Re: Please help with http - https redirection
So from what I'm gathering, if I have several virtual hosts defined in my httpd.conf file (Using Include) then in order to secure them via SSL, each one would have to have it's own IP address? So for example, each of these virtual host containers in each .conf file included begins with: VirtualHost 172.25.251.47 Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf Include /usr/local/apache/conf/conf.d/devl03.conf Now what I did to get the devl02 virtual host working with SSL was told it to listen on port 443, and read in all the SSL config stuff in a file I named ssl.conf like this: VirtualHost 172.25.251.47:443 IfDefine SSL Include conf/conf.d/ssl.include /IfDefine After doing that I can browse to https://devl02.mydomain.com/. -Thanks -- Original message -- From: Andrew Hougie [EMAIL PROTECTED] Do your name-based secure virtual hosts work on their own - does https://devl02.mydomain.com/ actually work - I thought name-based secure virtual hosts were impossible/difficult. I did find at http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-wi th-mod_gnutls/ an indication of a new technique for making name-based secure virtual hosts with SNI - is that what you're using? Best wishes Andrew On 16/10/2007 03:12, Bernard Barton wrote: These are name based virtual hosts. Numerous hosts, only one IP address. So each of the included .conf files below such as devl00.conf and devl01.conf begin with something like this: VirtualHost 172.35.241.47 ServerName devl02.mydomain.net ServerAdmin [EMAIL PROTECTED] LogLevel debug So I can access https://devl02.mydomain.com/ directly, but if I try and redirect from http://devl02.mydomain.com to the https URL of the same name, I get the default insecure web site, which is defined in the httpd.conf file. -Thanks Cliff Woolley wrote: Are these IP-based virtual hosts or name-based virtual hosts? See http://httpd.apache.org/docs/2.0/vhosts/name-based.html --Cliff On 10/15/07, *Bernard Barton* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org http://www.modssl.org User Support Mailing List modssl-users@modssl.org mailto:modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] -- Andrew Hougie Grinton 5 Aldenham Grove Radlett Herts WD7 7BW __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Please help with http - https redirection
In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
Are these IP-based virtual hosts or name-based virtual hosts? See http://httpd.apache.org/docs/2.0/vhosts/name-based.html --Cliff On 10/15/07, Bernard Barton [EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
These are name based virtual hosts. Numerous hosts, only one IP address. So each of the included .conf files below such as devl00.conf and devl01.conf begin with something like this: VirtualHost 172.35.241.47 ServerName devl02.mydomain.net ServerAdmin [EMAIL PROTECTED] LogLevel debug So I can access https://devl02.mydomain.com/ directly, but if I try and redirect from http://devl02.mydomain.com to the https URL of the same name, I get the default insecure web site, which is defined in the httpd.conf file. -Thanks Cliff Woolley wrote: Are these IP-based virtual hosts or name-based virtual hosts? See http://httpd.apache.org/docs/2.0/vhosts/name-based.html --Cliff On 10/15/07, *Bernard Barton* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org http://www.modssl.org User Support Mailing List modssl-users@modssl.org mailto:modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
If all you want to do is redirect / on your non-SSL Port to / on your SSL port, you could use a zero second redirect. e.g. put this in your index.html for the port 80 virtual host: meta http-equiv=refresh content=0;url=https://devl02.mydomain.com/; / And have your real content in a different document root for your port 443 virtual host. The only drawback is that it's not feasible to redirect deep links (or bookmarks) to the non-secure web server using this approach. -- Brian On 10/15/07, Bernard Barton [EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
Thanks, but I'm trying to get through this without any code changes. It's ALMOST working! But no cigar. Brian Hayward wrote: If all you want to do is redirect / on your non-SSL Port to / on your SSL port, you could use a zero second redirect. e.g. put this in your index.html for the port 80 virtual host: meta http-equiv=refresh content=0;url=https://devl02.mydomain.com/; / And have your real content in a different document root for your port 443 virtual host. The only drawback is that it's not feasible to redirect deep links (or bookmarks) to the non-secure web server using this approach. -- Brian On 10/15/07, Bernard Barton [EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
https/SSL and ProxyRemote did not work when using a reverse proxy (PLEASE HELP:)
Hello, i have nearly the same problem like nerb (http://marc.theaimsgroup.com/?l=apache-httpd-usersm=109474858416348w= 2) and fitzner (http://marc.theaimsgroup.com/?l=apache-httpd-usersm=110309511816081w= 2) have. They do not get any answer. Hope dies last:)) Therefore i hope that someone can give 'us' an answer, even if it is a no, that do not work. I'm trying to get the following szenario to work with Apache 2.0.51/OpenSSL 0.9.7d. Client --http-- Reverse Proxy --internal-- Forward Proxy (ProxyRemote) --https-- Webserver Ralf Engelschall said: when you want to forward to a HTTPS target you need HTTPS support in mod_proxy. That's only possible with mod_ssl (which enhanced mod_proxy for HTTPS). Then you can do all: Accept HTTP and HTTPS and connect to HTTP and HTTPS targets, i.e. create gateways in all combinations. Is it possible that SSL-forwarding is not working when using ProxyRemote? My logs : [Mon Dec 13 14:14:50 2004] [debug] ssl_engine_io.c(1517): OpenSSL: I/O error, 7 bytes expected to read on BIO#a55e90 [mem: a5b670] [Mon Dec 13 14:14:50 2004] [debug] ssl_engine_kernel.c(1793): OpenSSL: Exit: error in SSLv2/v3 read server hello A [Mon Dec 13 14:14:50 2004] [info] SSL Proxy connect failed [Mon Dec 13 14:14:50 2004] [info] Connection to child 1 closed with abortive shutdown(server 172.16.37.124:80, client 172.16.34.50) [Mon Dec 13 14:14:50 2004] [error] (20014)Error string not specified yet: proxy: request failed to 172.16.34.50:3128 (www-cache) My config : VirtualHost serverIP:80 ServerName intra-xy.com ServerAdmin [EMAIL PROTECTED] ProxyRequests Off ProxyRemote * http://proxyIP:3128 SSLProxyEngine on ProxyPass / https://remoteServerIP/ ProxyPassReverse / https://remoteServerIP/ /VirtualHost In a test szenario where i can reach the 'remoteServer' directly (without a proxy) it is working. Client --http-- Reverse Proxy --https-- Webserver Sh*t, that the remoteServer is only reachable via proxy :) Hope you can help me, thanks in advance, Leif __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Self-signed cert trouble - please help
Hi, I've successfully made many self-signed certificates for Apache in the past using the docs from the modssl and openssl websites. This time, I'm completely stumped and I've searched all over the Internet without finding an answer that helps. I'm getting this error message in my Apache logs: [Thu Jun 3 09:00:11 2004] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] The problem is that my cert CN is NOT identical to the CA CN and my CN DOES match the server name. I'm trying to access my site at https://www.lotspeich.org/. Here's my Apache config: VirtualHost 209.79.149.250:443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/httpd/html ServerName www.lotspeich.org ServerAlias www lotspeich.org localhost DirectoryIndex index.epl index.shtml index.html IfModule mod_ssl.c # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A test # certificate can be generated with `make certificate' under # built time. Keep in mind that if you've both a RSA and a DSA # certificate you can configure both in parallel (to also allow # the use of DSA ciphers, etc.) SSLCertificateFile /etc/httpd/conf/certs/server.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /etc/httpd/conf/certs/server.key SSLCACertificateFile /etc/httpd/conf/certs/ca.crt /IfModule /VirtualHost Here's the information about my certificate: [shrimp: /etc/httpd/conf/certs] root $ openssl x509 -noout -text -in server.crt Certificate: Data: Version: 1 (0x0) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=California, L=Sunnyvale, CN=Erik Lotspeich/[EMAIL PROTECTED] Validity Not Before: Jun 3 15:49:51 2004 GMT Not After : Jun 3 15:49:51 2005 GMT Subject: C=US, ST=California, L=Sunnyvale, CN=www.lotspeich.org/emailAddress=erik@ lotspeich.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:da:c6:4a:02:23:38:c0:ba:44:00:20:30:47:bf: 22:54:20:77:0d:a0:b7:e5:66:9b:51:04:5a:94:92: a2:dc:ed:01:b5:15:ab:7f:ca:37:f7:34:97:97:41: 08:3b:fa:3c:d4:71:c7:01:3b:1c:03:a5:4c:e6:4e: 15:42:b9:cd:cd:9c:5c:6d:75:b7:42:0c:11:3c:39: 94:b3:2a:ac:40:45:c6:c3:2b:f2:e1:4f:5c:5c:fa: e1:5e:4b:12:1a:59:cb:0f:36:ea:57:78:8a:ec:4e: 46:03:19:0b:29:71:7d:fb:f8:97:92:9c:e3:a0:fa: 69:05:02:24:a7:32:77:77:a9 Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 3b:a1:ae:b7:ac:75:8d:54:68:2e:25:03:30:af:db:26:82:33: 4c:1e:89:fb:cd:03:5f:c3:0e:0d:87:c4:c9:88:57:3a:16:b6: af:19:d9:8d:2d:89:c9:c5:40:b9:72:f3:63:44:a4:bf:10:29: 90:0b:c7:78:44:c6:73:30:b2:67:49:3b:79:a1:05:50:27:7c: I tried to follow all of the documentation for making my own CA, CSR, and signing my certificate. I used the following commands in this order: /usr/local/ssl/misc/CA.sh -newca openssl genrsa server.key 1024 openssl req -new -key server.key -out server.csr cp demoCA/cacert.pem ca.crt cp demoCA/cakey.pem ca.key /usr/src/compile/mod_ssl-2.8.18-1.3.31/pkg.contrib/sign.sh server.csr Am I missing something simple here? Any help would be greatly appreciated. My Apache server's version string is this: Apache/1.3.27 (Unix) PHP/4.3.4 mod_ssl/2.8.11 OpenSSL/0.9.6g mod_perl/1.27 I'm creating the certificates with OpenSSL 0.9.7d. Thanks in advance, Erik. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Newbie - Please help! configure mod_ssl for Apache on SCO
Please help! I've been attempting to compile mod_ssl 2.8.9 for apache 1.3.26 and keep running into either environment issues or version problems on SCO OpenServer 5.05 I need to apply a Verisign Cert on our Apache Web Server. I installed OpenSSL and was able to generate a Cert. Now I need to apply the Cert and Apache is not yet SSL enabled. Below is the ouput I get when I run configure and below that is the output of the config.log. Where am I going wrong? I would really appreciate some help with this as I am new at Unix Admin stuff. Thanks! Jim Fitzmaurice Systems Administrator Garber Travel [EMAIL PROTECTED] # ./configure --with-apache=/usr/local/lib/apache_1.3.26 --prefix=/usr/local/lib /apache Configuring mod_ssl/2.8.9 for Apache/1.3.26 + Apache location: /usr/local/lib/apache_1.3.26 (Version 1.3.26) + Auxiliary patch tool: ./etc/patch/patch (local) ./configure:Error: Building of 'patch' tool failed: - x patch/rename.c, 1323 bytes, 3 tape blocks x patch/util.c, 9365 bytes, 19 tape blocks x patch/util.h, 2325 bytes, 5 tape blocks x patch/version.c, 280 bytes, 1 tape blocks x patch/version.h, 25 bytes, 1 tape blocks creating cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... no configure: error: installation or configuration problem: C compiler cannot creat e executables. make: *** No targets specified and no makefile found. Stop. - Hint: Either try to build 'patch' under etc/patch/ Hint: manually and re-run this 'configure' script Hint: or provide us the path to your vendor 'patch' Hint: program via the --with-patch=FILE option (but Hint: expect perhaps failures when applying patches!) # cat config.log tar: blocksize = 20 x patch/.cvsignore, 62 bytes, 1 tape blocks x patch/COPYING, 17982 bytes, 36 tape blocks x patch/EXTERN.h, 133 bytes, 1 tape blocks x patch/INTERN.h, 110 bytes, 1 tape blocks x patch/Makefile.in, 755 bytes, 2 tape blocks x patch/README, 63 bytes, 1 tape blocks x patch/backupfile.c, 9814 bytes, 20 tape blocks x patch/backupfile.h, 1467 bytes, 3 tape blocks x patch/common.h, 4291 bytes, 9 tape blocks x patch/config.h.in, 2228 bytes, 5 tape blocks x patch/configure, 53417 bytes, 105 tape blocks x patch/configure.in, 420 bytes, 1 tape blocks x patch/getopt.c, 34801 bytes, 68 tape blocks x patch/getopt.h, 4651 bytes, 10 tape blocks x patch/inp.c, 9636 bytes, 19 tape blocks x patch/inp.h, 321 bytes, 1 tape blocks x patch/patch.c, 20215 bytes, 40 tape blocks x patch/patchlevel.h, 28 bytes, 1 tape blocks x patch/pch.c, 31988 bytes, 63 tape blocks x patch/pch.h, 548 bytes, 2 tape blocks x patch/rename.c, 1323 bytes, 3 tape blocks x patch/util.c, 9365 bytes, 19 tape blocks x patch/util.h, 2325 bytes, 5 tape blocks x patch/version.c, 280 bytes, 1 tape blocks x patch/version.h, 25 bytes, 1 tape blocks creating cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... no configure: error: installation or configuration problem: C compiler cannot creat e executables. make: *** No targets specified and no makefile found. Stop. My environment conatins the following: CC=gcc GCC_EXEC_PREFIX=:/usr/local/lib/gcc-lib/i386-pc-sco3.2v5.0.5/2.95.2 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Please help !!!!
