Apache 2 SSL Error

2005-07-05 Thread Todd Suits
I set up a FreeBSD 4.11 jail to learn how to setup SSL on Apache 2
correctly. I installed Apache 2.0.54 from ports. I generated SSL certs
just for testing purposes. I'm not able to get any response at all
from the server on SSL unless I set the Listen :443 directive in the
httpd.conf as where I think it is supposed to be set in ssl.conf.  I
get the following error in httpd-error.log:

[Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
method in request \x80g\x01\x03

As this is just temporary and for testing purposes I have posted the
configs online as they are quite big and this is a work in progress,
see links below.

http://www.beerdrinka.com/httpd.conf

http://www.beerdrinka.com/ssl.conf

I keep re-reading the apache docs but there is just something I am
missing.  As a note I have also tried this in a non-jail environment
on 5.3 p16 and get the same error results.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread Andrew L. Gould
On Tuesday 05 July 2005 11:01 am, Todd Suits wrote:
 I set up a FreeBSD 4.11 jail to learn how to setup SSL on Apache 2
 correctly. I installed Apache 2.0.54 from ports. I generated SSL
 certs just for testing purposes. I'm not able to get any response at
 all from the server on SSL unless I set the Listen :443 directive in
 the httpd.conf as where I think it is supposed to be set in ssl.conf.
  I get the following error in httpd-error.log:

 [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
 method in request \x80g\x01\x03

 As this is just temporary and for testing purposes I have posted the
 configs online as they are quite big and this is a work in progress,
 see links below.

 http://www.beerdrinka.com/httpd.conf

 http://www.beerdrinka.com/ssl.conf

 I keep re-reading the apache docs but there is just something I am
 missing.  As a note I have also tried this in a non-jail environment
 on 5.3 p16 and get the same error results.

When trying to use SSL, are you using a URL with http://; or 
https://;?

Andrew Gould
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread Todd Suits
https://  is what im trying to use.  http:// just brings my normal
index.html page.

On 7/5/05, Andrew L. Gould [EMAIL PROTECTED] wrote:
 On Tuesday 05 July 2005 11:01 am, Todd Suits wrote:
  I set up a FreeBSD 4.11 jail to learn how to setup SSL on Apache 2
  correctly. I installed Apache 2.0.54 from ports. I generated SSL
  certs just for testing purposes. I'm not able to get any response at
  all from the server on SSL unless I set the Listen :443 directive in
  the httpd.conf as where I think it is supposed to be set in ssl.conf.
   I get the following error in httpd-error.log:
 
  [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
  method in request \x80g\x01\x03
 
  As this is just temporary and for testing purposes I have posted the
  configs online as they are quite big and this is a work in progress,
  see links below.
 
  http://www.beerdrinka.com/httpd.conf
 
  http://www.beerdrinka.com/ssl.conf
 
  I keep re-reading the apache docs but there is just something I am
  missing.  As a note I have also tried this in a non-jail environment
  on 5.3 p16 and get the same error results.
 
 When trying to use SSL, are you using a URL with http://; or
 https://;?
 
 Andrew Gould

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread [EMAIL PROTECTED]
On Tue, 5 Jul 2005 14:21:03 -0400
Todd Suits [EMAIL PROTECTED] wrote:

 https://  is what im trying to use.  http:// just brings my normal
 index.html page.
---cut---
I get the following error in httpd-error.log:
  
   [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
   method in request \x80g\x01\x03

are you using a hardware-router or something ?
if so, did you open the 443 port on that router and set up
portforwarding to port 443 ?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread Todd Suits
I have no problem accessing other https sites and there is not a
router, the jail is set up on a dedicated server in a data center
where serives like this are provided.

