On Tuesday 12 July 2005 04:21 pm, bibhor dhungel wrote: > hi, > i used "service httpd restart" to restart the server. i had encrypted > the server key so it asked me for the passphrase before starting. when > i changed ssl.conf (sorry for not mentioning that i am using openssl) > i defined it to listen to port 443 and i am not sure how to check if > its listening at that port (i am assuming that port 443 is open by > default).
You can see what ports are open and what's listening on them with: netstat -nlp When I installed openssl on our servers, I had to explicitly use 'startssl' as the parameter to apachectl. My conf files do tell it to listen on port 443, but w/o that ssl is not enabled and port 443 is not bound. I think startssl is equivalent to 'start -DSSL' > here's bits from my ssl.conf: > # added by Bibhor on 07/12/2005 > SSLCertificateFile /etc/httpd/conf/ssl.crt/new.crt > > # Server Private Key: > # If the key is not combined with the certificate, use this > # directive to point at the key file. Keep in mind that if > # you've both a RSA and a DSA private key you can configure > # both in parallel (to also allow the use of DSA ciphers, etc.) > # added by Bibhor on 07/12/2005 > SSLCertificateKeyFile /etc/httpd/conf/ssl.key/new.server.com these look fine from what I can tell. You may need a CA cert bundle file as well, such as: SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt This is sometimes referred to as a 'chain' file. -- Respectfully, Nicholas Leippe Sales Team Automation, LLC 1335 West 1650 North, Suite C Springville, UT 84663 +1 801.853.4090 http://www.salesteamautomation.com .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
