Mod_SSL for Windows 2000/NT/XP

Hi all,

I am a new member to this group. I have a question which was asked on
2002-06-07 by Ike Ikonne (for which I could not locate any answer in
the list archives) so please forgive me for the repetition...

My situation is like Ike's: I too need to install mod_ssl and Open_SSL
(ie. require secure web transaction capabilities), with questions as
follows:

* How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to
buy compiler software)?

* Alternatively, is there a sitfrom which I can download precompiled
versions of (or an "installation Wizard" for) the above?

Please advise,
Thanks and kind regards,
Brendan Lloyd
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

At 16:42 +1000 15/07/02, Brendan Lloyd wrote:
>I am a new member to this group. I have a question which was asked on
>2002-06-07 by Ike Ikonne (for which I could not locate any answer in
>the list archives) so please forgive me for the repetition...
>
>My situation is like Ike's: I too need to install mod_ssl and Open_SSL
>(ie. require secure web transaction capabilities), with questions as
>follows:
>
>* How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to
> buy compiler software)?

Yes you can, but you'll need to buy MS Visual C++ to compile Apache.

Instructions are available at:
http://httpd.apache.org/docs/windows.html
http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL .Win32

I guess you'll prefer to use the precompiled version avaiable below.

>* Alternatively, is there a sitfrom which I can download precompiled
> versions of (or an "installation Wizard" for) the above?

I guess this is what you're looking for:
http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-O penSSL_0.9.6d-Win32.zip

Hope this helps,
GFK's
--
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/ (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

Hi all,

I wrote:
> I am a new member to this group. I have a question which was asked on
> 2002-06-07 by Ike Ikonne (for which I could not locate any answer in
> the list archives) so please forgive me for the repetition...
>
> My situation is like Ike's: I too need to install mod_ssl and Open_SSL
> (ie. require secure web transaction capabilities), with questions as
> follows:
>
> * How can I build OpenSSL and mod_ssl on NT or 2000 (ie. do I have to
> buy compiler software)?
>
> * Alternatively, is there a site from which I can download precompiled
> versions of (or an "installation Wizard" for) the above?

And last but not least: can anyone clarify what the state of Apache 2.0
is with regards to OpenSSL/mod_ssl?

I've read in some places that Apache 2.0 supports/includes these, but
then when I went to download the Windows binary distribution it had the
suffix "no_ssl"?

What's going on?

Confused,
Brendan Lloyd
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

Guillaume wrote:
> Yes you can, but you'll need to buy MS Visual C++ to compile Apache.
> Instructions are available at:
> http://httpd.apache.org/docs/windows.html
> http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL .Win32

I note that the modssl install instructions are out of date (as are
the versions of required software referenced). For example, the CygWin
version has been deprecated since about 1998!

> I guess you'll prefer to use the precompiled version avaiable below.

Yes, absolutely!

> >* Alternatively, is there a sitfrom which I can download precompiled
> > versions of (or an "installation Wizard" for) the above?

> I guess this is what you're looking for:
> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-O penSSL_0.9.6d-Win32.zip

Eureka! I LOVE u, Guillaume!!!! Thank you soooo much!

Much relieved,
Brendan
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

On Tue, 16 Jul 2002, Brendan Lloyd wrote:

> And last but not least: can anyone clarify what the state of Apache
> 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that
> Apache 2.0 supports/includes these, but then when I went to download
> the Windows binary distribution it had the suffix "no_ssl"?

Source distributions of Apache 2.0 include mod_ssl. Binary distributions
are a different story, but only because of ambiguities surrounding the
(IMHO silly) export restrictions of the US government. We know we're
allowed to export *source* for strong encryption software... but whether
we're able to legally distribute *binaries* of strong encryption software
is unclear. So we don't.

Of course, that's more of a burden on our Windows users than on our Unix
users, since the former tend to rely on binaries and the latter tend to
roll their own since they tend to have the compilation tools on hand.

The solution, as has been pointed out, is that somebody outside the US
contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them
to www.modssl.org/contrib, which is physically located in Germany, as
opposed to www.apache.org, which is physically located in the western US.

Sigh.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

Could the mirror sites not host ssl enabled version as they are not
in the US as they are in the Uk, Austrailia etc?