Hi ! I have configured Apache 2.0.43 with mod_ssl and I have created CA and client certificates but now I cannot acces my ssl server https://myserver;. What have I made wrong? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
please help... mod_ssl seems to overwrite mod_perl and mod_perl seems to overwrite mod_ssl
Hi all, How do I get BOTH mod_perl and mod_ssl built into and working in Apache? I had mod_perl successfully built into my apache to use Authentication hook. Then I added mod_ssl in and I started to get errors from my .htaccess file Error: [Fri Nov 15 14:39:03 2002] [alert] [client 135.2.60.152] /web/content/askLucent/password-reset/cgi-bin/.htaccess: Invalid command 'PerlSetVar', perhaps mis-spelled or defined by a module not included in the server configuration Contents of .htaccess Limit GET POST AuthName NT Domain\Login and Password AuthType Basic #PerlSetVar NT_Controllers 'na02il0015dc00:na02il0015dc01' PerlSetVar NT_Controllers 'na02il0015dc04:na02il0015dc01:NA02IL0015DC02' PerlAuthenHandler Apache::AuthenN2 require valid-user /Limit so i rebuilt mod_perl back into apache and now I get errors of directives from mod_ssl in my httpd.conf file Error: 5e-cts root: /web/server/apache/1.3.22/bin/apachectl stop ; /web/server/apache/1.3.22/bin/apachectl start /web/server/apache/1.3.22/bin/apachectl stop: httpd (no pid file) not running Syntax error on line 1008 of /web/server/apache/1.3.22/conf/httpd.conf: Invalid command 'SSLRandomSeed', perhaps mis-spelled or defined by a module not included in the server configuration /web/server/apache/1.3.22/bin/apachectl start: httpd could not be started Lines from httpd.conf: SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLRandomSeed startup file:/dev/random 512 SSLRandomSeed connect file:/dev/random 512 I need to use both mod_perl and mod_ssl and it seems like keeps overwriting the other. How do I change this so I can get them built in together? Thank you Jem __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help. -- SOLUTION FOUND !
David, yes I've encountered problems with gcc when building apache as well. I don't know what the problem is I always thought it was a version issue. I use a gcc-2.8.1 package from FSF, and that works. Perhaps I should try compiling a newer version of gcc, and not use the Sunfreeware package. thanks for the research info below. Regards, Steve Romero At 08:45 AM 7/17/2002 -0700, David Loesche wrote: Building Apache with EAPI, DSO enabled, mod_ssl and mm is a very simple task. I do not know why it took so long to figure out. You simply following the instructions in the mod_ssl install documentation (or other helpful documents you can find these all over the web), and your up and running with Apache - EAPI, DSO, mod_ssl, etc. running. WRONG! Not on Solaris 8. It seems that if you build Apache on Solaris 2.6 with gcc 2.95 all is well. Simply following the instructions in the mod_ssl documentation and your done. But it's another story if you are using Solaris 8 (I am not sure about 7 or 9 - I do have time to try it on these). After many hours of frustration and numerous emails I finally decided to try every combination one-by-one to identify which one was the culprit. Initial environment: Solaris 8 Gcc 3.0.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d The only way this combination works is with -enable-rule=SHARED_CORE. This option forces Apache to export the share symbols so they are available at run time. This takes a 5% performance hit and since the previous build did not have it I assumed I was doing something wrong. So I tried every possible build configuration over and over - No change (I had to use the SHARE_CORE rule). I even tried this on Apache 2.0.39 and 1.3.20 (the previous build version here of Apache). No matter what I did I could not get it to build the same way as the previous version. More work to do... 2nd shot: Solaris 8 Gcc 2.95.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d EVENTS AND SOLUTION: Same as above. More work to do... Last shot: Solaris 8 Gcc 3.1 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d Worked just like all the documentation said it should have and everyone I contacted told me to do (which I had spend over a week reading and trying all these suggestions). As it turns out, either the build from sunfreeware.com for gcc 2.95 3.0.3 have an issue with the loader module, the building of shared libraries, or gcc has an issue. So, if any of you have to do this make sure you have gcc 3.1 or SUN's compiler (I believe SUN's works but did not try it - I guess I'm just stubborn). Later, -Original Message- From: David Loesche Sent: Monday, July 15, 2002 12:07 PM To: '[EMAIL PROTECTED]' Subject: RE: I am having a heck of a time - Please help. I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901
RE: I am having a heck of a time - Please help. -- SOLUTION FOUND !
I'm running solaris 8 and compiled apache/mod_ssl/mm/DSO with no problems *without* SHARED_CORE... I am using gcc 3.0.3. Rgds, Owen Boyle -Original Message- From: Steve Romero [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 17. Juli 2002 23:45 To: [EMAIL PROTECTED]; '[EMAIL PROTECTED]' Subject: RE: I am having a heck of a time - Please help. -- SOLUTION FOUND ! David, yes I've encountered problems with gcc when building apache as well. I don't know what the problem is I always thought it was a version issue. I use a gcc-2.8.1 package from FSF, and that works. Perhaps I should try compiling a newer version of gcc, and not use the Sunfreeware package. thanks for the research info below. Regards, Steve Romero At 08:45 AM 7/17/2002 -0700, David Loesche wrote: Building Apache with EAPI, DSO enabled, mod_ssl and mm is a very simple task. I do not know why it took so long to figure out. You simply following the instructions in the mod_ssl install documentation (or other helpful documents you can find these all over the web), and your up and running with Apache - EAPI, DSO, mod_ssl, etc. running. WRONG! Not on Solaris 8. It seems that if you build Apache on Solaris 2.6 with gcc 2.95 all is well. Simply following the instructions in the mod_ssl documentation and your done. But it's another story if you are using Solaris 8 (I am not sure about 7 or 9 - I do have time to try it on these). After many hours of frustration and numerous emails I finally decided to try every combination one-by-one to identify which one was the culprit. Initial environment: Solaris 8 Gcc 3.0.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d The only way this combination works is with -enable-rule=SHARED_CORE. This option forces Apache to export the share symbols so they are available at run time. This takes a 5% performance hit and since the previous build did not have it I assumed I was doing something wrong. So I tried every possible build configuration over and over - No change (I had to use the SHARE_CORE rule). I even tried this on Apache 2.0.39 and 1.3.20 (the previous build version here of Apache). No matter what I did I could not get it to build the same way as the previous version. More work to do... 2nd shot: Solaris 8 Gcc 2.95.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d EVENTS AND SOLUTION: Same as above. More work to do... Last shot: Solaris 8 Gcc 3.1 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d Worked just like all the documentation said it should have and everyone I contacted told me to do (which I had spend over a week reading and trying all these suggestions). As it turns out, either the build from sunfreeware.com for gcc 2.95 3.0.3 have an issue with the loader module, the building of shared libraries, or gcc has an issue. So, if any of you have to do this make sure you have gcc 3.1 or SUN's compiler (I believe SUN's works but did not try it - I guess I'm just stubborn). Later, -Original Message- From: David Loesche Sent: Monday, July 15, 2002 12:07 PM To: '[EMAIL PROTECTED]' Subject: RE: I am having a heck of a time - Please help. I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26
RE: I am having a heck of a time - Please help. -- SOLUTION FOUND!
Building Apache with EAPI, DSO enabled, mod_ssl and mm is a very simple task. I do not know why it took so long to figure out. You simply following the instructions in the mod_ssl install documentation (or other helpful documents you can find these all over the web), and your up and running with Apache - EAPI, DSO, mod_ssl, etc. running. WRONG! Not on Solaris 8. It seems that if you build Apache on Solaris 2.6 with gcc 2.95 all is well. Simply following the instructions in the mod_ssl documentation and your done. But it's another story if you are using Solaris 8 (I am not sure about 7 or 9 - I do have time to try it on these). After many hours of frustration and numerous emails I finally decided to try every combination one-by-one to identify which one was the culprit. Initial environment: Solaris 8 Gcc 3.0.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d The only way this combination works is with -enable-rule=SHARED_CORE. This option forces Apache to export the share symbols so they are available at run time. This takes a 5% performance hit and since the previous build did not have it I assumed I was doing something wrong. So I tried every possible build configuration over and over - No change (I had to use the SHARE_CORE rule). I even tried this on Apache 2.0.39 and 1.3.20 (the previous build version here of Apache). No matter what I did I could not get it to build the same way as the previous version. More work to do... 2nd shot: Solaris 8 Gcc 2.95.3 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d EVENTS AND SOLUTION: Same as above. More work to do... Last shot: Solaris 8 Gcc 3.1 Apache 1.3.26 Mod_ssl-2.8.10-1.3.26 mm-1.1.3 openssl-0.9.6d Worked just like all the documentation said it should have and everyone I contacted told me to do (which I had spend over a week reading and trying all these suggestions). As it turns out, either the build from sunfreeware.com for gcc 2.95 3.0.3 have an issue with the loader module, the building of shared libraries, or gcc has an issue. So, if any of you have to do this make sure you have gcc 3.1 or SUN's compiler (I believe SUN's works but did not try it - I guess I'm just stubborn). Later, -Original Message- From: David Loesche Sent: Monday, July 15, 2002 12:07 PM To: '[EMAIL PROTECTED]' Subject: RE: I am having a heck of a time - Please help. I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface
RE: I am having a heck of a time - Please help.
Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: I am having a heck of a time - Please help.
