I got me apache (1.3.12) mod_ssl (2.6.5) openssl-0.9.4 and php (4.0.4) and
have tried to install them following the instructions. But I can't get
apache to run over ssl.
Apache is working for http, and is correclty processing PHP files but I
can't get https to work. I've generated my certificates (twice - forgot the
pass-phrase I put on thme 1st time around) and their all in place I've
added what I beleive are the relevant bits to my httpd.conf (see below). So
now, when I run .../apachectl startssl, it asks for the passphrase, and
sems to start OK, in the logs dir I can see ssl_engine_log,
ssl_mutex.20753, ssl_request_log have appeared (only the former has
anything in it). There's nothing to suggest anything is going wrong in the
error_log. But there is nothing listening on the HTTPS port (443).
Any help gratefully received.
Colin
The ssl_engine_log looks like this:
[23/Feb/2001 14:34:34 20757] [info] Init: Seeding PRNG with 512 bytes of
entrop
y
[23/Feb/2001 14:34:34 20757] [info] Init: Configuring temporary RSA
private key
s (512/1024 bits)
[23/Feb/2001 14:34:34 20757] [info] Init: Configuring temporary DH
parameters (
512/1024 bits)
[23/Feb/2001 14:34:34 20757] [info] Init: Initializing (virtual) servers
for SS
L
[23/Feb/2001 14:34:34 20757] [info] Init: Configuring server
lonmay.wew.co.uk:4
43 for SSL protocol
[23/Feb/2001 14:34:34 20757] [warn] Init: (lonmay.wew.co.uk:443) RSA
server cer
tificate CommonName (CN) `mail.wew.co.uk' does NOT match server name!?
[23/Feb/2001 14:35:10 20816] [info] Server: Apache/1.3.12, Interface:
mod_ssl/2
.6.5, Library: OpenSSL/0.9.4
[23/Feb/2001 14:35:10 20816] [info] Init: 1st startup round (still not
detached
)
[23/Feb/2001 14:35:10 20816] [info] Init: Initializing OpenSSL library
[23/Feb/2001 14:35:10 20816] [info] Init: Loading certificate & private
key of
SSL-aware server lonmay.wew.co.uk:443
[23/Feb/2001 14:35:10 20816] [info] Init: Requesting pass phrase via
builtin te
rminal dialog
[23/Feb/2001 14:35:13 20816] [info] Init: Wiped out the queried pass
phrases fr
om memory
[23/Feb/2001 14:35:39 20816] [info] Init: Seeding PRNG with 512 bytes of
entrop
y
[23/Feb/2001 14:35:39 20816] [info] Init: Generating temporary RSA private
keys
(512/1024 bits)
[23/Feb/2001 14:35:40 20816] [info] Init: Configuring temporary DH
parameters (
512/1024 bits)
(both lonmay and mail are valid names for the server).
my httpd.conf file looks like.....
...
# <IfDefine SSL>
AddModule mod_ssl.c
# </IfDefine>
...
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache/logs/ssl_mutex
SSLRandomSeed startup file:/dev/random 512
SSLRandomSeed connect file:/dev/random 512
# none, error, warn, info, trace, debug.
SSLLog /usr/local/apache/logs/ssl_engine_log
SSLLogLevel info
</IfModule>
<IfDefine SSL>
##
## SSL Virtual Host Context
##
<VirtualHost lonmay.wew.co.uk:443>
# General setup for the virtual host
DocumentRoot "/home/httpd/secure"
# following are same as main
ServerName lonmay.wew.co.uk
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
# as far as I can tell the following are valid
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
