Hello; I would greatly appreciate assistance with an apache setup
problem.
Aim: Im trying to set up a mixed http/https server. The plan is to
hold secure stuff in one file hierarchy,
insecure in another. I don't seem to be able to get it to work. I've
tried searching both apache/ssl forums
and fedora forums for any info, but can't find any reports of similar
problems.
System info: Fedora core 4 on intel *86; I'm using the fedora httpd
configuration tool to do the setup
General structure: I'm aiming to configure separate ip virtual
servers to serve https traffic and http traffic
Problem: httpd startup always fails with the message:
"Starting httpd: (98)Address already in use: make_sock: could not
bind to address <my IP address>:443
no listening sockets available, shutting down"
In httpd configuration tool, I have configured the available
addresses as
<my ip address>:80
<my ip address>:443
I've configured two
virtual hosts:
"secure host" with address <my ip address>:443
(configured under the 'general options' tab as an ip virtual host on
<my ip address>:443
and with "enable ssl support" tiicked, and addresses provided for the
various keys
default host with address Default virtual host:80
configured as default virtual host and listening on port 80
and with 'enable ssl support unticked
In the httpd.conf file this generates
Listen <my ip address>:80
Listen <my ip address>:443
and lower down
<VirtualHost <my ip address>:443>
DocumentRoot /var/www/shtml/
ServerAdmin <my email addr>
ServerName <my domain name>
DirectoryIndex index.shtml index.html index.htm
SSLEngine on
</VirtualHost>
<VirtualHost *:80>
ServerAdmin <my email>
ServerName _default_:80
DirectoryIndex index.php index.html index.htm
SSLEngine on
</VirtualHost>
(I'd prefer not to broadcast the whole httpd.conf for security
reasons, but a search reveals there are no
other references to either of the numbers 80 or 443)
Oh, and there isn't anything else listening to port 443:
/sbin/fuser -4 -n udp 443
gives a null result.
Any thoughts? The httpd.conf file looks OK to me as far as I have
been able to tell from reading the
documentation. In particular, is it possible that the httpd error is
misleading me? I'm not absolutely
confident that my key setup is correct; is there any possibility that
a failure in key lookup could
generate this error message about ports?
Thanks for any assistance
Bob
************************************************************************
*****************************************************
In case it's relevant, here's my key generation script (domain name
deleted in case I've left any gaping security holes):
openssl genrsa -des3 -out /etc/httpd/conf/ssl.crt/ca.key 4096
openssl req -new -x509 -days 1000 -key /etc/httpd/conf/ssl.crt/ca.key
-out /etc/httpd/conf/ssl.crt/ca.crt
openssl genrsa -des3 -out /etc/httpd/conf/ssl.key/server.key 4096
openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out /etc/
httpd/conf/ssl.crt/server.csr -subj '/CN=<my domain name>'
openssl x509 -req -days 1000 -in /etc/httpd/conf/ssl.crt/server.csr -
CA /etc/httpd/conf/ssl.crt/ca.crt -CAkey /etc/httpd/conf/ssl.crt/
ca.key -signkey /etc/httpd/conf/ssl.key/server.key -set_serial 01 -
out /etc/httpd/conf/ssl.crt/server.crt
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