On 16 Jul 02, at 0:50, Cliff Woolley wrote:

> On Tue, 16 Jul 2002, Brendan Lloyd wrote:
>
> > And last but not least: can anyone clarify what the state of Apache
> > 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that
> > Apache 2.0 supports/includes these, but then when I went to download
> > the Windows binary distribution it had the suffix "no_ssl"?
>
> Source distributions of Apache 2.0 include mod_ssl. Binary distributions
> are a different story, but only because of ambiguities surrounding the
> (IMHO silly) export restrictions of the US government. We know we're
> allowed to export *source* for strong encryption software... but whether
> we're able to legally distribute *binaries* of strong encryption software
> is unclear. So we don't.
>
> Of course, that's more of a burden on our Windows users than on our Unix
> users, since the former tend to rely on binaries and the latter tend to
> roll their own since they tend to have the compilation tools on hand.
>
> The solution, as has been pointed out, is that somebody outside the US
> contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them
> to www.modssl.org/contrib, which is physically located in Germany, as
> opposed to www.apache.org, which is physically located in the western US.
>
> Sigh.
>
> --Cliff
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org



Technical Manager
Online Learning Support Unit
Middlesex University Business School

a.moon@mdx.ac.uk
020 8411 5092

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

At 00:50 -0400 16/07/02, Cliff Woolley wrote:
>On Tue, 16 Jul 2002, Brendan Lloyd wrote:
>
>> And last but not least: can anyone clarify what the state of Apache
>> 2.0 is with regards to OpenSSL/mod_ssl? I've read in some places that
>> Apache 2.0 supports/includes these, but then when I went to download
>> the Windows binary distribution it had the suffix "no_ssl"?
>
>Source distributions of Apache 2.0 include mod_ssl. Binary distributions
>are a different story, but only because of ambiguities surrounding the
>(IMHO silly) export restrictions of the US government. We know we're
>allowed to export *source* for strong encryption software... but whether
>we're able to legally distribute *binaries* of strong encryption software
>is unclear. So we don't.
>
>Of course, that's more of a burden on our Windows users than on our Unix
>users, since the former tend to rely on binaries and the latter tend to
>roll their own since they tend to have the compilation tools on hand.
>
>The solution, as has been pointed out, is that somebody outside the US
>contributed binaries for mod_ssl for Apache 2.0 on Win32 and uploaded them
>to www.modssl.org/contrib, which is physically located in Germany, as
>opposed to www.apache.org, which is physically located in the western US.
>
>Sigh.

Those interested in details on this legal stuff can see this site:
http://www.bxa.doc.gov/Encryption/

What is nice with this policy update is that source code is now
considered "unrestricted" (like Cliff said):
-----
Also for the first time, all encryption source code that would be
considered publicly available under Section 734.3(b)(3) of the EAR
(such as source code posted to the Internet) and the corresponding
object code may be exported and reexported under License Exception
TSU -- Technology and Software Unrestricted (specifically, Section
740.13(e) of the EAR), once notification (or a copy of the source
code) is provided to BIS and the ENC Encryption Request Coordinator.
See Note. Even if a license fee or royalty is charged for commercial
production or sale of products developed using the source code, such
source code is eligible for license exception TSU and no post-export
reporting is required.
-----
The complete content of the Export Administration Regulation (EAR) is
available at: http://w3.access.gpo.gov/bis/ear/ear_data.html
Disclamer: reading the content of the EAR may cause an headache. 8)

It looks like binaries made from publically available source code are
still considered "unrestricted". They explicitly say "[publically
available source code] and the corresponding object code may be
exported and reexported under License Exception TSU".

But the License Exception TSU states:
-----
(2) Provisions and Destinations.

(i) Provisions. Operation software may be exported or
reexported provided that both of the following conditions
are met:

(A) The operation software is the minimum
necessary to operate equipment authorized for
export or reexport; and

(B) The operation software is in object code.
-----
mod_ssl is not the "minimum necessary to operate equipment" since
it's an add-on module; Apache can work without mod_ssl. And part B
totally confused me, it says that ONLY object code can be exported...

I guess Apache's official policy is "let's not take chance." That
sucks... Couldn't they hire a legal advisor that could sort this out?

Or easier, can't we just give a call to the BXA and ask them "Do
object code made from publically available source-code still falls
under the License Exception TSU?", that would clear up the
question... We could ask them for a signed letter, and if we get
problems in the future, we could just show the letter and say that we
did our homework.

Ok, putting everything on modssl.org/contrib is MUCH MUCH easier.

GFK's
--
Guillaume Filion
Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/
PGP Key and more: http://guillaume.filion.org/ (this will redirect)
PGP Fingerprint: 14A6 720A F7BA 6C87 2331 33FD 467E 9198 3DED D5CA
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

On Tue, 16 Jul 2002, Alex Moon wrote:

> Could the mirror sites not host ssl enabled version as they are not
> in the US as they are in the Uk, Austrailia etc?

The way our mirroring system works, the mirrors do an rsync of
www.apache.org/dist. So they can't have files on their sites that aren't
on the main sites (or at least not for long), since rsync would delete
those files.

