Re: Creating client certificates ?
On Thu, Apr 04, 2002 at 01:43:05AM +0200, [EMAIL PROTECTED] wrote: > My question is: How can I create client (!) certificates for > client authentication to the server and not > server certificates ?! There is a nice example script called cca.sh in the mod_ssl tarball - as pkg.contrib/cca.sh or availabe online via cvsweb: http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.contrib/cca.sh?rev=1.6 vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problems with Client authentication and access control
Hello. I have successfuly done Client Authentication using client certificates with apache-openssl-modssl. SSLVerifyClient none SSLVerifyClient require SSLVerifyDepth 5 #SSLCACertificateFile conf/ssl.crt/ca.crt #SSLCACertificatePath conf/ssl.crt SSLOptions +FakeBasicAuth SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." and \ %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} The definition of SSLCACertificateFile and SSLCACertificatePath are above in the httpd.conf file. When i try to connect to https:/www.xxx.xx/secure the server asks for the certificate, validates it and show index.html in the secure directory. Everything seem to work fine. But when i do a http://www.xxx.xx/secure I can still see the index.html. According to my understanding the index.html in the secure directory should not be shown. Can anyone help me with this? Is there anything more i should do to prevent access from http on the secure directory? Thanx Haldor Husby. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Creating client certificates ?
[EMAIL PROTECTED] wrote: > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? Thank you Owen for your answer but you misunderstood my question. And you Maik misunderstood my question, too. I, of course, read the FAQ and all the other available docs but they say nothing about creating client (!) certificates ! The process of creating a server certificate is sufficiently documented in the FAQ and it was no problem for me to create it. My question is: How can I create client (!) certificates for client authentication to the server and not server certificates ?! Anyone ? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
WebLogic 5.1 sp11 mod_wl_ssl.so for Apache 1.3.12/mod_ssl 2.6.6 breaks SSL
We've just upgraded from service pack 8 to service pack 11 on our WL servers and installed the sp11 mod_wl_ssl.so on our Apache servers. Unfortunately, any attempts to access an SSL page that must get proxied to the Weblogic layer results in a HTTP 404 response while an SSL request for a static HTML page works fine. The interesting thing is the sp8 mod_wl_ssl.so works just fine - so that is what we are using. However, I want to resolve the issue with the sp11 mod_wl_ssl.so. Here is our configuration: All servers: SPARC/Solaris 8 with latest patch updates Apache servers: Apache 1.3.12 with mod_ssl 2.6.6 WebLogic servers: WL 5.1 service pack 11 [03/Apr/2002 16:58:42 04816] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.6, Library: OpenSSL/0.9.6c [03/Apr/2002 16:58:42 04816] [info] Init: 1st startup round (still not detached) [03/Apr/2002 16:58:42 04816] [info] Init: Initializing OpenSSL library [03/Apr/2002 16:58:42 04816] [info] Init: Loading certificate & private key of SSL-aware server www.questia.com:443 [03/Apr/2002 16:58:42 04816] [info] Init: Requesting pass phrase from dialog filter program (/u01/app/apache/bin/SSLpassword) [03/Apr/2002 16:58:42 04816] [trace] Init: (www.questia.com:443) encrypted RSA private key - pass phrase requested [03/Apr/2002 16:58:42 04816] [info] Init: Wiped out the queried pass phrases from memory [03/Apr/2002 16:58:42 04816] [info] Init: Seeding PRNG with 136 bytes of entropy [03/Apr/2002 16:58:42 04816] [info] Init: Generating temporary RSA private keys (512/1024 bits) [03/Apr/2002 16:58:44 04816] [info] Init: Configuring temporary DH parameters (512/1024 bits) [03/Apr/2002 16:58:51 04827] [info] Init: 2nd startup round (already detached) [03/Apr/2002 16:58:51 04827] [info] Init: Reinitializing OpenSSL library [03/Apr/2002 16:58:51 04827] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [03/Apr/2002 16:58:51 04827] [info] Init: Seeding PRNG with 136 bytes of entropy [03/Apr/2002 16:58:51 04827] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [03/Apr/2002 