RE:somebody shoot me, please

Brendon Maragia Thu, 16 Nov 2000 11:04:41 -0800
Hiendl,

Thank you very much for the vhost, however, it still didn't work lol :).  I 
did get the error log buffer here though if you would like to take a look.  
It looks pretty normal to me but maybe you'll see something i didn't.

[16/Nov/2000 03:09:47 17047] [info]  Server: Apache/1.3.14, Interface: 
mod_ssl/2.7.1, Library: OpenSSL/0.9.6
[16/Nov/2000 03:09:47 17047] [info]  Init: 1st startup round (still not 
detached)
[16/Nov/2000 03:09:47 17047] [info]  Init: Initializing OpenSSL library
[16/Nov/2000 03:09:47 17047] [info]  Init: Loading certificate & private key 
of SSL-aware server checkout.commaflex.com:443
[16/Nov/2000 03:09:47 17047] [info]  Init: Requesting pass phrase via 
builtin terminal dialog
[16/Nov/2000 03:09:52 17047] [info]  Init: Wiped out the queried pass 
phrases from memory
[16/Nov/2000 03:09:52 17047] [info]  Init: Seeding PRNG with 136 bytes of 
entropy
[16/Nov/2000 03:09:52 17047] [info]  Init: Generating temporary RSA private 
keys (512/1024 bits)
[16/Nov/2000 03:09:53 17047] [info]  Init: Configuring temporary DH 
parameters (512/1024 bits)
[16/Nov/2000 03:09:53 17048] [info]  Init: 2nd startup round (already 
detached)
[16/Nov/2000 03:09:53 17048] [info]  Init: Reinitializing OpenSSL library
[16/Nov/2000 03:09:53 17048] [info]  Init: Seeding PRNG with 136 bytes of 
entropy
[16/Nov/2000 03:09:53 17048] [info]  Init: Configuring temporary RSA private 
keys (512/1024 bits)
[16/Nov/2000 03:09:53 17048] [info]  Init: Configuring temporary DH 
parameters (512/1024 bits)
[16/Nov/2000 03:09:53 17048] [info]  Init: Initializing (virtual) servers 
for SSL
[16/Nov/2000 03:09:53 17048] [info]  Init: Configuring server 
checkout.commaflex.com:443 for SSL protocol
[16/Nov/2000 03:09:53 17048] [warn]  Init: (www.commaflex.com:443) You 
configured HTTP(80) on the standard HTTPS(443) port!
[16/Nov/2000 03:10:10 17049] [info]  Connection to child 0 established 
(server checkout.commaflex.com:443, client 172.165.45.
161)
[16/Nov/2000 03:10:10 17049] [info]  Seeding PRNG with 1160 bytes of entropy
[16/Nov/2000 03:10:11 17049] [info]  Connection: Client IP: 172.165.45.161, 
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits
)
[16/Nov/2000 03:10:11 17049] [info]  Connection to child 0 closed with 
standard shutdown (server checkout.commaflex.com:443,
client 172.165.45.161)
[16/Nov/2000 03:10:19 17050] [info]  Connection to child 1 established 
(server checkout.commaflex.com:443, client 172.165.45.
161)
[16/Nov/2000 03:10:19 17050] [info]  Seeding PRNG with 1160 bytes of entropy
[16/Nov/2000 03:10:20 17050] [info]  Connection: Client IP: 172.165.45.161, 
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits
)
[16/Nov/2000 03:10:20 17050] [info]  Connection to child 1 closed with 
standard shutdown (server checkout.commaflex.com:443,
client 172.165.45.161)