Additionally, it requires somebody outside the US do actually do the
compiling and uploading -- and all our Win32 guys (who are committers and
thus allowed to create official binaries) are in the US. :-/

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

I wrote:
> >My situation is like Ike's: I too need to install mod_ssl and Open_SSL
> >(ie. require secure web transaction capabilities) [on a Windows machine]
> >is there a site from which I can download precompiled versions of (or
> >an "installation Wizard" for) the above?

Guillaume replied:
> I guess this is what you're looking for:
> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-O penSSL_0.9.6d-Win32.zip

I'm somewhat confused.

I downloaded and uncompressed the above archive, uncompressed and was
delighted to find that mod_ssl was present in the modules directory.

But I couldn't find any openssl.exe and, from what I gather, I need this
executable/toolkit to generate a key pair and CSR?

I'm a bit new to web server security and have just had responsibility
thrust upon me, so I thank you all for your patience :)

Kind regards,
Brendan Lloyd

------------------------------------------------------------ --------
I n f o r m a t i o n S y s t e m s A n a l y s t
Wollongong UniCentre PO BOX U100 University of Wollongong NSW 2522
(02) 4221-8022 fax: (02) 4221-8026 blloyd@uow.edu.au
------------------------------------------------------------ --------
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

----- Original Message -----
From: "Brendan Lloyd"
To:
Sent: Wednesday, July 17, 2002 1:03 AM
Subject: Re: Mod_SSL for Windows 2000/NT/XP


> I wrote:
> > >My situation is like Ike's: I too need to install mod_ssl and Open_SSL
> > >(ie. require secure web transaction capabilities) [on a Windows
machine]
> > >is there a site from which I can download precompiled versions of (or
> > >an "installation Wizard" for) the above?
>
> Guillaume replied:
> > I guess this is what you're looking for:
> >
http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-O penSSL_0.9.6d-Wi
n32.zip
>
> I'm somewhat confused.
>
> I downloaded and uncompressed the above archive, uncompressed and was
> delighted to find that mod_ssl was present in the modules directory.
>
> But I couldn't find any openssl.exe and, from what I gather, I need this
> executable/toolkit to generate a key pair and CSR?
>
> I'm a bit new to web server security and have just had responsibility
> thrust upon me, so I thank you all for your patience :)

Have a look at OpenSA (www.opensa.org), it's a Windows distribution
containing Apache, OpenSSL, PHP etc... in a precompiled state with a Windows
Installer.

hth

Meint

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

Brendan wrote:
> > I downloaded and uncompressed the above archive, uncompressed and was
> > delighted to find that mod_ssl was present in the modules directory.
> >
> > But I couldn't find any openssl.exe and, from what I gather, I need this
> > executable/toolkit to generate a key pair and CSR?
> >
> > I'm a bit new to web server security and have just had responsibility
> > thrust upon me, so I thank you all for your patience :)

Thanks all, everything now solved (thanks in large part to the realisation
that all the stuff needed is under http://www.modssl.org/contrib AND the
help of a kind soul named Mark Anderson in Queensland Australia).

Thanks again & kind regards,
Brendan Lloyd
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

---------- Original Message ----------------------------------
>> I guess this is what you're looking for:
>> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-O penSSL_0.9.6d-Win32.zip
>
>I'm somewhat confused.
>I downloaded and uncompressed the above archive, uncompressed and > was delighted to find that mod_ssl was present in the modules
> directory.
>
>But I couldn't find any openssl.exe and, from what I gather, I
> need this

www.openssl.org/download/win32 ?? :)

>executable/toolkit to generate a key pair and CSR?
>I'm a bit new to web server security and have just had
>responsibility
>thrust upon me, so I thank you all for your patience :)

>Kind regards,
>Brendan Lloyd



__________________________________________________
D O T E A S Y - "Join the web hosting revolution!"
http://www.doteasy.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod_SSL for Windows 2000/NT/XP

Guillaume wrote::
> >> I guess this is what you're looking for:
> >> http://www.modssl.org/contrib/Apache_1.3.26-Mod_SSL_2.8.10-O penSSL_0.9.6d-Win32.zip

Brendan replied:
> > I'm somewhat confused.
> > I downloaded and uncompressed the above archive, uncompressed and
> > was delighted to find that mod_ssl was present in the modules
> > directory. But I couldn't find any openssl.exe [...]

arcean followed with:
> www.openssl.org/download/win32 ?? :)

As notified yesterday I've found what I needed. My point was
that I couldn't find the openssl.exe in the
Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6d-Win32.zip archive,
so I had to download it separately.

Kind regards,
Brendan
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org