16:58:51 04827] [info] Init: Configuring temporary DH parameters (512/1024 bits) [03/Apr/2002 16:58:51 04827] [info] Init: Initializing (virtual) servers for SSL [03/Apr/2002 16:58:51 04827] [info] Init: Configuring server www.questia.com:443 for SSL protocol [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring RSA server certificate [03/Apr/2002 16:58:51 04827] [trace] Init: (www.questia.com:443) Configuring RSA server private key [03/Apr/2002 16:59:08 04849] [info] Connection to child 13 established (server www.questia.com:443, client 10.1.0.55) [03/Apr/2002 16:59:08 04849] [info] Seeding PRNG with 1160 bytes of entropy [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Handshake: start [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: before/accept initialization [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 11/11 bytes from BIO#0008ADA8 [mem: 000C89D8] (BIO dump follows) +-+ | : 80 4c 01 03 00 00 33 00-00 00 10 .L3 | +-+ [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: read 67/67 bytes from BIO#0008ADA8 [mem: 000C89E3] (BIO dump follows) +-+ | : 00 00 04 00 00 05 00 00-0a 01 00 80 07 00 c0 03 | | 0010: 00 80 00 00 09 06 00 40-00 00 64 00 00 62 00 00 ...@..d..b.. | | 0020: 03 00 00 06 02 00 80 04-00 80 00 00 13 00 00 12 | | 0030: 00 00 63 9d 06 0a c0 65-3b 74 73 a4 06 ef ef 08 ..ce;ts. | | 0040: eb d7 fa ... | +-+ [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 read client hello A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write server hello A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write certificate A [03/Apr/2002 16:59:08 04849] [trace] OpenSSL: Loop: SSLv3 write server done A [03/Apr/2002 16:59:08 04849] [debug] OpenSSL: write 835/835 bytes to BIO#0008ADA8 [mem: 000D6A00] (BIO dump follows) +-+ | : 16 03 00 00 4a 02 00 00-46 03 00 3c ab 89 3c e6 J...F..<..<. | | 0010: ee 49 7c 19 b0 2e 79 a0-b7 55 1c f8 8e 74 34 0d .I|...y..U...t4. | | 0020: cb 23 1e d1 6d 38 9f 0b-fa 50 a8 20 33 41 0e ab .#..m8...P. 3A.. | | 0030: 9b c0 3f 1d 7c 9d 5e 7f-c4 ba 1f 4e 05 61 34 13 ..?.|.^N.a4. | | 0040: e6 8c 10
Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 BINGO! :), that was it! There you have the solution : ) Some, put this in INSTALL.Win32 or in an error FAQ: "Check and delete any other/older ssleay32.dll & libleay32.dll that exist in: 1] winnt\system32 2] or any other path that exist in your %path%-varable. Simply remove the path from %path%-variable, or remove it from there. Because other/older complied dll's in tandem with newer may cause an 182 (minor) error, while starting up apache." maybe it is cygwin that puts it there ( in winnt\system32) or I did? a llonng looong time ago and forgot about it : ) *hehe* thanks, kristjan! >in Apache conf file you shoul add both, first >LoadModule ssl_module modules/mod_ssl.so >and an somewhere after that >AddModule mod_ssl.c > >but I think this error also reports when someone forget to copy the files >ssleay32.dll and libeay32.dll to WINNT\System32 > >did you do it? > >- Original Message - >From: "Danalien" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, April 03, 2002 4:51 PM >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi, >> >> I need some help, i patch, complie, and everything according to: >> http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 >> >> all goes fine fine, only get a few warnings (during the apache complie) >> >> I then go to the httpd.conf (%my_apache_ssl_root%/conf) >> >> and put this in: >> >> LoadModule ssl_module modules/mod_ssl.so >> >> >> and I get (this) when i do apache -t : >> >> C:\Program Files\Apache_SSL>apache -t >> Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: >> Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: >(182) >> Note the errors or messages above, and press the key to exit. 26... >> C:\Program Files\Apache_SSL> >> >> *thinking* *thinking*... >> >> ... then I just do a little test. >> >> remove the previos loadModule by puting a # infront (lite this): >> >> #LoadModule ssl_module modules/mod_ssl.so >> >> >> and add: >> >> AddModule mod_ssl.c >> >> >> and get : >> >> C:\Program Files\Apache_SSL>apache -t >> Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: >> Cannot add module via name 'mod_ssl.c': not in list of loaded modules >> Note the errors or messages above, and