On Tue, Jun 27, 2006 at 04:34:19PM +0200, FTP wrote: > On Tue, Jun 27, 2006 at 03:55:16PM +0200, FTP wrote: > > On Tue, Jun 27, 2006 at 08:49:37AM -0400, Peter Blair wrote: > > > SSL certificates for a hostname requires a unique IP address. Are you > > > trying to do virtual name hosting with https? > > > > > > On 6/27/06, FTP <[EMAIL PROTECTED]> wrote: > > > >On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote: > > > >> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote: > > > >> >Hi there, > > > >> > > > > >> >I was trying to start Apache in SSL mode and I did follow the > > > >> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued > > > >> >"apachectl startssl" and everything went fine. > > > >> > > > > >> >Now, when I point to the https://<IP-address> from my server I get an > > > >> >"unable to connect error"! > > > >> > > > > >> >What did I do wrong? > > > >> > > > > >> >In the ssl_engine_log I get: "Configuring server new.host.name:443 > > > >> >for > > > >SSL > > > >> >protocol". This server has no domain assigned. Did I do something > > > >> >wrong > > > >in > > > >> >the certs? > > > >> > > > >> no, but you probably neglected to edit /var/www/conf/httpd.conf B > > > >> appropriately (ServerName and NameVirtualHost come to mind, as well as > > > >> the appropriate name-specific parts of the SSL config in the same > > > >> file). ssl_engine_log probably won't give you the info you need here; > > > >> take a look at your access_log and error_log. > > > >> -- > > > >> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527 > > > >> encrypted email to the latter address please > > > >> http://darkuncle.net/pubkey.asc for public key > > > >> > > > > > > > >Thanks for your reply. > > > > > > > >Well, the error_log doesn't get any message. Also, the regular http does > > > >show the web page without having the IP address in the http.conf file. > > > >Why > > > >doesn't this work with SSL as well? > > > >Certs etc. are in the correct path. > > > > > > > >Thanks > > > > > > > >George > > > > > > > > > > > > the weird thing is that I don't anything in the logs! No errors - nothing! > > > > some more ifo: > > when trying curl https://localhost I get the follwing: > > curl: (60) Failed to connect to ::1: Connection refused > More details here: http://curl.haxx.se/docs/sslcerts.html > > curl performs SSL certificate verification by default, using a "bundle" > of Certificate Authority (CA) public keys (CA certs). The default > bundle is named curl-ca-bundle.crt; you can specify an alternate file > using the --cacert option. > If this HTTPS server uses a certificate signed by a CA represented in > the bundle, the certificate verification probably failed due to a > problem with the certificate (it might be expired, or the name might > not match the domain name in the URL). > If you'd like to turn off curl's verification of the certificate, use > the -k (or --insecure) option. > > if I issue curl -k https://localhost instead, I do get the page. Could it be > due to the self-signed cert? > > Thanks George >
even more info: when I try to access the site via lynx I do get an SSL error message moaning that I have a self-signed cert. After accepting this, the page gets dispalyed. So it looks like the problem is with the CA? How do I correct that? I found the a reference in "manual/mod/mod_ssl/ssl_faq.html#ToC24" but mentions a "sign.sh" script wich isn't present in the OBSD package. Thanks George