On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 On Tue, 5 Jul 2005 14:21:03 -0400
 Todd Suits [EMAIL PROTECTED] wrote:
 
  https://  is what im trying to use.  http:// just brings my normal
  index.html page.
 ---cut---
 I get the following error in httpd-error.log:
   
[Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
method in request \x80g\x01\x03
 
 are you using a hardware-router or something ?
 if so, did you open the 443 port on that router and set up
 portforwarding to port 443 ?
 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread Todd Suits
As an update the command: $ openssl s_client -connect localhost:443
-state -debug  from the Apache documents, produces the following
output:

killians# openssl s_client -connect localhost:443 -state -debug
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 0809A500 [080B1000] (142 bytes = 142 (0x8E))
 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ..c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`...
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46   ...F
0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a   .eN9.`..
0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q.
SSL_connect:SSLv2/v3 write client hello A
read from 0809A500 [080B7000] (7 bytes = 7 (0x7))
 - 3c 21 44 4f 43 54 59  !DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/usr/s   
rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475:

I'm just not sure how to deal with it.


On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote:
 I have no problem accessing other https sites and there is not a
 router, the jail is set up on a dedicated server in a data center
 where serives like this are provided.
 
 On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
  On Tue, 5 Jul 2005 14:21:03 -0400
  Todd Suits [EMAIL PROTECTED] wrote:
 
   https://  is what im trying to use.  http:// just brings my normal
   index.html page.
  ---cut---
  I get the following error in httpd-error.log:

 [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
 method in request \x80g\x01\x03
 
  are you using a hardware-router or something ?
  if so, did you open the 443 port on that router and set up
  portforwarding to port 443 ?
 
 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread Todd Suits
Sorry for all the responses but Googling has brought up possible
problems or questions.  I am starting Apache with
/usr/local/sbin/apachectl startssl is this correct for the FreeBSD
compiled version?

On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote:
 As an update the command: $ openssl s_client -connect localhost:443
 -state -debug  from the Apache documents, produces the following
 output:
 
 killians# openssl s_client -connect localhost:443 -state -debug
 CONNECTED(0003)
 SSL_connect:before/connect initialization
 write to 0809A500 [080B1000] (142 bytes = 142 (0x8E))
  - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ..c... ..9..
 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5
 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.f.
 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .c..
 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...@
 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`...
 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46   ...F
 0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a   .eN9.`..
 0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q.
 SSL_connect:SSLv2/v3 write client hello A
 read from 0809A500 [080B7000] (7 bytes = 7 (0x7))
  - 3c 21 44 4f 43 54 59  !DOCTY
 SSL_connect:error in SSLv2/v3 read server hello A
 50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
 protocol:/usr/s
 rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475:
 
 I'm just not sure how to deal with it.
 
 
 On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote:
  I have no problem accessing other https sites and there is not a
  router, the jail is set up on a dedicated server in a data center
  where serives like this are provided.
 
  On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
   On Tue, 5 Jul 2005 14:21:03 -0400
   Todd Suits [EMAIL PROTECTED] wrote:
  
https://  is what im trying to use.  http:// just brings my normal
index.html page.
   ---cut---
   I get the following error in httpd-error.log:
 
  [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
  method in request \x80g\x01\x03
  
   are you using a hardware-router or something ?
   if so, did you open the 443 port on that router and set up
   portforwarding to port 443 ?
  
  
 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread jdyke




Todd Suits wrote:

Sorry for all the responses but Googling has brought up possible
problems or questions.  I am starting Apache with
/usr/local/sbin/apachectl startssl is this correct for the FreeBSD
compiled version?

you don't *have to* use that, you can just use /usr/local/etc/rc.d/apache.sh and 
make sure that apache2ssl_enable=YES in /etc/rc.conf


to my knowledge, which may be lacking, you should be able to execute apaches 
start script as well.


if you run `ps -waux | grep httpd` from the prompt do you see httpd listed with 
-DSSL ??  the errors about 'invalid method' lead me to believe that you its only 
started as http not https.


what is in the error log as soon as you run /usr/local/sbin/apachectl startssl
and what does the above ps show.

jeff

On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote:


As an update the command: $ openssl s_client -connect localhost:443
-state -debug  from the Apache documents, produces the following
output:

killians# openssl s_client -connect localhost:443 -state -debug
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 0809A500 [080B1000] (142 bytes = 142 (0x8E))
 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ..c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`...
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46   ...F
0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a   .eN9.`..
0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q.
SSL_connect:SSLv2/v3 write client hello A
read from 0809A500 [080B7000] (7 bytes = 7 (0x7))
 - 3c 21 44 4f 43 54 59  !DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/usr/s
rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475:

I'm just not sure how to deal with it.


