> On Wed, Oct 24, 2012 at 5:24 PM, Tom Browder <tom.browder@xxxxxxxxx> wrote: > > Is it possible to use Apache with the NSS libraries instead of OpenSSL? > > Oops, I just found mod_nss. > > But I would appreciate any comments about the use of mod_ssl versus mod_nss. I've used both, and I now prefer mod_nss, because I find the configuration a little easier. With mod_ssl I have to specify all of the certificate file names in the configuration (SSLCertificateKeyFile, SSLCertificateFile, SSLCertificateChainFile). With mod_nss I just load all of the keys and certificates into the database, specify one mnemonic name in the configuration (NSSNickName), and mod_nss then figures out and serves up the whole certificate chain. I also like certutil and pk12util for managing the key+cert database. But the functionality is identical, and the differences are minor. It's basically going to depend on which toolset you like best - mod_ssl + openssl, or mod_nss + certutil/pk12util. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|