-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Even more revealing was the passphrase prompt, not required for plain
httpd...
Thanks,
Ron DuFresne
On Tue, 19 Jun 2007, Omar W. Hannet wrote:
Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask: the output from 'apachectl start'
which you provided below shows 'mod_ssl/2.2.4'.
In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
'Apache/2.2.4' and 'configured -- resuming normal operations', do
you see 'mod_ssl/2.2.4'? If so, it is still being loaded from somewhere
in your configuration.
Saikat Saha wrote:
Sorry for late response on this one. This is what we have in httpd.conf
which is generated at compile time. This problem does not go away even
if I comment out last four lines and restart apache. Could you please
advise what else could be leading apache to think it is https rather
than http?
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
With above commented out, when I try to start apache, I get following
passphrase prompt and apache does not start even after saying passphrase
successful, no logs in logs directory although log level is "debug"
]# ./apachectl start
httpd: Could not reliably determine the server's fully qualified domain
name, using 10.3.110.109 for ServerName
Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server 10.3.110.109:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
[EMAIL PROTECTED] bin]#
Thanks you very much for your help.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Omar W. Hannet
Sent: Monday, June 18, 2007 8:34 AM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl
Do you have <IfModule ssl_module> tags surrounding all
SSL directives in your configuration file? For example:
<IfModule ssl_module>
SSLPassPhraseDialog builtin
# etc.
</IfModule>
Saikat Saha wrote:_module>
Apache was compiled as below
./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
disk_cache" --prefix=/opt/apache-2.2.4
Httpd -l gives below
[EMAIL PROTECTED] bin]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
How do I compile so that it does not load mod_ssl automatically and
loads only if httpd.conf is configured.
Surprisingly there are no error logs even at debug level.
Thank you so very much for the kind help.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Omar W. Hannet
Sent: Friday, June 15, 2007 4:13 PM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl
Saikat Saha wrote:
We have apache 2.2.4 compiled with all modules but commented out all load
modules. Do not have anything in httpd.conf file to state that
this
is https. But when I start apache, it tries to goto https and prompts
for pass phrase. How does apache determine that this is https whereas
this is actually a http server.
Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check
this.
After I enter a passphrase, it shows successful but the server never
starts up. Can someone please help?
The reason probably can be found in Apache's error_log file.
Also can apache support both http and https at different ports at the
same time?
Yes. The defaults are port 80 for http and port 443 for https.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFGer+zst+vzJSwZikRAlhnAJ4rLby4nNIlTNYwr0Vq2bQdI1TGmwCgwn1e
itrUfe7Vl+cuoIdY3KOVw8M=
=LeZD
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]