I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: I am having a heck of a time - Please help.
well, the LD_LIBRARY_PATH should point to all the shared libs that you'll need. Probably /usr/lib:/lib:/usr/local/lib:/usr/local/ssl/lib is a good start -g On Mon, Jul 15, 2002 at 12:07:15PM -0700, David Loesche wrote: I did read the referred document concerning the build phase. I am intrigued by the LD_LIBRARY_PATH suggestion. What would you recommend I set it to? -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 15, 2002 12:51 AM To: [EMAIL PROTECTED] Subject: RE: I am having a heck of a time - Please help. Could be to do with your version of openssl lib (check it is reasonably up to date) or with your LD_LIBRARY_PATH environment variable.. Check out http://www.delouw.ch/linux/Apache-Compile-HOWTO/html/apache.html for a good user's summary. Rgds, Owen Boyle -Original Message- From: David Loesche [mailto:[EMAIL PROTECTED]] Sent: Freitag, 12. Juli 2002 20:12 To: '[EMAIL PROTECTED]' Subject: I am having a heck of a time - Please help. I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure--prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure--with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED]Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct:(415) 901-2210 San Francisco, CA 94104 Fax: (415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Glen S Mehn Contract Systems Administrator SquareTrade, Inc [EMAIL PROTECTED]Building Trust in Transactions (sm) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
I am having a heck of a time - Please help.
I have poured through all the documentation I can find on enabling mod_ssl with Apache 1.3.26 but keep coming up short. If I static link the mod_ssl it works fine but when I try to enable DSO and use it as a shared library I keep getting ap_add_config_define : referenced symbol not found. I have the following config setup for the apache build: #!/bin/ksh SSL_BASE=/usr/local/ssl \ EAPI_MM=../mm-1.1.3 \ EAPI_MM_CORE_PATH=logs/httpd.mm \ LIBS=/usr/lib/libC.so.5 \ CFLAGS=-fPIC \ ./configure --prefix=/opt/apache \ --enable-rule=EAPI \ --enable-module=ssl \ --enable-shared=ssl \ --disable-rule=SSL_COMPAT \ --enable-rule=SSL_SDBM \ --enable-suexec \ --suexec-caller=http I have followed the instructions in the modssl install guide to patch Apache. Please verify the following build for mod_ssl: ./configure --with-apache=../apache_1.3.26 \ --with-ssl=/usr/local/ssl \ --with-mm=../mm-1.1.3 If you can help (point me to some documentation) I would be very grateful... David S. Loesche [EMAIL PROTECTED] Yipes Communications, Inc. Main: (415) 901-2000 114 Sansome Street, Suite 1045 Direct: (415) 901-2210 San Francisco, CA 94104 Fax:(415) 901-2201 http://www.yipes.com Yipes is the defining provider of fully scalable bandwidth for businesses. We offer fully managed high-speed Internet and Nationwide LAN-to-LAN services at speeds ranging from 1 Mbps to 1 Gbps, in 1 Mbps increments. Yipes delivers this uniquely flexible service over the first nationwide system of optical IP networks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
How do I extend the expiration day of the self generated CA certificate andall the certs issued by that CA. Please help
We have created our own CA certificate and signed few more certs using it. The CA is about to expire and with that all the certificates signed using it. Is there a way to extend the expiration day with out recreating the CA and reissuing the certs? Please help Thanks in advance. Ilya --- This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V. (including its group companies) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. --- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: simple name-based virtual host tutorial, PLEASE Now: please help me to better flame off-topic posters
Could someone PLEASE post a simple tutorial on flaming off-topic inappropriate posts that have nothing to do with the list topic? Haha, that was funny... You're right, I sent this by accident to 2 lists (one is this one) Sorry...i'll see that it doesn't happen again :) __ Eduardo Gomez Innerlab Productions www.innerlab.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
No longer able to access the website (htpps) Please help...
Hi I was able to get apache 1.3.17 /mod_ssl-2.8.0-1.3.17 working before the newyear. I then decided to remove the whole thing , download the latest apache_1.3.22 and mod_ssl-2.8.5-1.3.22, rebuild the apache server exactly like I did before. Now I can not access the https page, only the regular page I then revert to the old setup, Nothing work. What going on ? Here is my Profile Sun Solaris8 Server: Apache/1.3.22, Interface: mod_ssl/2.8.5, Library: OpenSSL/0.9.6c ssl_engine_log [01/Jan/2002 23:59:47 04557] [info] Connection to child 1 established (server newton.stat.ubc.ca:443, client 24.78.66.137) [01/Jan/2002 23:59:47 04557] [info] Seeding PRNG with 1160 bytes of entropy [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Handshake: start [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: before/accept initialization [01/Jan/2002 23:59:47 04557] [trace] Inter-Process Session Cache (DBM) Expiry: old: 1, new: 1, removed: 0 [01/Jan/2002 23:59:47 04557] [trace] Inter-Process Session Cache: request=GET status=FOUND id=C7E33B8644F80F0EA47BBBE5BE875306FB60A6BADA332FA42B602AF0CC31E0A6 (session reuse) [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 read client hello A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 write server hello A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 write finished A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 flush data [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Loop: SSLv3 read finished A [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Handshake: done [01/Jan/2002 23:59:47 04557] [info] Connection: Client IP: 24.78.66.137, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [01/Jan/2002 23:59:47 04557] [trace] OpenSSL: Write: SSL negotiation finished successfully [01/Jan/2002 23:59:47 04557] [info] Connection to child 1 closed with standard shutdown (server newton.stat.ubc.ca:443, client 24.78.66.137) [01/Jan/2002 23:59:48 04556] [info] Connection to child 0 established (server newton.stat.ubc.ca:443, client 24.78.66.137) [01/Jan/2002 23:59:48 04556] [info] Seeding PRNG with 1160 bytes of entropy [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Handshake: start [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: before/accept initialization [01/Jan/2002 23:59:48 04556] [trace] Inter-Process Session Cache (DBM) Expiry: old: 1, new: 1, removed: 0 [01/Jan/2002 23:59:48 04556] [trace] Inter-Process Session Cache: request=GET status=FOUND id=C7E33B8644F80F0EA47BBBE5BE875306FB60A6BADA332FA42B602AF0CC31E0A6 (session reuse) [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 read client hello A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 write server hello A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 write finished A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 flush data [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Loop: SSLv3 read finished A [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Handshake: done [01/Jan/2002 23:59:48 04556] [info] Connection: Client IP: 24.78.66.137, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [01/Jan/2002 23:59:48 04556] [trace] OpenSSL: Write: SSL negotiation finished successfully [01/Jan/2002 23:59:48 04556] [info] Connection to child 0 closed with standard shutdown (server newton.stat.ubc.ca:443, client 24.78.66.137) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
loading private key? urgent.... please help if you can
Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows)[Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows)[Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5read RSA keyunable to load keyd41d8cd98f00b204e9800998ecf8427e I get this same "unable to load key" error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt DocumentRoot /home/hosting/domain2.com/public_html ServerName domain2.com CustomLog /www/logs/domain2.com combined ErrorLog /www/logs/domain2_error_log SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Directory "/home/hosting/domain2.com/public_html/cgi-bin" SSLOptions +StdEnvVars /Directory Files ~ "\.(cgi|shtml|phtml|php3?|php|inc)$" SSLOptions +StdEnvVars /Files/VirtualHost
Re: loading private key? urgent...please help!
I'm having the same trouble, same versions of the daemons/openssl/modssl, I'm using FreeBSD ports collection to install apache/modssl, openssl comes as part of the FreeBSD install. My FreeBSD install is sync'd with the - STABLE source as of yesterday, and apache was rebuilt as such. The port i'm using is apache13-modssl. Ports collection sync'd as of today. Exact same error as you, creating my certs using the methods both the port offers and from various FAQ sites. I don't have any commercial certs to test with. I have no clue on a solution, and web searches have turned up nothing. Just wanted to post so people (and you) knew it was not just a problem that you experienced, I am also experiencing it as well. Cheers. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: loading private key? urgent...please help!
I got this fixed by re-installing OpenSSL from ports, then apache-modssl from ports. I also re-generated the keys/csr's and purchased new certificates from www.freessl.com (geotrust's quickssl $99). -Mike - Original Message - From: David Orman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 19, 2001 10:15 AM Subject: Re: loading private key? urgent...please help! I'm having the same trouble, same versions of the daemons/openssl/modssl, I'm using FreeBSD ports collection to install apache/modssl, openssl comes as part of the FreeBSD install. My FreeBSD install is sync'd with the - STABLE source as of yesterday, and apache was rebuilt as such. The port i'm using is apache13-modssl. Ports collection sync'd as of today. Exact same error as you, creating my certs using the methods both the port offers and from various FAQ sites. I don't have any commercial certs to test with. I have no clue on a solution, and web searches have turned up nothing. Just wanted to post so people (and you) knew it was not just a problem that you experienced, I am also experiencing it as well. Cheers. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Please help - startssl fails due to errors
[Thu Dec 20 16:48:20 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows)[Thu Dec 20 16:48:20 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long That is from my error_log. Any ideas how to fix this? -MK
Re: loading private key? urgent...please help!
Mike K wrote: Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. You weren't trying to run two Name-based Virtual Hosts under SSL by any chance? If you were, that doesn't work: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 routines:X509_check_private_key:key values mismatch routines:ASN1_get_object:header too long unable to load key This looks like your key files are corrupted. No idea how this could happen. Did you have commercial certificates or self-signed? If self-signed, better make new ones with your most recent openssl distro. NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 This won't work - if the second VH tries to use the same IP address (your post is a bit ambiguous on this point, you did mention changing IPs). Assuming you have re-installed apache, mod_ssl and openssl at the latest versions, you should be able to make certificates that will work. If not, please post the version numbers you are actually using along with OS details and confirm/refute the point about NBVHs. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: loading private key? urgent...please help!
No, I wasn't trying to run name-based virtual hosts with SSL but rather IP-Based virtual hosts... One key is from Thawte, the other from Geotrust... As my last post to the list showed, I tried creating and reading a brand new key which again failed. I am trying this using OpenSSL 0.9.6b, modssl 2.8.5, apache 1.3.22 on FreeBSD 3.4-RELEASE Any further help is greatly appreciated! -Mike PS: As a side note, I received a private mail suggesting I reinstall apache+openssl+modssl+php does anyone have a howto that is recent on this? the ones I found weren't all that recent Thanks - Original Message - From: Owen Boyle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 19, 2001 12:34 AM Subject: Re: loading private key? urgent...please help! Mike K wrote: Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. You weren't trying to run two Name-based Virtual Hosts under SSL by any chance? If you were, that doesn't work: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 routines:X509_check_private_key:key values mismatch routines:ASN1_get_object:header too long unable to load key This looks like your key files are corrupted. No idea how this could happen. Did you have commercial certificates or self-signed? If self-signed, better make new ones with your most recent openssl distro. NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 This won't work - if the second VH tries to use the same IP address (your post is a bit ambiguous on this point, you did mention changing IPs). Assuming you have re-installed apache, mod_ssl and openssl at the latest versions, you should be able to make certificates that will work. If not, please post the version numbers you are actually using along with OS details and confirm/refute the point about NBVHs. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
loading private key? urgent...please help!