press the key to exit. 23... >> C:\Program Files\Apache_SSL> >> >> >> and do a apache -l >> where I get this: >> >> Compiled-in modules: >> http_core.c >> mod_so.c >> mod_mime.c >> mod_access.c >> mod_auth.c >> mod_negotiation.c >> mod_include.c >> mod_autoindex.c >> mod_dir.c >> mod_cgi.c >> mod_userdir.c >> mod_alias.c >> mod_env.c >> mod_log_config.c >> mod_asis.c >> mod_imap.c >> mod_actions.c >> mod_setenvif.c >> mod_isapi.c >> >> >> and my suspicions were correct, "where are/is the SSL - module(s)?" cause >it ain't in >> the compiled apache :) >> >> If some could explain/help me how to meld this SSL module into apache, it >would be great :) >> thanks. >> >> >> >> >> >> >> // with regards >> // ID :: danalien :: <[EMAIL PROTECTED]> >> >> PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 >> >> -BEGIN PGP SIGNATURE- >> Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and >its affiliated companies. >> >> iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 >> DmQQDW2F53itoAyTwCj7zlEj >> =hTM+ >> -END PGP SIGNATURE- >> >> >> __ >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org >> User Support Mailing List [EMAIL PROTECTED] >> Automated List Manager[EMAIL PROTECTED] >> >> > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] // with regards // ID :: danalien :: <[EMAIL PROTECTED]> PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKtotx6FoQlEaqKIEQIX3wCgyU0jTRFr7QDy33yCfqNi6MN+SDsAoIFh fHG20gxts/XK/YItoLuC0Q8I =1hCU -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 nope, I have no attributes on it/them. >At least on Windows NT, the .so file can not be read-only, or you get a >similar error. > >Is it possible that your file is read-only? > >Jay > > > -Original Message- > > From: Danalien [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, April 03, 2002 9:18 AM > > To: [EMAIL PROTECTED] > > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > > > Japp, allready put it here. > > > > > > > > > > >Can you go to c:/program files/apache_ssl/modules and see > > the mod_ssl.so > > >file? > > > > > >Your second test seems logical since the module wasn't loaded in the > > >LoadModule section. > > > > > >Eric > > > > > >-Original Message- > > >From: Danalien [mailto:[EMAIL PROTECTED]] > > >Sent: Wednesday, April 03, 2002 8:52 AM > > >To: [EMAIL PROTECTED] > > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > > > >Hi, > > > > > >I need some help, i patch, complie, and everything according to: > > > > > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > > > > > >all goes fine fine, only get a few warnings (during the > > apache complie) > > > > > >I then go to the httpd.conf (%my_apache_ssl_root%/conf) > > > > > >and put this in: > > > > > >LoadModule ssl_module modules/mod_ssl.so > > > > > > > > >and I get (this) when i do apache -t : > > > > > >C:\Program Files\Apache_SSL>apache -t > > >Syntax error on line 62 of c:/program > > files/apache_ssl/conf/httpd.conf: > > >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so > > into server: > > >(182) > > >Note the errors or messages above, and press the key > > to exit. 26... > > >C:\Program Files\Apache_SSL> > > > > > >*thinking* *thinking*... > > > > > >... then I just do a little test. > > > > > >remove the previos loadModule by puting a # infront (lite this): > > > > > >#LoadModule ssl_module modules/mod_ssl.so > > > > > > > > >and add: > > > > > >AddModule mod_ssl.c > > > > > > > > >and get : > > > > > >C:\Program Files\Apache_SSL>apache -t > > >Syntax error on line 110 of c:/program > > files/apache_ssl/conf/httpd.conf: > > >Cannot add module via name 'mod_ssl.c': not in list of loaded modules > > >Note the errors or messages above, and press the key > > to exit. 23... > > >C:\Program Files\Apache_SSL> > > > > > > > > >and do a apache -l > > >where I get this: > > > > > >Compiled-in modules: > > > http_core.c > > > mod_so.c > > > mod_mime.c > > > mod_access.c > > > mod_auth.c > > > mod_negotiation.c > > > mod_include.c > > > mod_autoindex.c > > > mod_dir.c > > > mod_cgi.c > > > mod_userdir.c > > > mod_alias.c > > > mod_env.c > > > mod_log_config.c > > > mod_asis.c > > > mod_imap.c > > > mod_actions.c > > > mod_setenvif.c > > > mod_isapi.c > > > > > > > > >and my suspicions were correct, "where are/is the SSL - > > module(s)?" cause it > > >ain't in > > >the