apachectl restart problem...
Greetings all, I'm curious if anyone has come across issues with starting apache using - # $APACHE_HOME/bin/apachectl startssl and then having apache hang when issuing this - # $APACHE_HOME/bin/apachectl restart I'm running 1.3.26 with the latest mod_ssl on Solaris 8. I don't get any error messages in the logs, and apachectl says that it restarts just fine, but when you point a browser back to the server it does not respond. I can fix it with an apachectl stop;apachectl startssl, but I'm just curious about not being able to do the restart. -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: apachectl restart problem...
I thought it might be something like that, but typically when I've run into this, I've made a change to a http virtual host, and all the other virtual hosts ssl or not, are then not accessible. Maybe apache needs a better way to reload configs for virtual hosts (such that it doesn't bother anything else)...but that's not a topic for this list. :) Thanks for the response. On Wed, 2002-07-31 at 09:48, Boyle Owen wrote: From: Sean M Alderman [mailto:[EMAIL PROTECTED]] Greetings all, I'm curious if anyone has come across issues with starting apache using - # $APACHE_HOME/bin/apachectl startssl and then having apache hang when issuing this - # $APACHE_HOME/bin/apachectl restart I'm running 1.3.26 with the latest mod_ssl on Solaris 8. I don't get any error messages in the logs, and apachectl says that it restarts just fine, but when you point a browser back to the server it does not respond. I can fix it with an apachectl stop;apachectl startssl, but I'm just curious about not being able to do the restart. Restart sends a HUP to apache. I've found that this is sometimes insufficiently forceful to make apache reload certain SSL parameters (e.g. if you change the certificate). However, it should be sufficient for non-SSL edits. Rgds, Owen Boyle __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Quickie on Certrificate Requests (combined with virtualhosts)...
Thanks guys. I saw the Sun patch, but unfortunately I'm just the webmaster on this machine, not the Admin, so there's not a lot I can do about that except ask him to put it on. Anyway, I just shipped off my CSRs. Thanks for the Help! On Mon, 2002-07-01 at 16:30, Cliff Woolley wrote: On 1 Jul 2002, Sean M Alderman wrote: Cool, thanks!... So I've done that, I needed to use the make certificate instead of the openssh commands because of the lack of a /dev/random on Solaris 8 (I don't know why make is able to do make it happen when I can't). Anyway, each time I run it it generates a new server.key file, I need to keep each of these right?...perhaps name them based on the virtual host each are for? Yes, exactly right. Dunno why the make certificate thing works when the openssl commands directly don't -- probably just some configuration issues. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Quickie on Certrificate Requests (combined with virtual hosts)...
Greetings all, I'm hoping someone on the list might have some experience with multiple IP based virtual hosts and generating CSRs for ssl certs for each host. Something has me thinking that if I run the commans from the mod_ssl faq, I'll get several CSRs for the same host (either local or the main hostname). That shouldn't be, certs are hostname specific right? Anyway, if anyone would be so kind as to pass me a clue. Thanks. -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Quickie on Certrificate Requests (combined with virtualhosts)...
