primarily designed to support real-time
communications infrastructures. For example, an organization providing both internal and external
unified communications services with two different domain names—for example,
SIP.VirtualSpaceShip.com the external domain and SIP.VirtualSpaceShip.com for the internal
name—would benefit from a multi-domain certificate because in this case, the wildcard certificate
would not work. In fact, if the organization was using wildcard certificates, two wildcard certificates
would be required because the root domain name is different in each case.

+ 
+ ---- /!\ '''Edit conflict - other version:''' ----
  A single multi-domain certificate could easily support the following names and more:
www.VirtualSpaceShip.com, www.VirtualSpaceShip.ws, www.VirtualCDVD.com,
www.VirtualWorkersInSpace.com 
+ 
+ ---- /!\ '''Edit conflict - your version:''' ----
+ A single multi-domain certificate could easily support the following names and more:
www.VirtualSpaceShip.com, www.VirtualSpaceShip.ws, www.VirtualCDVD.com,
www.VirtualWorkersInSpace.com 
+ 
+ ---- /!\ '''End of edit conflict''' ----
(Continue reading)

Permalink | Reply | 0 comments |
headers
bugzilla | 16 Aug 2011 16:27
Picon
Favicon

DO NOT REPLY [Bug 51665] New: Inconsistent documentation of LimitRequestLine and friends.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51665

             Bug #: 51665
           Summary: Inconsistent documentation of LimitRequestLine and
                    friends.
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
        AssignedTo: docs <at> httpd.apache.org
        ReportedBy: riccardo.murri <at> gmail.com
    Classification: Unclassified

According to the on-line docs
(http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline),
LimitRequestLine can be used to lower or *raise* the maximum line
limit:

    The LimitRequestLine directive allows the server administrator to
    reduce or increase the limit on the allowed size of a client's
    HTTP request-line.

However, the doxygen documentation says that it can only be used to
*lower* the default line buffer size; indeed, in file
`include/httpd.h` in the Apache 2.2.17 sources, at lines 185--189 it
says:
(Continue reading)

Permalink | Reply | 2 comments |

Gmane