Hi all... Before upgrading, one of my virtual domains (ip based) had SSL setup and was working fine. The second domain did not work. The error was odd according to people in IRC support channels, and I was told to upgrade to all of the latest versions. I did that. Now when I try to run startssl, I get errors on BOTH virtual domains. The domain that had once worked produces these errors: [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: (.com:443) Unable to configure RSA server private key (OpenSSL library error follows) [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch The domain2, that I couldn't get to work before the upgrade, produces these errors: [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows) [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long - For domain1, I tried to check the md5's of each of the key and crt... The md5 for the crt shows up fine. When I try to get the md5 for the .key, I get this error: # openssl rsa -noout -modulus -in server.key | openssl md5 read RSA key unable to load key d41d8cd98f00b204e9800998ecf8427e I get this same unable to load key error for any key I try to get the md5 checksum for Any help in getting both of my virtual domain's (the two that need SSL) working is greatly appreciated. Thanks. -Mike PS: Here is the Virtual Server entry from httpd.conf for domain2... domain1 has the exact same (but updated ip and paths) NamevirtualHost xxx.xxx.xxx.44:443 VirtualHost xxx.xxx.xxx.44:443 SSLEngine On SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateKeyFile /www/conf/ssl.key/domain2_server.key SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt DocumentRoot /home/hosting/domain2.com/public_html ServerName domain2.com CustomLog /www/logs/domain2.com combined ErrorLog /www/logs/domain2_error_log SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Directory /home/hosting/domain2.com/public_html/cgi-bin SSLOptions +StdEnvVars /Directory Files ~ \.(cgi|shtml|phtml|php3?|php|inc)$ SSLOptions +StdEnvVars /Files /VirtualHost __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Please help me to find some solution
Hi, I have some trouble to find how to set up client authentication using general certificate like VeriSign. I tried to do something, but it does not work. I just got the same error message like "No CAs known to server for verification?" in server log. I think it should be configuration problem of certificate. If you can give me any informaiton, I will appreciate that pretty much. Thanks, Wolffe Song __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Please help: compile mod_ssl-2.7.1-1.3.14 on NT
all, I am compiling mod_ssl 2.7.1 with apache 1.3.14 on NT4.0 with vc++ 6.0. First, I did compile and install openSSL-0.9.6 successfully. Second, I run this command: configure.bat --with-apache=..\apache_1.3.14 --with-ssl=d:\openssl result seems to be ok . at the end of email is a typical section that looks suspecious. Third, i run nmake /f Makefile.win from apache1.3.14\src directory it seems to have no errors only a few warning. it ends after compile modules\proxy. doesn't seems to compile modules\ssl. so i went to modules\ssl directory and manually run nmake /f Makefile then i got this error: NMAKE : fatal error U1073: don't know how to make 'ssl_engine_scache.obj' I am really stuck now. Why it is so diffcult to compile apache on NT ? any hint on how to get this accomplish is really appreciated, thanks, jason configure mod_ssl output: Patching file src/include\http_conf_globals.h using Plan B... Hunk #1 succeeded at 91. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -- | |+-- - || Export the ap_set_callback_and_alarm() function because this || first is a useful thing and second we need it because all || other API/timeout functions deal with a request_rec while || some modules need a generic timeout mechanism. |+-- - |Index: src/include/http_main.h |--- src/include/http_main.h2000/10/12 08:17:34 1.1.1.4 |+++ src/include/http_main.h2000/10/12 08:31:47 1.4 -- Patching file src/include\http_main.h using Plan B... Hunk #1 succeeded at 124. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -- | |+-- - || First add support for the HTTPS protocol scheme via hooks, || second add the additional context variable `ctx' for the || conn_rec, server_rec and request_rec structures. And third || add a prototype for the additional ap_add_config_define() || function. |+-- - |Index: src/include/httpd.h |--- src/include/httpd.h2000/10/12 08:17:34 1.1.1.11 |+++ src/include/httpd.h2000/10/12 08:31:47 1.20 -- Patching file src/include\httpd.h using Plan B... __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please help: compile mod_ssl-2.7.1-1.3.14 on NT
Jason Xue wrote: Third, i run nmake /f Makefile.win from apache1.3.14\src directory it seems to have no errors only a few warning. it ends after compile modules\proxy. doesn't seems to compile modules\ssl. For some reason Makefile.win (or one of the underlying) isn't properly updated by configure.bat. I had to manually add an entry to make it compile mod_ssl so i went to modules\ssl directory and manually run nmake /f Makefile then i got this error: NMAKE : fatal error U1073: don't know how to make 'ssl_engine_scache.obj' It appears that the make file is out of sync with the code files. I had to change part of it to the following: # mod_ssl object files OBJS=\ mod_ssl.obj\ ssl_engine_config.obj\ ssl_engine_compat.obj\ ssl_engine_ds.obj\ ssl_engine_dh.obj\ ssl_engine_init.obj\ ssl_engine_kernel.obj\ ssl_engine_rand.obj\ ssl_engine_io.obj\ ssl_engine_log.obj\ ssl_engine_mutex.obj\ ssl_engine_pphrase.obj\ ssl_engine_vars.obj\ ssl_engine_ext.obj\ ssl_scache.obj\ ssl_scache_dbm.obj\ ssl_scache_shmcb.obj\ ssl_scache_shmht.obj\ ssl_expr.obj\ ssl_expr_scan.obj\ ssl_expr_parse.obj\ ssl_expr_eval.obj\ ssl_util.obj\ ssl_util_ssl.obj\ ssl_util_sdbm.obj\ ssl_util_table.obj Regards, Jan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
Rick, Did you try stopping with apachectl stop and restarting with the command apachectl startssl? - Original Message - From: "Rick I Dunetz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 12:14 PM Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Please Help
It's a little hard to help without a little detail. In what way is it not working? Does the server respond to your HTTPS requests with anything at all? Are there any entries in the SSL logs that indicate (first) that a request has been received and (second) what it may have done with the request. Double check your ports. Is SSL enabled on the port you're attempting to use? (PLEASE don't try to use multiple name-based VirtuaHosts with SSL!) Your logs really are the first place to look for answers. -Original Message- From: Rick I Dunetz [mailto:[EMAIL PROTECTED]] Sent: September 27, 2000 10:15 AM To: [EMAIL PROTECTED] Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
My server has not responded to any HTTPS commands. I haven't checked the SSL logs. I am using port 443 and I am only have 1 virtual host..for now. Rick "Hansknecht, Deborah A" wrote: It's a little hard to help without a little detail. In what way is it not working? Does the server respond to your HTTPS requests with anything at all? Are there any entries in the SSL logs that indicate (first) that a request has been received and (second) what it may have done with the request. Double check your ports. Is SSL enabled on the port you're attempting to use? (PLEASE don't try to use multiple name-based VirtuaHosts with SSL!) Your logs really are the first place to look for answers. -Original Message- From: Rick I Dunetz [mailto:[EMAIL PROTECTED]] Sent: September 27, 2000 10:15 AM To: [EMAIL PROTECTED] Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
I started the server correctly...when I start the server it asks me for a passphrase after I type it in is says OK, but it doesn't go back to the prompt. Rick Geoff Gilbert wrote: Rick, Did you try stopping with apachectl stop and restarting with the command apachectl startssl? - Original Message - From: "Rick I Dunetz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 12:14 PM Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
You definitely need to check the ssl logs. In particular, I strongly recommend that you use debug mode for the ssl logs in your httpd.conf file. Be sure you restart the server after you make these changes. Lorrayne Rick I Dunetz wrote: I started the server correctly...when I start the server it asks me for a passphrase after I type it in is says OK, but it doesn't go back to the prompt. Rick Geoff Gilbert wrote: Rick, Did you try stopping with apachectl stop and restarting with the command apachectl startssl? - Original Message - From: "Rick I Dunetz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 12:14 PM Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert Rick I Dunetz wrote: Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Please Help
If you are using Apache/NT, I suspect that you have encountered the "famous" double prompt problem. I posted some patches for this some time ago which can be found on the archives of this list. To get around the problem do one of the following: a) run Apache with a -X parameter b) type the passphrase "blind" a send time when it appears hung c) decrypt your key file so that no passphrase is required -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rick I Dunetz Sent: Wednesday, September 27, 2000 12:51 PM To: [EMAIL PROTECTED] Subject: Re: Please Help I started the server correctly...when I start the server it asks me for a passphrase after I type it in is says OK, but it doesn't go back to the prompt. Rick Geoff Gilbert wrote: Rick, Did you try stopping with apachectl stop and restarting with the command apachectl startssl? - Original Message - From: "Rick I Dunetz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 12:14 PM Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert Rick I Dunetz wrote: Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
How do you do this? Rick "Schaefer,Lorrayne J." wrote: You definitely need to check the ssl logs. In particular, I strongly recommend that you use debug mode for the ssl logs in your httpd.conf file. Be sure you restart the server after you make these changes. Lorrayne Rick I Dunetz wrote: I started the server correctly...when I start the server it asks me for a passphrase after I type it in is says OK, but it doesn't go back to the prompt. Rick Geoff Gilbert wrote: Rick, Did you try stopping with apachectl stop and restarting with the command apachectl startssl? - Original Message - From: "Rick I Dunetz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 12:14 PM Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
I not running in NT..Debian 2.2 Rick Kirk Benson wrote: If you are using Apache/NT, I suspect that you have encountered the "famous" double prompt problem. I posted some patches for this some time ago which can be found on the archives of this list. To get around the problem do one of the following: a) run Apache with a -X parameter b) type the passphrase "blind" a send time when it appears hung c) decrypt your key file so that no passphrase is required -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rick I Dunetz Sent: Wednesday, September 27, 2000 12:51 PM To: [EMAIL PROTECTED] Subject: Re: Please Help I started the server correctly...when I start the server it asks me for a passphrase after I type it in is says OK, but it doesn't go back to the prompt. Rick Geoff Gilbert wrote: Rick, Did you try stopping with apachectl stop and restarting with the command apachectl startssl? - Original Message - From: "Rick I Dunetz" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 27, 2000 12:14 PM Subject: Please Help Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
No sweat, Rick. As Lorrayne stated earlier check all logs. If you installed a standard apache from source...then you should look in /usr/local/apache/logs for the following files (or on debian logs may be in /var/log): error_log - apache's error log ssl_engine_log - ssl engine error log To specify "debug" for your apache (which is helpful, too!), edit your httpd.conf. You should already have a LogLevel entry like this: LogLevel info Simply change "info" to "debug". To specify "debug" for SSL, do the same...change SSLLogLevel from "info" to "debug". Now, save and exit httpd.conf and restart apache. I am curious, when you compiled apache w/mod_ssl, did you experience any compile probs? What were your compile settings? Rick I Dunetz wrote: Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
The compilation was smooth as silk...everything went as planned. The only thing I didn't do was add the RSA module...I didn't think it was necessary. Besides that I had no problems. What is supposed to happen in Debug mode? Thanks Rick "Robert L. Yelvington" wrote: No sweat, Rick. As Lorrayne stated earlier check all logs. If you installed a standard apache from source...then you should look in /usr/local/apache/logs for the following files (or on debian logs may be in /var/log): error_log - apache's error log ssl_engine_log - ssl engine error log To specify "debug" for your apache (which is helpful, too!), edit your httpd.conf. You should already have a LogLevel entry like this: LogLevel info Simply change "info" to "debug". To specify "debug" for SSL, do the same...change SSLLogLevel from "info" to "debug". Now, save and exit httpd.conf and restart apache. I am curious, when you compiled apache w/mod_ssl, did you experience any compile probs? What were your compile settings? Rick I Dunetz wrote: Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
What is supposed to happen when I type in ./httpd -DSSL? When I do this it ask me for my PassPhrase and after I type it in...it just hangs...it doesn't go to prompt. Is there something worng with that? Rick "Robert L. Yelvington" wrote: No sweat, Rick. As Lorrayne stated earlier check all logs. If you installed a standard apache from source...then you should look in /usr/local/apache/logs for the following files (or on debian logs may be in /var/log): error_log - apache's error log ssl_engine_log - ssl engine error log To specify "debug" for your apache (which is helpful, too!), edit your httpd.conf. You should already have a LogLevel entry like this: LogLevel info Simply change "info" to "debug". To specify "debug" for SSL, do the same...change SSLLogLevel from "info" to "debug". Now, save and exit httpd.conf and restart apache. I am curious, when you compiled apache w/mod_ssl, did you experience any compile probs? What were your compile settings? Rick I Dunetz wrote: Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Please Help
Title: I cannot help you if you are not more specific. As far as I know Apache+Mod_ssl starts a http daemon which allow you to use both. You simple have to follow the accurate documentation. If it doesn't work with your browser which error you get? Do you get an error when "http://your.domain.com or https://your.domain.com? A good troubleshooting is looking to the log files "error_log".Did you check the SSL section of your httpd.conf for correct path, certificate, etc.?Salvatore Ilardohttp://www.rokeby.com[EMAIL PROTECTED]-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of Rick I DunetzSent: Wednesday, September 27, 2000 6:20 PMTo: [EMAIL PROTECTED]Subject: Re: Please HelpSorry about that,I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machinerunning Debian 2.2 Linux. I got a book on apache that had completeinstructions on how to set up Apache and mod_ssl. I actaully FTP thepackages over and installed from scratch. Everything went smoothly and Iconfigured the server as specified. The basic web server works fine(http)...the SSL may be running, but I can't get it to work in the browser.It just times out. All I need is a way to troubleshoot this problem.I haven't looked at the log files and I don't know how to run in Debugmode...Anything you guys can give me would be terrific.I hope this is detailed enough...I don't have much more to give you.Rick"Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert Rick I Dunetz wrote: Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]--Rick DunetzDirector of Web DevelopmentTelco Exchange9900 Main StreetSuite 302Fairfax, VA 22031Ph: 703.383.1400Fax: 703.385.3788Check our article on T1 Pricing in Network World Magazine:http://www.nwfusion.com/research/2000/0508feattele.html__Apache Interface to OpenSSL (mod_ssl) www.modssl.orgUser Support Mailing List [EMAIL PROTECTED]Automated List Manager [EMAIL PROTECTED]