Cool, thanks!... So I've done that, I needed to use the make certificate instead of the openssh commands because of the lack of a /dev/random on Solaris 8 (I don't know why make is able to do make it happen when I can't). Anyway, each time I run it it generates a new server.key file, I need to keep each of these right?...perhaps name them based on the virtual host each are for? On Mon, 2002-07-01 at 15:18, Cliff Woolley wrote: On 1 Jul 2002, Sean M Alderman wrote: I'm hoping someone on the list might have some experience with multiple IP based virtual hosts and generating CSRs for ssl certs for each host. Something has me thinking that if I run the commans from the mod_ssl faq, I'll get several CSRs for the same host (either local or the main hostname). That shouldn't be, certs are hostname specific right? Anyway, if anyone would be so kind as to pass me a clue. The commands in the FAQ should be okay. When you run openssl and ask it to generate a CSR, it will prompt you for various things, one of which is Common Name (CN) -- enter the hostname with which the certificate should be associated there, and that's all you should have to do. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Two certificates in apache and mod_ssl
Are you using IP Based virtual hosting? I don't think you can have multiple certificates on a since IP on the same port. On Fri, 2002-06-21 at 10:34, Kirchner Stefan wrote: Hello, I defined two virtual hosts in apache + mod_ssl with two different server certificates. I tried to access the https connection and I got for both virtual hosts the certificate of the first virtual host. How do I have to configure it to get the right certificate of each virtual host. Or is it not possible? Or how? Stefan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 1.3.26 Upgrade Question
I believe if you register for it you can download the commandline version of Borland C++ for free now, although I don't know how well it supports using configure and make files. On Thu, 2002-06-20 at 14:58, Jim Lee wrote: The platform is win32. I do not have a VC++ 5.0 compiler installed. Any free C++ compiler download suggestion from the internet would be great. Hi, Could somebody help me create the Apache_1.3.26-Mod_SSL_x-OpenSSL_x file from the mod_ssl-2.8.9-1.3.26.tar.gz file that has been released recently. what platform? unix requires nothing more than a configure in the mod_ssl directory, followed by make. Win32 is a little more cumbersome. Aryeh Aryeh Katz VASCO www.vasco.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Testing with a dummy certificate...
Hi all, Just got Apache and Mod_SSL setup last friday for the first time. I did the make certificate to create a dummy cert and installed it. I run APACHE_HOME/bin/apachectl startssl to get the server started and get prompted for the passphrase, enter the phrase and the server starts up. When I point a browser to it (tried ssl-aware lynx, Netscape 4.78, and Mozilla 0.99) the browser gives me an error (not an unrecognized CA certificate message). Below is a snippet of some logs from APACHE_HOME/logs. Could anyone tell me what the Invalid Method Request F message means? Oh and I'm running Apache 1.3.24. mod_SSL 2.8.8, on 64bit UltraSPARC Solaris 2.8. Thanks! Logs... # pwd /usr/appl/apache/logs # tail access_log WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/apache_pb.gif HTTP/1.1 200 1806 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/openssl_ics.gif HTTP/1.1 200 2063 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/mod_ssl_sb.gif HTTP/1.1 200 2007 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/feather.jpg HTTP/1.1 200 7108 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:08 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:19 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:44:54 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:45:08 -0400] F 501 - # tail error_log [Fri Jun 7 15:42:19 2002] [notice] Accept mutex: fcntl (Default: fcntl) [Mon Jun 10 10:41:12 2002] [notice] caught SIGTERM, shutting down [Mon Jun 10 10:41:45 2002] [notice] Apache/1.3.24 (Unix) PHP/4.2.0 mod_ssl/2.8.8 OpenSSL/0.9.6c configured -- resuming normal operations [Mon Jun 10 10:41:45 2002] [notice] Accept mutex: fcntl (Default: fcntl) [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:42:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:42:19 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:44:54 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:45:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F # tail ssl_engine_log [10/Jun/2002 10:41:39 14549] [info] Init: Seeding PRNG with 136 bytes of entropy [10/Jun/2002 10:41:39 14549] [info] Init: Generating temporary RSA private keys (512/1024 bits) [10/Jun/2002 10:41:45 14549] [info] Init: Configuring temporary DH parameters (512/1024 bits) [10/Jun/2002 10:41:45 14553] [info] Init: 2nd startup round (already detached) [10/Jun/2002 10:41:45 14553] [info] Init: Reinitializing OpenSSL library [10/Jun/2002 10:41:45 14553] [info] Init: Seeding PRNG with 136 bytes of entropy [10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary DH parameters (512/1024 bits) [10/Jun/2002 10:41:45 14553] [info] Init: Initializing (virtual) servers for SSL [10/Jun/2002 10:41:45 14553] [info] Init: Configuring server .lerc.nasa.gov:8443 for SSL protocol -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Testing with a dummy certificate...
