cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Daniel Black <daniel AT cacert.org>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: SNI/TLS in debian? is it true? can it be? - CAcert.org Market Potential
- Date: Sun, 30 Aug 2009 17:10:39 +1000
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
- Organization: CAcert
On Saturday 29 August 2009 23:18:47 Ian G wrote:
> On 29/08/2009 14:01, Andreas Bürki wrote:
> > Dear all
> >
> > Iiiian put my nose onto the subject. I know, this mail list is not for
> > comm-heinis like me, BUT the chance is too good, to neglect.
> >
> > Market potential: 1,000,000 linux servers -> Big number of SysAdmins
keep in mind Apache runs quite well on MS Windows servers too.
besides marketing other required functions of CAcert are:
1. domain validation by non-email means:
(https://bugs.cacert.org/view.php?id=592)
2. API to make our certificates accessible to virtual hosting providers
though
common management interfaces (BirdShark API)
> Big question: Can someone take a standard distro of Apache, install it
> and get it up and running?
Its included in httpd(apache-2.2.12 or later expect where explicitly patched
to disable it, or earlier where backported patch).
Checked Fedora - not in F-11 though is in devel (2.2.13) for next release.
well its in debian squeeze http://packages.debian.org/squeeze/apache2 but not ;
lenny
In Freebsd http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/apache22/
Centos - not yet and not for redhat either i assume
Ubuntu in karmic http://packages.ubuntu.com/karmic/apache2 but not jaunty
Gentoo - in current 2.2.11-r{2,3} releases with USE=sni and in 2.2.12+
(http://packages.gentoo.org/package/www-servers/apache)
Lighttpd still in progress http://redmine.lighttpd.net/issues/386
> Can we run multiple SSL sites using it?
most of cacert's infrastructure is on separate machines.
On non-client certificate authenticated sites proxying this to the back end
would be easy.
When client certificate is involved in the authentication? - I haven't looked
into whether is possible to setup a bit apache sni proxy at the front end and
get the client certificate and passed to the internal application.
> Daniel's question: does it work with client certs ... yes, that's v.
> important to CAcert. Well, maybe not all things in Rome are built to
> last one day :)
true.
--
Daniel Black
Infrastructure Administrator
CAcert
Attachment:
signature.asc
Description: This is a digitally signed message part.
- SNI/TLS in debian? is it true? can it be? - CAcert.org Market Potential, Andreas Bürki, 08/29/2009
- Re: SNI/TLS in debian? is it true? can it be? - CAcert.org Market Potential, Ian G, 08/29/2009
- Re: SNI/TLS in debian? is it true? can it be? - CAcert.org Market Potential, Daniel Black, 08/30/2009
- Re: SNI/TLS in debian? is it true? can it be? - CAcert.org Market Potential, Ian G, 08/29/2009
Archive powered by MHonArc 2.6.16.