Re: Please Help
Please read previous messages...I have given you just about everything that I have as far as details. The biggest thing that I noticed (which is stated in a previous message), when I start the server...it asks me for my passphrase...I type in my pass phrase and then is says OK...then it just hangs. It doesn't take me back to a prompt and I have to control C to get back to the prompt. When I check whether or not the server process had been started (ps -aux)...nothing is there. I think this is the source of the problem, but I don't know how to fix it. Rick Salvo Ilardo wrote: I cannot help you if you are not more specific. As far as I know Apache+Mod_ssl starts a http daemon which allow you to use both. You simple have to follow the accurate documentation. If it doesn't work with your browser which error you get? Do you get an error when "http://your.domain.com or https://your.domain.com? A good troubleshooting is looking to the log files "error_log". Did you check the SSL section of your httpd.conf for correct path, certificate, etc.? Salvatore Ilardo http://www.rokeby.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rick I Dunetz Sent: Wednesday, September 27, 2000 6:20 PM To: [EMAIL PROTECTED] Subject: Re: Please Help Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert Rick I Dunetz wrote: Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
This is my ssl_error_log file. I took out my server name. Where it says "Wiped out the queried pass phrases from memory" I think that happened when I tried to get the prompt. When it hung after I entered my passphrase I control "C"ed to get me back to a prompt. [28/Sep/2000 11:19:57 03440] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 11:19:57 03440] [info] Init: 1st startup round (still not detached) [28/Sep/2000 11:19:57 03440] [info] Init: Initializing OpenSSL library [28/Sep/2000 11:19:57 03440] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 11:19:57 03440] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:20:10 03440] [info] Init: Wiped out the queried pass phrases from memory [28/Sep/2000 11:22:46 03442] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 11:22:46 03442] [info] Init: 1st startup round (still not detached) [28/Sep/2000 11:22:46 03442] [info] Init: Initializing OpenSSL library [28/Sep/2000 11:22:46 03442] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 11:22:46 03442] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:22:53 03442] [info] Init: Wiped out the queried pass phrases from memory [28/Sep/2000 11:26:34 03473] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 11:26:34 03473] [info] Init: 1st startup round (still not detached) [28/Sep/2000 11:26:34 03473] [info] Init: Initializing OpenSSL library [28/Sep/2000 11:26:34 03473] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 11:26:34 03473] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:26:39 03473] [info] Init: Wiped out the queried pass phrases from memory [28/Sep/2000 11:27:41 03485] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 11:27:41 03485] [info] Init: 1st startup round (still not detached) [28/Sep/2000 11:27:41 03485] [info] Init: Initializing OpenSSL library [28/Sep/2000 11:27:41 03485] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 11:27:41 03485] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:28:00 03485] [info] Init: Wiped out the queried pass phrases from memory [28/Sep/2000 11:46:02 03526] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 11:46:02 03526] [info] Init: 1st startup round (still not detached) [28/Sep/2000 11:46:02 03526] [info] Init: Initializing OpenSSL library [28/Sep/2000 11:46:02 03526] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 11:46:02 03526] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:46:09 03526] [info] Init: Wiped out the queried pass phrases from memory [28/Sep/2000 11:58:46 03541] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 11:58:46 03541] [info] Init: 1st startup round (still not detached) [28/Sep/2000 11:58:46 03541] [info] Init: Initializing OpenSSL library [28/Sep/2000 11:58:46 03541] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 11:58:46 03541] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:59:00 03541] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:59:06 03541] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:59:23 03541] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 11:59:30 03541] [info] Init: Wiped out the queried pass phrases from memory [28/Sep/2000 12:04:27 03542] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 12:04:27 03542] [info] Init: 1st startup round (still not detached) [28/Sep/2000 12:04:27 03542] [info] Init: Initializing OpenSSL library [28/Sep/2000 12:04:27 03542] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 12:04:27 03542] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 12:04:37 03542] [info] Init: Wiped out the queried pass phrases from memory [28/Sep/2000 12:04:48 03544] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6 [28/Sep/2000 12:04:48 03544] [info] Init: 1st startup round (still not detached) [28/Sep/2000 12:04:48 03544] [info] Init: Initializing OpenSSL library [28/Sep/2000 12:04:48 03544] [info] Init: Loading certificate private key of SSL-aware server www.myserver.com:443 [28/Sep/2000 12:04:48 03544] [info] Init: Requesting pass phrase via builtin terminal dialog [28/Sep/2000 12:04:51
RE: Please Help
A couple of more points to examine: a) After you enter the passphrase (and before ^C): - try "ps -eaf" from another shell to see if any subprocesses have been spawned - if so, can you attach to the server b) Are you starting the server as root? c) If you decrypt the server key, it won't need to ask for a passphrase... try that d) try the -X parameter for debug single-process -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rick I Dunetz Sent: Wednesday, September 27, 2000 3:45 PM To: [EMAIL PROTECTED] Subject: Re: Please Help Please read previous messages...I have given you just about everything that I have as far as details. The biggest thing that I noticed (which is stated in a previous message), when I start the server...it asks me for my passphrase...I type in my pass phrase and then is says OK...then it just hangs. It doesn't take me back to a prompt and I have to control C to get back to the prompt. When I check whether or not the server process had been started (ps -aux)...nothing is there. I think this is the source of the problem, but I don't know how to fix it. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
This is the only thing that looks unusual in the error.log file. [Thu Sep 28 15:15:06 2000] [error] Cannot remove module mod_ssl.c: not found in module list [Thu Sep 28 15:15:10 2000] [info] mod_unique_id: using ip addr 555.555.555.55 Rick "Robert L. Yelvington" wrote: Rick, by setting log levels to "debug", you will find that the logs will contain more verbose output regarding what is occurring (or in your case what is NOT occurring) as you start apache/ssl. Read the logs and forward their output to this list. Thanks, Rob Rick I Dunetz wrote: The compilation was smooth as silk...everything went as planned. The only thing I didn't do was add the RSA module...I didn't think it was necessary. Besides that I had no problems. What is supposed to happen in Debug mode? Thanks Rick "Robert L. Yelvington" wrote: No sweat, Rick. As Lorrayne stated earlier check all logs. If you installed a standard apache from source...then you should look in /usr/local/apache/logs for the following files (or on debian logs may be in /var/log): error_log - apache's error log ssl_engine_log - ssl engine error log To specify "debug" for your apache (which is helpful, too!), edit your httpd.conf. You should already have a LogLevel entry like this: LogLevel info Simply change "info" to "debug". To specify "debug" for SSL, do the same...change SSLLogLevel from "info" to "debug". Now, save and exit httpd.conf and restart apache. I am curious, when you compiled apache w/mod_ssl, did you experience any compile probs? What were your compile settings? Rick I Dunetz wrote: Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please Help
That looks suspiciously like an httpd.conf error, you compiled mod_ssl as a static module, right? Someone suggested this to you earlier...what is the output of "httpd -l"? Also forward your apache configure options (or include the contents of "config.status" which should be in your build directory in the body of your next email message to this list). Thanks, Rob Rick I Dunetz wrote: This is the only thing that looks unusual in the error.log file. [Thu Sep 28 15:15:06 2000] [error] Cannot remove module mod_ssl.c: not found in module list [Thu Sep 28 15:15:10 2000] [info] mod_unique_id: using ip addr 555.555.555.55 Rick "Robert L. Yelvington" wrote: Rick, by setting log levels to "debug", you will find that the logs will contain more verbose output regarding what is occurring (or in your case what is NOT occurring) as you start apache/ssl. Read the logs and forward their output to this list. Thanks, Rob Rick I Dunetz wrote: The compilation was smooth as silk...everything went as planned. The only thing I didn't do was add the RSA module...I didn't think it was necessary. Besides that I had no problems. What is supposed to happen in Debug mode? Thanks Rick "Robert L. Yelvington" wrote: No sweat, Rick. As Lorrayne stated earlier check all logs. If you installed a standard apache from source...then you should look in /usr/local/apache/logs for the following files (or on debian logs may be in /var/log): error_log - apache's error log ssl_engine_log - ssl engine error log To specify "debug" for your apache (which is helpful, too!), edit your httpd.conf. You should already have a LogLevel entry like this: LogLevel info Simply change "info" to "debug". To specify "debug" for SSL, do the same...change SSLLogLevel from "info" to "debug". Now, save and exit httpd.conf and restart apache. I am curious, when you compiled apache w/mod_ssl, did you experience any compile probs? What were your compile settings? Rick I Dunetz wrote: Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Please Help
Title: This is something that it should not to do. After the pass phrase, it should pop "OK" up and pass to root log in without stuck. It looks like it's not able to read the httpd.conf file or something is wrong on it. It's likely that the daemon will not start even if you try manually. As previously wrote an otherfriend, try manually with: 1) cp /dev/null error_log (this will clean error_log); 2) cp /dev/null access_log (this will clean access_log); 3) start apachectl startssl; 4) check with ps -aux whether the daemon starts or not; 5) check the error_log for errors. Regarding the other e-mail with your log file (ssl_engine_log), something is missing. I have Mod_ssl 2.6.3 but I bet that is almost the same this sequence. After: [28/Sep/2000 11:22:53 03442] [info] Init: Wiped out the queried pass phrases from memory SSL should generate RSA private keys and configuring DH parameters. It could be that you have made some mistakes generating your temporary keys. Check with "ca" if you are able to read it and they are corrects. In doubt, generate a new pair. I hope this helps. Salvatore Ilardohttp://www.rokeby.com[EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED]]On Behalf Of Rick I DunetzSent: Wednesday, September 27, 2000 8:45 PMTo: [EMAIL PROTECTED]Subject: Re: Please HelpPlease read previous messages...I have given you just about everythingthat I have as far as details. The biggest thing that I noticed (whichis stated in a previous message), when I start the server...it asks mefor my passphrase...I type in my pass phrase and then is says OK...thenit just hangs. It doesn't take me back to a prompt and I have tocontrol C to get back to the prompt. When I check whether or not theserver process had been started (ps -aux)...nothing is there. I thinkthis is the source of the problem, but I don't know how to fix it.RickSalvo Ilardo wrote: I cannot help you if you are not more specific. As far as I know Apache+Mod_ssl starts a http daemon which allow you to use both. You simple have to follow the accurate documentation. If it doesn't work with your browser which error you get? Do you get an error when "http://your.domain.com or https://your.domain.com? A good troubleshooting is looking to the log files "error_log". Did you check the SSL section of your httpd.conf for correct path, certificate, etc.? Salvatore Ilardo http://www.rokeby.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rick I Dunetz Sent: Wednesday, September 27, 2000 6:20 PM To: [EMAIL PROTECTED] Subject: Re: Please Help Sorry about that, I am running Apache 1.3.12...mod_ssl 2.6.6 on a pentium III 800 machine running Debian 2.2 Linux. I got a book on apache that had complete instructions on how to set up Apache and mod_ssl. I actaully FTP the packages over and installed from scratch. Everything went smoothly and I configured the server as specified. The basic web server works fine (http)...the SSL may be running, but I can't get it to work in the browser. It just times out. All I need is a way to troubleshoot this problem. I haven't looked at the log files and I don't know how to run in Debug mode... Anything you guys can give me would be terrific. I hope this is detailed enough...I don't have much more to give you. Rick "Robert L. Yelvington" wrote: Rick, please be more specific, and provide more detailed information about your situtation. Read the mail archive(MARC) to get a feeling for what information you should be providing ( http://www.modssl.org/support --marc is at the bottom of the page). Thanks, Robert Rick I Dunetz wrote: Hey Folks, I got Apache running on this sucker, but I can't seem to get mod_SSL goin'. My httpd.conf file looks great and I've started and stopped the server correctly. My certificate and key are fine. Why can't I get this bad boy going on HTTPS? Any trouble shooting techniques out there? I was very precise when I set it up...I followed the instructions to a tee...wazzup with this junx? Rick __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Rick Dunetz Director of Web Development Telco Exchange 9900 Main Street Suite 302 Fairfax, VA 22031 Ph: 703.383.1400 Fax: 703.385.3788 Check our article on T1 Pricing in Network World Magazine: http://www.nwfusion.com/research/2000/0508feattele.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]--Rick DunetzDirector of Web DevelopmentTelco Exchange9900 Main StreetSuite 302Fairfax, VA 22
Please, help me
Hello,
I installed Apache_1.3.12+OpenSSL+Mod_SSL and I add
this directive:
Directory
"/home/httpd/html/ssl"SSLVerifyClient
optionalSSLVerifyDepth1# SSLCACertificateFile
conf/ssl.crt/server.crt - it make error if
IuncommentSSLOptions +FakeBasicAuth
+StrictRequireSSLRequire %{SSL_CIPHER_USEKEYSIZE} =
128RewriteEngineonRewriteCond%{HTTPS}
!=onRewriteRule.* - [F]
Satisfyany
Orderdeny,allowDeny
from all
AuthTypebasicAuthName"BAM Software SRL -
Protected
Server"AuthUserFileconf/.htpasswdRequirevalid-user/Directory
The password for a user is not recognise
.
