diff options
author | rcritten <> | 2005-08-03 13:38:26 +0000 |
---|---|---|
committer | rcritten <> | 2005-08-03 13:38:26 +0000 |
commit | 64342aaae7731e2d75217c7403f7da597bd45aee (patch) | |
tree | 80c873d231edd8cbf50e98b2fc635c42e1e23a3c | |
parent | b4164d9bc67d846bf9a66922d94fe77c898b9d3d (diff) | |
download | mod_nss-64342aaae7731e2d75217c7403f7da597bd45aee.tar.gz mod_nss-64342aaae7731e2d75217c7403f7da597bd45aee.tar.xz mod_nss-64342aaae7731e2d75217c7403f7da597bd45aee.zip |
Add more information related to gencert
Tell user's where to find more documentation
-rw-r--r-- | README | 22 |
1 files changed, 18 insertions, 4 deletions
@@ -22,11 +22,14 @@ BUILDING Build and install those packages somewhere then configure the module with something like: - % ./configure --with-apxs=/path/to/apxs/ --with-nspr=/path/to/nspr/ --with-nss=/path/to/nss/ + % ./configure --with-apxs[=/path/to/apxs/] --with-nspr=/path/to/nspr/ --with-nss=/path/to/nss/ % gmake all install + You only need to use =/path/to/apxs if apxs isn't in your path or if you + want to install into a specific Apache installation. + This will install a sample configuration file nss.conf. You'll need to do - some hand-editing as well. + some hand-editing as well to tell Apache to read this file. To httpd.conf add (anywhere is fine): @@ -35,12 +38,19 @@ BUILDING You'll need to change the default ports in nss.conf from 443 to something else if you aren't starting this as root. -CONFIGURING +CONFIGURING NSS You'll need to create an NSS database and get a server certificate installed. A script, gencerts, is included to help get things going with a self-signed certificate. This is a *BAD* idea and you shouldn't use this. It is for - example purposes only. + demonstration purposes only. As a matter of policy, users should not get + used to accepting a SSL certifiate signed by an unknown or untrusted + issuer. + + The result of the gencert script is an NSS database that contains a + self-signed CA, a server certificate (nickname Server-Cert) and a + client certificate (alpha). The client certificate is generated to make + testing client authentication simpler. You can store the token passwords in a file so you aren't prompted during startup (so you can do unattended starts, for example). To do this, set @@ -53,3 +63,7 @@ CONFIGURING A sample for the internal software token is like: internal:netscape + +DOCUMENTATION + + See docs/mod_nss.html for additional information. |