Opps...Nevermind, I just found that I had missed changing one line in the conf/httpd.conf to change the port number from 8443 to 443. Is there are a reason why the config defaults to ports 8080 and 8443 instead of 80 and 443? On Mon, 2002-06-10 at 10:55, Sean M Alderman wrote: Hi all, Just got Apache and Mod_SSL setup last friday for the first time. I did the make certificate to create a dummy cert and installed it. I run APACHE_HOME/bin/apachectl startssl to get the server started and get prompted for the passphrase, enter the phrase and the server starts up. When I point a browser to it (tried ssl-aware lynx, Netscape 4.78, and Mozilla 0.99) the browser gives me an error (not an unrecognized CA certificate message). Below is a snippet of some logs from APACHE_HOME/logs. Could anyone tell me what the Invalid Method Request F message means? Oh and I'm running Apache 1.3.24. mod_SSL 2.8.8, on 64bit UltraSPARC Solaris 2.8. Thanks! Logs... # pwd /usr/appl/apache/logs # tail access_log WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/apache_pb.gif HTTP/1.1 200 1806 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/openssl_ics.gif HTTP/1.1 200 2063 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/mod_ssl_sb.gif HTTP/1.1 200 2007 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] GET /manual/images/feather.jpg HTTP/1.1 200 7108 WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:08 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:19 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:44:54 -0400] F 501 - WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:45:08 -0400] F 501 - # tail error_log [Fri Jun 7 15:42:19 2002] [notice] Accept mutex: fcntl (Default: fcntl) [Mon Jun 10 10:41:12 2002] [notice] caught SIGTERM, shutting down [Mon Jun 10 10:41:45 2002] [notice] Apache/1.3.24 (Unix) PHP/4.2.0 mod_ssl/2.8.8 OpenSSL/0.9.6c configured -- resuming normal operations [Mon Jun 10 10:41:45 2002] [notice] Accept mutex: fcntl (Default: fcntl) [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:42:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:42:19 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:44:54 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F [Mon Jun 10 10:45:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid method in request F # tail ssl_engine_log [10/Jun/2002 10:41:39 14549] [info] Init: Seeding PRNG with 136 bytes of entropy [10/Jun/2002 10:41:39 14549] [info] Init: Generating temporary RSA private keys (512/1024 bits) [10/Jun/2002 10:41:45 14549] [info] Init: Configuring temporary DH parameters (512/1024 bits) [10/Jun/2002 10:41:45 14553] [info] Init: 2nd startup round (already detached) [10/Jun/2002 10:41:45 14553] [info] Init: Reinitializing OpenSSL library [10/Jun/2002 10:41:45 14553] [info] Init: Seeding PRNG with 136 bytes of entropy [10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary DH parameters (512/1024 bits) [10/Jun/2002 10:41:45 14553] [info] Init: Initializing (virtual) servers for SSL [10/Jun/2002 10:41:45 14553] [info] Init: Configuring server .lerc.nasa.gov:8443 for SSL protocol -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Testing with a dummy certificate...
I guess that makes sense. This box we're putting it on already has Tomcat and Inktomi's search engine fighting for 8080 and the surrounding ports... Not that they're any of them are difficult to change, but it presented an interesting configuration glitch when I missed that second port statement in the config. On Mon, 2002-06-10 at 12:06, Geoff Thorpe wrote: Hi there, On 10 Jun 2002, Sean M Alderman wrote: Opps...Nevermind, I just found that I had missed changing one line in the conf/httpd.conf to change the port number from 8443 to 443. Is there are a reason why the config defaults to ports 8080 and 8443 instead of 80 and 443? You can only start services on ports below 1024 if you are root. At least it's that way on respectable systems. :-) The default to 8080 and 8443 assumes that, like everything else (default index.html(s), dummy certs), it should install some kind of template installation for you to test with and change rather than trying to configure anything production-like. It also reduces the chance that it conflicts with any system-wide running web-server upon installation. Cheers, Geoff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system Windows is like naming an automobile Wheels. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]