On Aug 31, 2009, at 8:50 PM, keith smith wrote:
Here it is. Thanks!Also log shows this about 10 times[Mon Aug 31 18:30:09 2009] [warn] RSA server certificate CommonName (CN) `newcart.dev' does NOT match server name!?<VirtualHost 192.168.20.20:443> DocumentRoot "/work/dev/newcart.dev" ServerName newcart.dev:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log ##LogLevel warn LogLevel debug ##SSLEngine on ##SSLProtocol all -SSLv2 ##SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW ##SSLCertificateFile /etc/pki/tls/certs/localhost.crt ##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt ##<Files ~ "\.(cgi|shtml|phtml|php3?)$"> ## SSLOptions +StdEnvVars ##</Files> ##<Directory "/var/www/cgi-bin"> ## SSLOptions +StdEnvVars ##</Directory> ##SetEnvIf User-Agent ".*MSIE.*" \ ## nokeepalive ssl-unclean-shutdown \ ## downgrade-1.0 force-response-1.0 ##CustomLog logs/ssl_request_log \ ## "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
ok, with all that stuff commented out, the browser sends you an ssl request, and you answer in plaintext. Chaos ensues. (The server doesn't 'know' that its supposed to speak ssl on port 443. That's a common convention, but not a technical requirement.)
The only must-have directives are SSLEngine on, SSLCertificateFile, and SSLCertificateKeyFile (that file should only be readable by root, btw). Everything else seems fine at a glance, but you can leave the rest commented out while you're debugging.
alex
PGP.sig
Description: This is a digitally signed message part
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