>From: Hiendl Elke <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: RE:somebody shoot me, please
>Date: Thu, 16 Nov 2000 09:55:58 +0100
>
>
>Hi Brendon,
>
>this is my Virtual-Host-configuration; I have Apache 1.3.14, mod_ssl 2.7.1
>and openssl 0.9.6 running on COL 2.3. It works fine on both browsers
>(Netscape 4.7 and MSIE 5.5), even with a dummy-cert.
>
>
>####  Section 2: Main Server Configuration
>
>#Port: port to which the stand-alone server listens
>#Port 80
>Port 443
>
>
>#SSL Support: standard https-port
><IfDefine SSL>
>#Listen 80
>Listen 443
></IfDefine>
>
>....
>
><IfDefine SSL>
>AddType application/x-x509-ca-cert .crt
>AddType application/x-pkcs7-crl .crl
></IfDefine>
>
><IfModule mod_ssl.c>
>
>#PassPhraseDialog:
>SSLPassPhraseDialog builtin
>
>#Inter Process Session Cache
>SSLSessionCache                dbm:/etc/httpd/logs/ssl_cache
>SSLSessionCacheTimeout  300
>
>#Semaphore:inter-process synchronization;
>SSLMutex file:/etc/httpd/logs/ssl_mutex
>
>#Pseudo Random Number Generator (PRNG)
>SSLRandomSeed startup builtin
>SSLRandomSeed connect builtin
>
>#Logging:.
>SSLLog /etc/httpd/logs/ssl_engine_log
>#Log Levels  none, error, warn, info, trace, debug
>SSLLogLevel info
>
></IfModule>
>
><IfDefine SSL>
>
>
>####SSL Virtual Host Context
>
><VirtualHost _default_:443>
>
>DocumentRoot "/etc/httpd/htdocs"
>ServerName server.company.com
>ServerAdmin [EMAIL PROTECTED]
>ErrorLog /etc/httpd/logs/error_log
>TransferLog /etc/httpd/logs/access_log
>
>#SSl engine switch
>#Enable/Disable SSL
>SSLEngine on
>
>#SSLCipherSuite
>SSLCipherSuite HIGH:MEDIUM:LOW:EXP:-SSLv2
>
>#allow all ciphers for the initial handshake,
>#so export browsers can upgrade via SGC facility
><Directory "/etc/httpd/htdocs">
>#but finally deny all browsers which haven`t upgraded
>#SSLRequire %{SSL_CIPHER_USEKEYSIZE} >=128
></Directory>
>
>#Server certificate
>SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
>
>#Server Private Key
>SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
>
>#ServerCertificateChain: .
>#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
>
>#Certificate Authority
>#SSLCACertificatePath /etc/httpd/conf/ssl.crt
>#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
>
>#Certificate Revocation Lists (CRL)
>#SSLCARevocationPath /etc/httpd/conf/ssl.crl
>#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
>
>#Client-Authentication
>#SSLVerifyClient require
>#SSLVerifyDepth  10
>
>#   Access Control:
>#   With SSLRequire you can do per-directory access control based
>#   on arbitrary complex boolean expressions containing server
>#   variable checks and other lookup directives.  The syntax is a
>#   mixture between C and Perl.  See the mod_ssl documentation
>#   for more details.
>#<Location />
>#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
>#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
>#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
>#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
>#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
>#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
>#</Location>
>
>#SSLEngine Options
>SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
>
>#If CGI, uncomment
>#<Files ~ "\.(cgi|shtml)$">
>#   SSLOptions +StdEnvVars
>#</Files>
>#<Directory "/etc/httpd/cgi-bin">
>#    SSLOptions +StdEnvVars
>#</Directory>
>
>#SSLProtocol Adjustments
>SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
>#Per server Logging
>CustomLog /etc/httpd/logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
></VirtualHost>
>
></IfDefine>
>
>
>Maybe this is a little help or brings you some new inspirations on your
>problem. Good luck!
>
>Elke
>
>
>
>
>Elke Hiendl
>Beraterin f�r System- und Netzwerkmanagement
>iteratec
>Gesellschaft f�r iterative Softwaretechnologien mbH
>Inselkammerstra�e 4
>82008 M�nchen-Unterhaching
>
>Telefon     +49 89  61 45 51 - 35
>Fax          +49 89  61 45 51 - 10
>www        http://www.iteratec.de
>mailto:[EMAIL PROTECTED]
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      [EMAIL PROTECTED]
>Automated List Manager                            [EMAIL PROTECTED]

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
RE:somebody shoot me, please

Reply via email to