compiled apache :) > > > > > >If some could explain/help me how to meld this SSL module > > into apache, it > > >would be great :) > > >thanks. > > > > > > > > > > > > > > > > > > > > >// with regards > > >// ID :: danalien :: <[EMAIL PROTECTED]> > > > > > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > > > > > > > >_ > > _ > > >Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager[EMAIL PROTECTED] > > > >__ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager[EMAIL PROTECTED] > > > > > >// with regards >// ID :: danalien :: <[EMAIL PROTECTED]> > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > >At least on Windows NT, the .so file can not be read-only, or you get a >similar error. > >Is it possible that your file is read-only? > >Jay > > > -Original Message- > > From: Danalien [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, April 03, 2002 9:18 AM > > To: [EMAIL PROTECTED] > > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > > > Japp, allready put it here. > > > > > > > > > > >Can you go to c:/program files/apache_ssl/modules and see > > the mod_ssl.so > > >file? > > > > > >Your second test seems logical since the module wasn't loaded in the > > >LoadModule section. > > > > > >Eric > > > > > >-Original Message- > > >From: Danalien [mailto:[EMAIL PROTECTED]] > > >Sent: Wednesday, April 03, 2002 8:52 AM > > >To: [EMAIL PROTECTED] > > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > > > >
RE: SSL cache issue
Shiraz, Fundamentally, the url's resolve the same. With JSP some URLs resolve at the Browser, and some URL's resolve on the JSP server. However, just like someone can "hardcode" HTTP into the HREF for static content, so can JSP developers generate HTTP references dynamically when thay might need to generate HTTPS. A lot depends on how the JSP is coded and how the JSP/Servlet engine is connected to Apache. For example, I've seen one installation where mod_proxy was used to switch from https in apache to redirect http to a jsp server. Since this was using a RESIN JSP engine getting this installation switched to using mod_caucho instead of mod_proxy resolved the JSP logic that was trying to detect HTTP/HTTPS protocol. In your example Page A has a link to dynamic.jsp. If possible, you should use your browser to "view" source on the output of dynamic.jsp. In reviewing the source at the browser any "HTTP" links will cause a security warning message. In addition, I have found it necessary to review the actual JSP source. Some JSP's will resolve URLs on the server and get page not found errors on the server. An example could be Server side URL reference with HTTP that needs to be HTTPS. David -Original Message- From: Shiraz Esat [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 2:03 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL cache issue David and others, Why would a JSP (or PHP, or any dynamically created page) resolve their URL differently from a 'static' page? If page A, static.html, has a hyperlink to page B, another_static.html, no probs occur. BUT, if page A has a link to dynamic.jsp (as a GET: href=dynamic.jsp?some_id=12), *sometimes* a page not found error appears (or a security warning message). Sorry for my ignorance, Shiraz -Original Message- From: David Marshall [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 7:38 PM To: '[EMAIL PROTECTED]' Subject:RE: SSL cache issue Make sure that the "JSPs" in question are resolving their url's with the right protocol HTTPS/HTTP when appropriate. The JSPs may be trying to GET/POST with HTTP when they need to use HTTPS. Since you are using Apache and RESIN. I would assume that you are using the mod_caucho plug-in for Apache. David Marshall -Original Message- From: Shiraz Esat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 1:10 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -Original Message- From: Terry Ziemniak [SMTP:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 9:31 PM To: '[EMAIL PROTECTED]' Subject:SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT2.htm >> __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