Where is the problem ?
Gabriel Ciuloaica
Re: Please, help me
On Wed, Aug 16, 2000 at 02:33:16PM +0300, Gabriel Ciuloaica wrote: # SSLCACertificateFile conf/ssl.crt/server.crt- it make error if I uncomment That should be something like: SSLCACertificateFile "/home/httpd/conf/ssl.crt/server.crt" change path to be correct. Also make sure that this is actually a CA certificate. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please, help me
Ok, I made this, but I still get an error: When the window Client Authentification I can't select any certificate . Try to connect to https://bam.codec.ro/ssl/download/ and you'll see what I mean. Thancks Gabriel Ciuloaica - Original Message - From: "Mads Toftum" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 16, 2000 3:09 PM Subject: Re: Please, help me On Wed, Aug 16, 2000 at 02:33:16PM +0300, Gabriel Ciuloaica wrote: # SSLCACertificateFile conf/ssl.crt/server.crt- it make error if I uncomment That should be something like: SSLCACertificateFile "/home/httpd/conf/ssl.crt/server.crt" change path to be correct. Also make sure that this is actually a CA certificate. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please, help me
On Wed, Aug 16, 2000, Gabriel Ciuloaica wrote: I made this, but I still get an error: When the window Client Authentification I can't select any certificate . Try to connect to https://bam.codec.ro/ssl/download/ and you'll see what I mean. [...] That should be something like: SSLCACertificateFile "/home/httpd/conf/ssl.crt/server.crt" change path to be correct. Also make sure that this is actually a CA certificate. Err... are you sure you really want to use the _SERVER_ certificate for authenticating your _CLIENTS_? This is certainly wrong and not what you want. The certificate you specify with SSLCACertificateFile should be a CA certificate (the one which was used when your client certs were issued!) and a server certificate (as the path ssl.crt/server.crt indicates) is usually not of this type. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Can't retrieve my web pages, please help!!
Annie: In a strange turn of events, I'm sending you a working http/https script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 9:06 AM To: [EMAIL PROTECTED] Subject: Can't retrieve my web pages, please help!! Hi, I am a student in York University. This is the first time I use mod_ssl and Apache. I've installed the mod-ssl with my Apache for my secure electronic commerce project on my own unix directory. The Apache is running on port 8000 and ssl on port 8080, since this project is for experimental use only. I can get my web pages though ordinary request by specifying the port number, but I cannot get the web pages either by specifying the "https://" or the 8080 port. I attached my httpd.conf file here. If any "experts" here know what I did wrong or miss something, please guide me, thank you very much. Sincerely, Annie application/ms-tnef
RE: Can't retrieve my web pages, please help!!
According to your httpd.conf you got port 80 and 433 running, not 8000 and 8080, use Listen for yur ports, and the directory directive to specify ssl access. A https://addr:8080/ https://addr:8080/ to a directory serving ssl should work . If you have more trouble, mail and I'll se if I can send you a httpd.conf. -Original Message- From: Rolle, Ted [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 6:33 PM To: '[EMAIL PROTECTED]' Subject:RE: Can't retrieve my web pages, please help!! File: httpd.conf Annie: In a strange turn of events, I'm sending you a working http/https script. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 12, 2000 9:06 AM To: [EMAIL PROTECTED] Subject: Can't retrieve my web pages, please help!! Hi, I am a student in York University. This is the first time I use mod_ssl and Apache. I've installed the mod-ssl with my Apache for my secure electronic commerce project on my own unix directory. The Apache is running on port 8000 and ssl on port 8080, since this project is for experimental use only. I can get my web pages though ordinary request by specifying the port number, but I cannot get the web pages either by specifying the "https://" or the 8080 port. I attached my httpd.conf file here. If any "experts" here know what I did wrong or miss something, please guide me, thank you very much. Sincerely, Annie __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Can't retrieve my web pages, please help!!
Hi, I am a student in York University. This is the first time I use mod_ssl and Apache. I've installed the mod-ssl with my Apache for my secure electronic commerce project on my own unix directory. The Apache is running on port 8000 and ssl on port 8080, since this project is for experimental use only. I can get my web pages though ordinary request by specifying the port number, but I cannot get the web pages either by specifying the "https://" or the 8080 port. I attached my httpd.conf file here. If any "experts" here know what I did wrong or miss something, please guide me, thank you very much. Sincerely, Annie ## ## httpd.conf -- Apache HTTP server configuration file ## # # Based upon the NCSA server configuration files originally by Rob McCool. # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See URL:http://www.apache.org/docs/ for detailed information about # the directives. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # After this file is processed, the server will look for and process # /home/has103/apache/conf/srm.conf and then /home/has103/apache/conf/access.conf # unless you have overridden these with ResourceConfig and/or # AccessConfig directives here. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "logs/foo.log" # with ServerRoot set to "/usr/local/apache" will be interpreted by the # server as "/usr/local/apache/logs/foo.log". # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # ServerType is either inetd, or standalone. Inetd mode is only supported on # Unix platforms. # ServerType standalone # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation # (available at URL:http://www.apache.org/docs/mod/core.html#lockfile); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # ServerRoot "/home/has103/apache" # # The LockFile directive sets the path to the lockfile used when Apache # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at # its default value. The main reason for changing it is if the logs # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL # DISK. The PID of the main server process is automatically appended to # the filename. # #LockFile /home/has103/apache/logs/httpd.lock # # PidFile: The file in which the server should record its process # identification number when it starts. # PidFile /home/has103/apache/logs/httpd.pid # # ScoreBoardFile: File used to store internal server process information. # Not all architectures require this. But if yours does (you'll know because # this file will be created when you run Apache) then you *must* ensure that # no two invocations of Apache share the same scoreboard file. # ScoreBoardFile /home/has103/apache/logs/httpd.scoreboard # # In the standard configuration, the server will process this file, # srm.conf, and access.conf in that order. The latter two files are # now distributed empty, as it is recommended that all directives # be kept in a single file for simplicity. The commented-out values # below are the built-in defaults. You can have the server ignore # these files altogether by using "/dev/null" (for Unix) or # "nul" (for Win32) for the arguments to the directives. # #ResourceConfig conf/srm.conf #AccessConfig conf/access.conf # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off"
Re: Can't retrieve my web pages, please help!!
On Wed, Jul 12, 2000 at 11:36:19AM +0100, [EMAIL PROTECTED] wrote: Content-Description: Mail message body Hi, I am a student in York University. This is the first time I use mod_ssl and Apache. I've installed the mod-ssl with my Apache for my secure electronic commerce project on my own unix directory. The Apache is running on port 8000 and ssl on port 8080, since this project is for experimental use only. I can get my web pages though ordinary request by specifying the port number, but I cannot get the web pages either by specifying the "https://" or the 8080 port. I attached my httpd.conf file here. If any "experts" here know what I did wrong or miss something, please guide me, thank you very much. If you want the server to serve both HTTP and HTTPS, then you need to keep the virtual host that has serves HTTPS. A quick look through your httpd.conf tells me that you've been deleting too much - actually the default config should be fine, all you need to change is the port numbers. So just go back and grab the file created by the installation. Actually if you install one that's based on Apache 1.3.12, as a non-root user then it will automagically give you ports 8080 and 8443. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problem with Apache and Mod_ssl (reply to Re: Can't retrieve my web pages, please help!!)
I have the same problem, running http on port 80 for the normal page and want to run SSL on 443 for 1 subdomain. Check with curl if https works, it did: it gave the page I setup as a test. But with IE 5.0 (maybe thats wrong!) it failes. I have attached my httpd.conf, maybe you see what I am doing wrong ? I want to setup ssl for IMP webmail on webmail.bootsman.net Rest will be normal http. Hope someone can help me out. Ronald Bootsman Email [EMAIL PROTECTED] ICQ #61849337 * httpd.conf ... ... Port 80 Listen xxx.xxx.xx.xxx NameVirtualHost xxx.xxx.xx.xxx VirtualHost xxx.xxx.xx.xxx:80 SSLEngine off ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/www/public_html ServerName www.domain.com ErrorLog /var/log/domain.com-error.log CustomLog /var/log/domain.com-access_log common /VirtualHost #VirtualHost _default_:* #/VirtualHost # IfDefine SSL AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl /IfDefine IfDefine SSL VirtualHost _default_:443 # General setup for the virtual host DocumentRoot "/path/to/imp" ServerName webmail.domain.com ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/domain.com-error-ssl.log TransferLog /var/log/domain.com-transfer-ssl.log SSLEngine on etc etc __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Secure Reverse Proxy - SSL Error - Please Help
Hi there.
I'm attempting to setup a reverse proxy using OpenBSD-2.7, OpenSSL-0.9.5a,
mod_ssl-2.6.4_1.3.12, and Apache-1.3.12.
Up to this point, I've gotten the reverse proxy setup and it runs correctly
for retrieving port 80 based materials. But I cannot get Apache to launch
with SSL support.