On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote:


I have no problem accessing other https sites and there is not a
router, the jail is set up on a dedicated server in a data center
where serives like this are provided.

On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:


On Tue, 5 Jul 2005 14:21:03 -0400
Todd Suits [EMAIL PROTECTED] wrote:



https://  is what im trying to use.  http:// just brings my normal
index.html page.


---cut---


I get the following error in httpd-error.log:

[Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
method in request \x80g\x01\x03


are you using a hardware-router or something ?
if so, did you open the 443 port on that router and set up
portforwarding to port 443 ?





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Apache 2 SSL Error

2005-07-05 Thread Todd Suits
Jeff

You are correct!  I was not starting Apache with SSL.  I knew I had to
use the startssl command however I was using webmin for ease of
clicking start and stop and I had entered startssl in the wrong
box in the module config so therefor I was not starting Apache with
SSL.  Once I started with SSL there were a few error's I had to 
correct with the certificates I generated and in the ssl.conf but
starting it correctly was the problem.  Thank you.. I have spent many
hours trying to get this set up and was very frustrated over the whole
project.  Thanks again to everyone who took the time to reply.  This
list is a great resource and without everyones participation it would
not work.

 7/5/05, jdyke [EMAIL PROTECTED] wrote:
 
 
 
 Todd Suits wrote:
  Sorry for all the responses but Googling has brought up possible
  problems or questions.  I am starting Apache with
  /usr/local/sbin/apachectl startssl is this correct for the FreeBSD
  compiled version?
 
 you don't *have to* use that, you can just use /usr/local/etc/rc.d/apache.sh 
 and
 make sure that apache2ssl_enable=YES in /etc/rc.conf
 
 to my knowledge, which may be lacking, you should be able to execute apaches
 start script as well.
 
 if you run `ps -waux | grep httpd` from the prompt do you see httpd listed 
 with
 -DSSL ??  the errors about 'invalid method' lead me to believe that you its 
 only
 started as http not https.
 
 what is in the error log as soon as you run /usr/local/sbin/apachectl startssl
 and what does the above ps show.
 
 jeff
  On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote:
 
 As an update the command: $ openssl s_client -connect localhost:443
 -state -debug  from the Apache documents, produces the following
 output:
 
 killians# openssl s_client -connect localhost:443 -state -debug
 CONNECTED(0003)
 SSL_connect:before/connect initialization
 write to 0809A500 [080B1000] (142 bytes = 142 (0x8E))
  - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ..c... ..9..
 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5
 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.f.
 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .c..
 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...@
 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`...
 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46   ...F
 0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a   .eN9.`..
 0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q.
 SSL_connect:SSLv2/v3 write client hello A
 read from 0809A500 [080B7000] (7 bytes = 7 (0x7))
  - 3c 21 44 4f 43 54 59  !DOCTY
 SSL_connect:error in SSLv2/v3 read server hello A
 50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
 protocol:/usr/s
 rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475:
 
 I'm just not sure how to deal with it.
 
 
 On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote:
 
 I have no problem accessing other https sites and there is not a
 router, the jail is set up on a dedicated server in a data center
 where serives like this are provided.
 
 On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 
 On Tue, 5 Jul 2005 14:21:03 -0400
 Todd Suits [EMAIL PROTECTED] wrote:
 
 
 https://  is what im trying to use.  http:// just brings my normal
 index.html page.
 
 ---cut---
 
  I get the following error in httpd-error.log:
 
 [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid
 method in request \x80g\x01\x03
 
 are you using a hardware-router or something ?
 if so, did you open the 443 port on that router and set up
 portforwarding to port 443 ?
 
 
 
  ___
  freebsd-questions@freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to [EMAIL PROTECTED]
 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]