in Apache conf file you shoul add both, first LoadModule ssl_module modules/mod_ssl.so and an somewhere after that AddModule mod_ssl.c but I think this error also reports when someone forget to copy the files ssleay32.dll and libeay32.dll to WINNT\System32 did you do it? - Original Message - From: "Danalien" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 4:51 PM Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > > I need some help, i patch, complie, and everything according to: > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > > all goes fine fine, only get a few warnings (during the apache complie) > > I then go to the httpd.conf (%my_apache_ssl_root%/conf) > > and put this in: > > LoadModule ssl_module modules/mod_ssl.so > > > and I get (this) when i do apache -t : > > C:\Program Files\Apache_SSL>apache -t > Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: > Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: (182) > Note the errors or messages above, and press the key to exit. 26... > C:\Program Files\Apache_SSL> > > *thinking* *thinking*... > > ... then I just do a little test. > > remove the previos loadModule by puting a # infront (lite this): > > #LoadModule ssl_module modules/mod_ssl.so > > > and add: > > AddModule mod_ssl.c > > > and get : > > C:\Program Files\Apache_SSL>apache -t > Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: > Cannot add module via name 'mod_ssl.c': not in list of loaded modules > Note the errors or messages above, and press the key to exit. 23... > C:\Program Files\Apache_SSL> > > > and do a apache -l > where I get this: > > Compiled-in modules: > http_core.c > mod_so.c > mod_mime.c > mod_access.c > mod_auth.c > mod_negotiation.c > mod_include.c > mod_autoindex.c > mod_dir.c > mod_cgi.c > mod_userdir.c > mod_alias.c > mod_env.c > mod_log_config.c > mod_asis.c > mod_imap.c > mod_actions.c > mod_setenvif.c > mod_isapi.c > > > and my suspicions were correct, "where are/is the SSL - module(s)?" cause it ain't in > the compiled apache :) > > If some could explain/help me how to meld this SSL module into apache, it would be great :) > thanks. > > > > > > > // with regards > // ID :: danalien :: <[EMAIL PROTECTED]> > > PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > -BEGIN PGP SIGNATURE- > Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. > > iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 > DmQQDW2F53itoAyTwCj7zlEj > =hTM+ > -END PGP SIGNATURE- > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL cache issue
Yes I've had this problem. One make sure a generate your OWN certificate and not one that comes with OpenSSL or distributions and add this to your SSL VirtualHost SSLProtocol -all +SSLv2 This should get rid of this problem. As I'm guessing that you have have had the same problem I have. This seemed to have fixed the problem. I think there is a problem with IE and OpenSSL using SSLv3 with an uncertified SSL certificate. Let me know if this has fixed your problem. Jeremy Walton DICE Corporation -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shiraz Esat Sent: Wednesday, April 03, 2002 4:50 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL cache issue Jeremy et al, Server-side: Linux, Apache 1.3.20, mod_ssl 2.8.4, OpenSSL 0.9.6b, PHP 4.1.2. Client-side: Win2000, IE5.5. Surely this is a server-side problem? Or, at least, surely there must be a 'fix' server-side? After all, do we need to tell all site-visitors to fix their browsers? Thanks in advance, Shiraz -Original Message- From: Jeremy Walton [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 10:00 PM To: [EMAIL PROTECTED] Subject:RE: SSL cache issue Actually I've had this problem. I may have the solution for you if you can tell me what OS your running the client from and what browser. Jeremy Walton DICE Corporation -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shiraz Esat Sent: Tuesday, April 02, 2002 4:10 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -Original Message- From: Terry Ziemniak [SMTP:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 9:31 PM To: '[EMAIL PROTECTED]' Subject:SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT2.htm >> __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