Here is the error that I am getting from apache-rproxy.elog:
[Mon Jun 19 05:26:09 2000] [error] mod_ssl: Init:
(openliness-qa.mydomain.com:443) Unable to configure RSA server private key
(OpenSSL library error follows)
[Mon Jun 19 05:26:09 2000] [error] OpenSSL: error:0B080074::lib(11)
:func(128) :reason(116)
Can anyone help me? I have the cert for openliness-qa on the rproxy server.
Do I actually need the key as well or is the proxy becoming transparent
after the certificate has been passed from the Proxy to the client? If I'm
really curious why http will work, but attempting to start https is failing.
Here is my httpd.conf file.
##
## apache-rproxy.conf -- Apache configuration for Reverse Proxy
Usage
##
# server type
ServerType standalone
Port 80
Listen 443
MinSpareServers 2
StartServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 100
# server operation parameters
KeepAliveon
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Timeout 400
IdentityCheckoff
HostnameLookups on
# paths to runtime files
PidFile /opt/apache/logs/apache-rproxy.pid
LockFile /opt/apache/logs/apache-rproxy.lock
ErrorLog /opt/apache/logs/apache-rproxy.elog
# unused paths
ServerRoot /opt/apache
DocumentRoot /tmp
CacheRoot/tmp
TypesConfig /dev/null
AccessConfig /dev/null
ResourceConfig /dev/null
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLEngine on
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/opt/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/opt/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /opt/apache/logs/ssl_engine_log
SSLLogLevel info
SSLCertificateFile /opt/apache/conf/ssl.crt/snakeoil-rsa.crt
SSLCertificateKeyFile /opt/apache/conf/ssl.key/snakeoil-rsa.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# speed up and secure processing
Directory /
Options -FollowSymLinks -SymLinksIfOwnerMatch
AllowOverride None
/Directory
# the status page for monitoring the reverse proxy
Location /rproxy-status
SetHandler server-status
/Location
# enable the URL rewriting engine
RewriteEngineon
RewriteLogLevel 2
NameVirtualHost webhome.mydomain.com:80
NameVirtualHost openliness-qa.mydomain.com:443
VirtualHost webhome.mydomain.com:80
SSLDisable
ServerName webhome.mydomain.com
CustomLog/opt/apache/logs/apache-rproxy-wh.dlog
"%{%v/%T}t %h - %{SERVER}e URL: %U"
RewriteLog /opt/apache/logs/apache-rproxy-wh.rwlog
TransferLog /opt/apache/logs/apache-rproxy-wh.tlog
# define a rewriting map with value-lists where
# mod_rewrite randomly chooses a particular value
RewriteMap server
rnd:/opt/apache/conf/apache-rproxy-wh.conf-servers
# make sure the status page is handled locally
# and make sure no one uses our proxy except ourself
RewriteRule^/apache-rproxy-status.* - [L]
RewriteRule^(http|ftp)://.* - [F]
# now choose the possible servers for particular URL types
RewriteRule^/(.*\.(cgi|shtml))$ to://${server:dynamic}/$1
[S=1]
RewriteRule^/(.*)$ to://${server:static}/$1
# and delegate the generated URL by passing it
# through the proxy module
RewriteRule^to://([^/]+)/(.*)http://$1/$2
[E=SERVER:$1,P,L]
# and make really sure all other stuff is forbidden
# when it should survive the above rules...
RewriteRule.*- [F]
# enable the Proxy module without caching
ProxyRequestson
NoCache *
# setup URL reverse mapping for redirect reponses
ProxyPassReverse / http://webhome.mydomain.com/
/VirtualHost
VirtualHost openliness-qa.mydomain.com:443
ServerName
How can I create certificates and keys using *.bat files? Please help.
I need to be able to create keys and certificates using *.bat files? How can I do that? Derke Derek DeMoroChief Technical OfficerBallotDirect(650) 799-8490
Re: How can I create certificates and keys using *.bat files? Please help.
--- Derek DeMoro [EMAIL PROTECTED] wrote: I need to be able to create keys and certificates using *.bat files? How can I do that? Are you using OpenSSL? It has a command-line interface that can be executed from a *.bat; check out http://www.openssl.org/docs/apps/genrsa.html Paul = __ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Please help.. images not showing in SSL connection
I would try calling them in your HTML explicitly using https://yoursite/images/image.jpg rather than a relational call, like ../images/image.jpg Of course they also need to be in your apache-ssl document root. Ross Richey [EMAIL PROTECTED] Webmasterwww.arup-lab.com -Original Message- From: Luke Chiam [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 10:14 AM To: [EMAIL PROTECTED] Subject: Please help.. images not showing in SSL connection Please help.. images not showing in SSL connection, but it is ok in normal connection. Why? Thanks. Luke __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please help.. images not showing in SSL connection
Thanks Ross, I realised that I compil mod_ssl without a prefix directive which set to document roots. After recompiling... things are ok now... How I found out? First I try retrieving the image in HTTP and it work find, next I try HTTPS and it says it cannot find the image... so I write a simple script to display server environment settings and comfirmed the mis-configuration. Luke -Original Message- From: Richey, Ross [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Date: Saturday, May 13, 2000 12:07 AM Subject: RE: Please help.. images not showing in SSL connection I would try calling them in your HTML explicitly using https://yoursite/images/image.jpg rather than a relational call, like ../images/image.jpg Of course they also need to be in your apache-ssl document root. Ross Richey [EMAIL PROTECTED] Webmasterwww.arup-lab.com -Original Message- From: Luke Chiam [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 11, 2000 10:14 AM To: [EMAIL PROTECTED] Subject: Please help.. images not showing in SSL connection Please help.. images not showing in SSL connection, but it is ok in normal connection. Why? Thanks. Luke __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
please help, getting the prng not seeded error
I'm trying to install mod_ssl on Apache 1.3.12. I'm having a problem
at step 5b; when I do "make certificate" it asks me a bunch of
questions and then bombs with "prng not seeded error" (the full output
is below).
As per the faq I had created a $HOME/.rnd file in my home directory
and also in / since I'm doing this as root. I just copied my mbox
file (15190 bytes) to $HOME/.rnd. After I the ran the failing "make
certificate" the .rnd file in my home directory is changed to a binary
file, 1024 bytes in length.
I'm doing this on Solaris 2.7, sparcstation, compiling with
gcc-2.95.2.
My "configure shell script wrapper" for Apache is as follows:
CFLAGS=-O2 ; export CFLAGS
PATH=/usr/local/bin:${PATH} ; export PATH
# SYSTEM means it's already installed in /usr/local
SSL_BASE=SYSTEM ; export SSL_BASE
RSA_BASE=SYSTEM ; export RSA_BASE
sh configure \
--prefix=/grunt_a/apache \
--enable-rule=SHARED_CORE \
--enable-module=ssl \
--enable-shared=ssl \
--enable-module=so \
--enable-module=most \
--enable-shared=max
And for mod_ssl-2.6.4-1.3.12 my configure wrapper is
sh configure \
--with-apache=/grunt_a/apache/src/apache_1.3.12
For openssl-0.9.5 my wrapper is
sh config --prefix=/usr/local \
--openssldir=/usr/local/openssl \
-L/usr/local/lib \
-fPIC \
rsaref
And for rsaref I downloaded it off of some random place on the net as
per the mod_ssl instructions and compiled it using their makefile
(changing cc to gcc).
STEP 4: Enrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: y
read RSA key
writing RSA key
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:
unable to write key
4407:error:24064064:random number generator:SSLEAY_RAND_BYTES:prng not
seeded:md_rand.c:470:
mkcert.sh:Error: Failed to encrypt RSA private key
*** Error code 1
make: Fatal error: Command failed for target `certificate'
Current working directory /grunt_a/apache/src/apache_1.3.12/src
*** Error code 1
make: Fatal error: Command failed for target `certificate'
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Deperate!!! Please help!! OpenSSL handshake error...
Hi, I have a desperate question. Please help... I have a client and server written on top of OpenSSL. When I used PEM-encoded cert, etc, directly loaded from files (i.e. SSL_CTX_use_PrivateKey_file(...), etc), everything worked fine, but as soon as I switched to using DER-encoded binary data (DER-encoded certs and keys) passed to SSL_CTX_use_PrivateKey_ASN1(...), etc functions, handshake failed. I can't figure out why it's failing from the error message. It could be that the certs, etc. I'm using are not right, but I kind of doubt it. Is there a way to print out more detailed error messages? (the reason for failure) The error I got was this: = 11311:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshak ailure:E:\p3_72_logserver\strong-sentry\extsource\OpenSSL\ssl\s23_clnt.c:445: If you need more info, let me know, please. Thanks. Peter K. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please help while I still have some hair left :)
Hello everyone,
I am replying to my own question just so that if anyone else was running into
the same problem,
they know the ultimate solution. Basically the problem appeared to be not in the
mod_ssl package,
but in some strangeness in the OpenSSL 0.9.3a version. I just tried all my stuff
again with the
recently released 0.9.4 version of OpenSSL and it worked properly. So just a heads up
for everyone.
-Jeremy
Jeremy Beker wrote:
Ralf (and others),
I am still getting this problem. I don't get it. What I can't figure is
why one of the Virtual
Hosts is capable of loading it's certificate chain, but the other one isn't. They
are both loading
their CA chain from the *same* file. So I know it exists, and I know it is valid.
If it wasn't the
first one wouldn't load it.
I have tried everything again with newer versions of stuff. I am now up to
mod_ssl 2.3.10, but the
problem still persists.
I have added some debug statements as shown below to the function
ssl_init_FindCAList.
if (cpCAfile != NULL) {
sk = SSL_load_client_CA_file(cpCAfile);
if (sk==NULL)
{
ssl_log(s, SSL_LOG_TRACE,
"sk == NULL");
}
else
{
ssl_log(s, SSL_LOG_TRACE,
"sk != NULL");
}
ssl_log(s, SSL_LOG_TRACE,
"sk_X509_NAME_num(sk) = %d",sk_X509_NAME_num(sk)); /*
IMPORTANT */
for(n = 0; sk != NULL n sk_X509_NAME_num(sk); n++) {
ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s",
X509_NAME_oneline(sk_X509_NAME_value(sk, n), NULL, 0));
if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) 0)
sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n));
}
}
When I run this hacked version of the server, the value that prints out for
sk_X509_NAME_num(sk) is
0! This seems very odd to me. The file I am loading definately has data in it, and
loads
successfully for the other VHost that uses it. Why does it not load here?
Any help would be greatly appreciated.
-Jeremy
"Ralf S. Engelschall" wrote:
On Mon, Jul 12, 1999, Jeremy Beker wrote:
I am at my wits end on this one. I have been running Apache+mod_ssl
now for quite a while with no problems. The version I have been running
is Apache 1.3.6 with mod_ssl 2.2.6 as well as PHP. It has been running
flawlessly with my configuration of several IP based VHosts most of
which are running SSL alongside standard HTTP. Two of them are doing
SSL3 (client auth).
Now I recently decided to upgrade to the latest mod_ssl (2.3.5). The
compile went fine and I installed the new binary. But when I start my
server up, *ONE* (not both) of the SSL3 sites has the following error in
the log file:
[warn] Init: Ops, you want to request client authentication, but no CAs
are known for verification!? [Hint: SSLCACertificate*]
What is going on here!?!? The VirtualHost section for this server does
have a SSLCACertficateFile entry. And it worked perfectly fine for
months with mod_ssl version 2.2.6 (and still does when I put the old
binary back in). I didn't change the httpd.conf one bit.
I have tried everything I can think of. The two SSL3 VirtualHosts have
exactely the same configs (except for key files, ServerName, etc), yet
one of them doesn't work. I have swapped their position in the
httpd.conf file so order does not appear to matter.