At least on Windows NT, the .so file can not be read-only, or you get a similar error. Is it possible that your file is read-only? Jay > -Original Message- > From: Danalien [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 03, 2002 9:18 AM > To: [EMAIL PROTECTED] > Subject: RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Japp, allready put it here. > > > > > >Can you go to c:/program files/apache_ssl/modules and see > the mod_ssl.so > >file? > > > >Your second test seems logical since the module wasn't loaded in the > >LoadModule section. > > > >Eric > > > >-Original Message- > >From: Danalien [mailto:[EMAIL PROTECTED]] > >Sent: Wednesday, April 03, 2002 8:52 AM > >To: [EMAIL PROTECTED] > >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > > > > >Hi, > > > >I need some help, i patch, complie, and everything according to: > > > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > > > >all goes fine fine, only get a few warnings (during the > apache complie) > > > >I then go to the httpd.conf (%my_apache_ssl_root%/conf) > > > >and put this in: > > > >LoadModule ssl_module modules/mod_ssl.so > > > > > >and I get (this) when i do apache -t : > > > >C:\Program Files\Apache_SSL>apache -t > >Syntax error on line 62 of c:/program > files/apache_ssl/conf/httpd.conf: > >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so > into server: > >(182) > >Note the errors or messages above, and press the key > to exit. 26... > >C:\Program Files\Apache_SSL> > > > >*thinking* *thinking*... > > > >... then I just do a little test. > > > >remove the previos loadModule by puting a # infront (lite this): > > > >#LoadModule ssl_module modules/mod_ssl.so > > > > > >and add: > > > >AddModule mod_ssl.c > > > > > >and get : > > > >C:\Program Files\Apache_SSL>apache -t > >Syntax error on line 110 of c:/program > files/apache_ssl/conf/httpd.conf: > >Cannot add module via name 'mod_ssl.c': not in list of loaded modules > >Note the errors or messages above, and press the key > to exit. 23... > >C:\Program Files\Apache_SSL> > > > > > >and do a apache -l > >where I get this: > > > >Compiled-in modules: > > http_core.c > > mod_so.c > > mod_mime.c > > mod_access.c > > mod_auth.c > > mod_negotiation.c > > mod_include.c > > mod_autoindex.c > > mod_dir.c > > mod_cgi.c > > mod_userdir.c > > mod_alias.c > > mod_env.c > > mod_log_config.c > > mod_asis.c > > mod_imap.c > > mod_actions.c > > mod_setenvif.c > > mod_isapi.c > > > > > >and my suspicions were correct, "where are/is the SSL - > module(s)?" cause it > >ain't in > >the compiled apache :) > > > >If some could explain/help me how to meld this SSL module > into apache, it > >would be great :) > >thanks. > > > > > > > > > > > > > >// with regards > >// ID :: danalien :: <[EMAIL PROTECTED]> > > > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > > > > >_ > _ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] // with regards // ID :: danalien :: <[EMAIL PROTECTED]> PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsO/x6FoQlEaqKIEQIOiACdFE57iQebkBg6r1wIbjJf4TOWDYIAoKwY o1SRuk++dFNMuY/7MNbsgYT5 =Z7o4 -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL cache issue
David and others, Why would a JSP (or PHP, or any dynamically created page) resolve their URL differently from a 'static' page? If page A, static.html, has a hyperlink to page B, another_static.html, no probs occur. BUT, if page A has a link to dynamic.jsp (as a GET: href=dynamic.jsp?some_id=12), *sometimes* a page not found error appears (or a security warning message). Sorry for my ignorance, Shiraz -Original Message- From: David Marshall [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 7:38 PM To: '[EMAIL PROTECTED]' Subject:RE: SSL cache issue Make sure that the "JSPs" in question are resolving their url's with the right protocol HTTPS/HTTP when appropriate. The JSPs may be trying to GET/POST with HTTP when they need to use HTTPS. Since you are using Apache and RESIN. I would assume that you are using the mod_caucho plug-in for Apache. David Marshall -Original Message- From: Shiraz Esat [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 1:10 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -Original Message- From: Terry Ziemniak [SMTP:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 9:31 PM To: '[EMAIL PROTECTED]' Subject:SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT2.htm >> __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL cache issue
Jeremy et al, Server-side: Linux, Apache 1.3.20, mod_ssl 2.8.4, OpenSSL 0.9.6b, PHP 4.1.2. Client-side: Win2000, IE5.5. Surely this is a server-side problem? Or, at least, surely there must be a 'fix' server-side? After all, do we need to tell all site-visitors to fix their browsers? Thanks in advance, Shiraz -Original Message- From: Jeremy Walton [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 10:00 PM To: [EMAIL PROTECTED] Subject:RE: SSL cache issue Actually I've had this problem. I may have the solution for you if you can tell me what OS your running the client from and what browser. Jeremy Walton DICE Corporation -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shiraz Esat Sent: Tuesday, April 02, 2002 4:10 AM To: '[EMAIL PROTECTED]' Subject: RE: SSL cache issue Terry, If anyone passes you a solution, can you please pass it on to me as well, as I have the same problem :( [Only difference, though, is that I'm using PHP generated pages] Thanks in advance Shiraz -Original Message- From: Terry Ziemniak [SMTP:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 9:31 PM To: '[EMAIL PROTECTED]' Subject:SSL cache issue I am getting 'page not found errors' the first time I access certain JSP pages (though there are others that always work). If I refresh the page displays correctly. Notes: 1. This only happens over HTTPS, never over HTTP 2. Netscape (v 4.2) displayed the error "Data Missing. This document resulted from a POST operation and has expired from the cache. If you wish you can repost the form data to create the document by pressing the reload button." 3. Apache's access.log seems to validate point 2. The last line before an error is a POST. The retry shows a POST followed shortly by anther GET and POST of the same JSP. 4. I have not yet been able to exactly describe 'First time'. General rule of them, if I repeat the process within 15 minutes it seems OK. If I wait an hour it should fail. Though quantifying that has not been my highest priority. 5. I am running Apache_1.3.20-Mod_SSL_2.8.4-OpenSSL_0.9.6a-WIN32 and Resin 1.2.8. Any help would be appreciated. Terry Ziemniak << File: ATT2.htm >> __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: Creating client certificates ?
you are not right. there are lot of resources. you should look here: http://www.modssl.org/docs/2.8/ssl_faq.html mit freundlichem Gruß / best regards Maik Hertha -- h+h EBSP Anwenderbetreuung, +49 5361 9-74950 Volkswagen AG / Brieffach 1721 / D-38436 Wolfsburg http://ebsp.wob.vw.de [EMAIL PROTECTED] -- hartmann+hertha it (beratung / entwicklung / support) http://www.hartmann-hertha.de [EMAIL PROTECTED] -- h+h > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Gesendet am: Mittwoch, 3. April 2002 03:56 > An: [EMAIL PROTECTED] > Betreff: Creating client certificates ? > > Hello modssl users ! > > I managed to set up an ssl aware web server. > Although I searched the web and also the list > archive I haven't been able to create a client > certificate which is signed by my own CA for > client authentication. > > Could someone describe the process of creating > such a certificate in detail ? > > I know it is possible with openssl but as I said > before I wasn't able to figure out how. > > Please help ! > > -- > GMX - Die Kommunikationsplattform im Internet. > http://www.gmx.net > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows
Thanks for your suggestion Andrew, but that doesn't help me ! My application should support Windows also. So, there is no way for me other than fixing this problem. Any other suggestions/experiences please? Thanks Hassan Andrew Lietzow wrote: > Dear Hassan, > RE:>>Windows 2000 > Not to be smart or anything but why are you trying to run a server based > application on a desktop operating system? Since PC's are so cheap and > Linux is so cheap, why not invest in a machine that will do what you want it > to do without having to pull out all of your hair? > > RE:>>> "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". > The memory could not be read." > This tells very little about the problem. Oh, I suppose the authors of > these programs might be able to figure out what instruction is in that > memory location at the exact time that your programs fail, but this is > typical of Desktop O/S's. They give you a bomb and then hope you can figure > it out. > > RE:>>This has become a critical issue for me! > If that were true, you would already be running this on Linux... Well, > maybe that's a bit