I want to upgrade the server, but I can't do so unless all of the
VHosts work. I will be in debt to anyone who can help on this one.
This is a new consistency check. When it fails, it means that mod_ssl has not
CA certificates found. Why, that's the other question. But at least when this
check wouldn't stop your stuff might not work. Actually the check looks at the
CA list stack which was build by ssl_init_FindCAList(). So it seems this
function doesn't find anything for you. It would be fine when you can trace
down this function and find out why it doesn't why any CA certs for you.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
S/MIME Cryptographic Signature
Re: Please help.
Could you please tell me where I can get the built-in SDRM library ??? and where I can see Magnus Stenman's ANNOUNCE ? Many thanks in advance Cliff Woolley wrote: This sounds similar to a problem I had under Slackware that turned out to be DBM session cache related when using a buggy vendor DBM library. I don't know much about the RH5.2 package, but it's possible that it's using the same broken DBM library as my copy of Slackware was. (Magnus, help me out here.) You could try using the built-in SDBM library, but it'll mean recompiling... -Cliff Cliff Woolley Central Systems Software Administrator Washington and Lee University http://www.wlu.edu/~jwoolley/ Work: (540) 463-8089 Pager: (540) 462-3472 Prapan Chantavutsettee [EMAIL PROTECTED] 07/30/99 10:37AM Many thanks. But I have tried the latest version and it couldn't solve such problem. Could you please help me t solve such trouble. I also installed PHP3 and Embeded Perl with the Apache-mod_ssl. Regards, Prapan Cliff Woolley wrote: There should be a much newer version of the RPM available at http://www.modssl.org/contrib/... give that a try. See Magnus Stenman's ANNOUNCE: message from earlier today for details. (PS: the current release of mod_ssl is 2.3.10, with 2.3.11 under development I believe.) -Cliff Cliff Woolley Central Systems Software Administrator Washington and Lee University http://www.wlu.edu/~jwoolley/ Work: (540) 463-8089 Pager: (540) 462-3472 Prapan Chantavutsettee [EMAIL PROTECTED] 07/29/99 10:17AM Dear all, I have installed the RPM package apache-mod_ssl 1.3.6-2.3.0 on Linux 5.2 and it seems to work fine. But only the first connection can be achieved. If I click Reload on the browser, the error message "Network : IO Error" will appear. I have a look on the error log file "error_log" of Apache, it displayed [notice] child pid 18457 exit signal Segmentation fault (11) and the log file ssl_engine_log showed as below : [info] Connection to child 1 established (server winds.thinxshop.fr:443) I checked the connections on the server with the command, netstat, the connection wasn't closed, it was in the state TIME_WAIT, FIN_WAIT2 ... To re-establish the connection (by clicking Reload or retype the URL), I had to wait until the connection had been completely closed (the message from netstat command) or close and re-open the browser. Could you please let me know what is going on ? and what I can solve such troubles. Many thanks in advance, Regards, Prapan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please help.
On Mon, Aug 02, 1999, Prapan Chantavutsettee wrote: Could you please tell me where I can get the built-in SDRM library ??? In short: --enable-rule=SSL_SDBM In long: read the INSTALL document! Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Please help.
Dear all, I have installed the RPM package apache-mod_ssl 1.3.6-2.3.0 on Linux 5.2 and it seems to work fine. But only the first connection can be achieved. If I click Reload on the browser, the error message "Network : IO Error" will appear. I have a look on the error log file "error_log" of Apache, it displayed [notice] child pid 18457 exit signal Segmentation fault (11) and the log file ssl_engine_log showed as below : [info] Connection to child 1 established (server winds.thinxshop.fr:443) I checked the connections on the server with the command, netstat, the connection wasn't closed, it was in the state TIME_WAIT, FIN_WAIT2 ... To re-establish the connection (by clicking Reload or retype the URL), I had to wait until the connection had been completely closed (the message from netstat command) or close and re-open the browser. Could you please let me know what is going on ? and what I can solve such troubles. Many thanks in advance, Regards, Prapan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Please help while I still have some hair left :)
On Mon, Jul 12, 1999, Jeremy Beker wrote: I am at my wits end on this one. I have been running Apache+mod_ssl now for quite a while with no problems. The version I have been running is Apache 1.3.6 with mod_ssl 2.2.6 as well as PHP. It has been running flawlessly with my configuration of several IP based VHosts most of which are running SSL alongside standard HTTP. Two of them are doing SSL3 (client auth). Now I recently decided to upgrade to the latest mod_ssl (2.3.5). The compile went fine and I installed the new binary. But when I start my server up, *ONE* (not both) of the SSL3 sites has the following error in the log file: [warn] Init: Ops, you want to request client authentication, but no CAs are known for verification!? [Hint: SSLCACertificate*] What is going on here!?!? The VirtualHost section for this server does have a SSLCACertficateFile entry. And it worked perfectly fine for months with mod_ssl version 2.2.6 (and still does when I put the old binary back in). I didn't change the httpd.conf one bit. I have tried everything I can think of. The two SSL3 VirtualHosts have exactely the same configs (except for key files, ServerName, etc), yet one of them doesn't work. I have swapped their position in the httpd.conf file so order does not appear to matter. I want to upgrade the server, but I can't do so unless all of the VHosts work. I will be in debt to anyone who can help on this one. This is a new consistency check. When it fails, it means that mod_ssl has not CA certificates found. Why, that's the other question. But at least when this check wouldn't stop your stuff might not work. Actually the check looks at the CA list stack which was build by ssl_init_FindCAList(). So it seems this function doesn't find anything for you. It would be fine when you can trace down this function and find out why it doesn't why any CA certs for you. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Please help while I still have some hair left :)
Hello Everyone, I am at my wits end on this one. I have been running Apache+mod_ssl now for quite a while with no problems. The version I have been running is Apache 1.3.6 with mod_ssl 2.2.6 as well as PHP. It has been running flawlessly with my configuration of several IP based VHosts most of which are running SSL alongside standard HTTP. Two of them are doing SSL3 (client auth). Now I recently decided to upgrade to the latest mod_ssl (2.3.5). The compile went fine and I installed the new binary. But when I start my server up, *ONE* (not both) of the SSL3 sites has the following error in the log file: [warn] Init: Ops, you want to request client authentication, but no CAs are known for verification!? [Hint: SSLCACertificate*] What is going on here!?!? The VirtualHost section for this server does have a SSLCACertficateFile entry. And it worked perfectly fine for months with mod_ssl version 2.2.6 (and still does when I put the old binary back in). I didn't change the httpd.conf one bit. I have tried everything I can think of. The two SSL3 VirtualHosts have exactely the same configs (except for key files, ServerName, etc), yet one of them doesn't work. I have swapped their position in the httpd.conf file so order does not appear to matter. I want to upgrade the server, but I can't do so unless all of the VHosts work. I will be in debt to anyone who can help on this one. -Jeremy S/MIME Cryptographic Signature
Re: VERY new user...please help
Haven't tried it from the RPMs. But can tell you that if you work from the tars instead, it assembles very well on top of Red Hat 5.1, and you end up with everything in the right place without having to worry about it much. In any case, you'll be better off working from the configuration files that result from this than from the files for the version of Apache that came with 5.1 (presumably the SSL sample configuration files are in the RPM too, but it's always such a mystery where stuff ends up from those things). Again, the instructions in the tars on assembly are as clear as can be, and quite simple. I'd recommend doing it that way, and totally throwing out all the Apache stuff that came with Red Hat - Red Hat is a good OS house, and RPMs are great for OS components (most of the time) - but an application like Apache, IMHO, you're most always better off with the custom compilation/installation from the tars. \/\/ I-I I T Blauvelt [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: VERY new user...please help
Why don't you read the SSLeay instructions first? If you want to make your own certificate, you really need to know it well. That can be a starting point. If you don't want to know the details of certificate, may be you should consider getting a commercial one instead. http://cognac.epfl.ch/SIC/SL/CA/ http://www.mikom.csir.co.za/SSLeay/ These two sites has the necessary stuff to get you started. -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, November 12, 1998 1:35 PM Subject: VERY new user...please help Hello Everyone. I am a very new user of Apache and I have a ton of questions. I have just started a new job and have been tasked with getting apache-ssl up and running on a machine. The OS is Linux Redhat 5.1 and I downloaded SSLeay-0.9.0b-3.i386.rpm and apache-mod_ssl-1.3.2-2.0.12-3.i386.rpm. I used the rpm -I command to get these two packages installed and I got no errors..with the exception of having to remove and old version of apache. This gave me a new directory (one of many) /home/httpd I made a directory called /home/www/open and /home/www/secure. In the open directory I placed all of the orginal httpd files. I have nothing but a test index.html file in the secure directory so far. I modified the cnf files located in /etc/httpd/conf to reflect this change and also set up two virtual hosts..one open and one secure. The secure site defaults to the open site right now but I guess that is because I don't have the ssl set up properly yet. I don't seem to have any other problems with that part. Now I have moved on to the certificate stuff. I have been trying to follow the documentation located at http://www.engelschall.com/sw/mod_ssl/docs http://www.engelschall.com/sw/mod_ssl/docs to get through this part. I started with question 12 that says "OK, I've got my server installed and now want to create a real SSL server certificate for it. How do I do that? Was this the right place to start? Following the answer to this question I made the server.key, server.csr, ca.key and ca.crt. But where was I suppose to create these. When I try to sign the certificate I find that I had to specify the config file to use which was located in /etc/ssleay.cnf. In this file it had entries for certificate, serial, crl, private_key, And the directory structure included subdirectories named certs and private. I have a location that has these 2 subdirectories in it so I changed the dir to that location /var/sslNow, where should I create the keys and ccsr and crtstuff? Can someone please take pitty on this recent college grad and give me a hand with this. I know it will take a lot of time to help walk me through it but your help will be VERY appreciated. Thanks in advance. Salome Harrison __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
VERY new user...please help
Hello Everyone. I am a very new user of Apache and I have a ton of questions. I have just started a new job and have been tasked with getting apache-ssl up and running on a machine. The OS is Linux Redhat 5.1 and I downloaded SSLeay-0.9.0b-3.i386.rpm and apache-mod_ssl-1.3.2-2.0.12-3.i386.rpm. I used the rpm -I command to get these two packages installed and I got no errors..with the exception of having to remove and old version of apache. This gave me a new directory (one of many) /home/httpd I made a directory called /home/www/open and /home/www/secure. In the open directory I placed all of the orginal httpd files. I have nothing but a test index.html file in the secure directory so far. I modified the cnf files located in /etc/httpd/conf to reflect this change and also set up two virtual hosts..one open and one secure. The secure site defaults to the open site right now but I guess that is because I don't have the ssl set up properly yet. I don't seem to have any other problems with that part. Now I have moved on to the certificate stuff. I have been trying to follow the documentation located at http://www.engelschall.com/sw/mod_ssl/docs http://www.engelschall.com/sw/mod_ssl/docs to get through this part. I started with question 12 that says "OK, I've got my server installed and now want to create a real SSL server certificate for it. How do I do that? Was this the right place to start? Following the answer to this question I made the server.key, server.csr, ca.key and ca.crt. But where was I suppose to create these. When I try to sign the certificate I find that I had to specify the config file to use which was located in /etc/ssleay.cnf. In this file it had entries for certificate, serial, crl, private_key, And the directory structure included subdirectories named certs and private. I have a location that has these 2 subdirectories in it so I changed the dir to that location /var/sslNow, where should I create the keys and ccsr and crtstuff? Can someone please take pitty on this recent college grad and give me a hand with this. I know it will take a lot of time to help walk me through it but your help will be VERY appreciated. Thanks in advance. Salome Harrison __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