strong but I am serious that source code type > applications are more compatible with source code type O/S's. Do you have a > vested interest in running this on Windows 2000? Is that a must do for you? > IMHO, whatever is holding you back from installing this application onto > Linux, you might as well deal with it and then move on ... RedHat, SuSE, > Caldera, Mandrake... just do it! > > Andrew Lietzow > The ACL Group, Inc. > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Japp, allready put it here. >Can you go to c:/program files/apache_ssl/modules and see the mod_ssl.so >file? > >Your second test seems logical since the module wasn't loaded in the >LoadModule section. > >Eric > >-Original Message- >From: Danalien [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, April 03, 2002 8:52 AM >To: [EMAIL PROTECTED] >Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) > > >Hi, > >I need some help, i patch, complie, and everything according to: > http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 > >all goes fine fine, only get a few warnings (during the apache complie) > >I then go to the httpd.conf (%my_apache_ssl_root%/conf) > >and put this in: > >LoadModule ssl_module modules/mod_ssl.so > > >and I get (this) when i do apache -t : > >C:\Program Files\Apache_SSL>apache -t >Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: >Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: >(182) >Note the errors or messages above, and press the key to exit. 26... >C:\Program Files\Apache_SSL> > >*thinking* *thinking*... > >... then I just do a little test. > >remove the previos loadModule by puting a # infront (lite this): > >#LoadModule ssl_module modules/mod_ssl.so > > >and add: > >AddModule mod_ssl.c > > >and get : > >C:\Program Files\Apache_SSL>apache -t >Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: >Cannot add module via name 'mod_ssl.c': not in list of loaded modules >Note the errors or messages above, and press the key to exit. 23... >C:\Program Files\Apache_SSL> > > >and do a apache -l >where I get this: > >Compiled-in modules: > http_core.c > mod_so.c > mod_mime.c > mod_access.c > mod_auth.c > mod_negotiation.c > mod_include.c > mod_autoindex.c > mod_dir.c > mod_cgi.c > mod_userdir.c > mod_alias.c > mod_env.c > mod_log_config.c > mod_asis.c > mod_imap.c > mod_actions.c > mod_setenvif.c > mod_isapi.c > > >and my suspicions were correct, "where are/is the SSL - module(s)?" cause it >ain't in >the compiled apache :) > >If some could explain/help me how to meld this SSL module into apache, it >would be great :) >thanks. > > > > > > >// with regards >// ID :: danalien :: <[EMAIL PROTECTED]> > >PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] // with regards // ID :: danalien :: <[EMAIL PROTECTED]> PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsO/x6FoQlEaqKIEQIOiACdFE57iQebkBg6r1wIbjJf4TOWDYIAoKwY o1SRuk++dFNMuY/7MNbsgYT5 =Z7o4 -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
Can you go to c:/program files/apache_ssl/modules and see the mod_ssl.so file? Your second test seems logical since the module wasn't loaded in the LoadModule section. Eric -Original Message- From: Danalien [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 8:52 AM To: [EMAIL PROTECTED] Subject: apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I need some help, i patch, complie, and everything according to: http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 all goes fine fine, only get a few warnings (during the apache complie) I then go to the httpd.conf (%my_apache_ssl_root%/conf) and put this in: LoadModule ssl_module modules/mod_ssl.so and I get (this) when i do apache -t : C:\Program Files\Apache_SSL>apache -t Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: (182) Note the errors or messages above, and press the key to exit. 26... C:\Program Files\Apache_SSL> *thinking* *thinking*... ... then I just do a little test. remove the previos loadModule by puting a # infront (lite this): #LoadModule ssl_module modules/mod_ssl.so and add: AddModule mod_ssl.c and get : C:\Program Files\Apache_SSL>apache -t Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: Cannot add module via name 'mod_ssl.c': not in list of loaded modules Note the errors or messages above, and press the key to exit. 23... C:\Program Files\Apache_SSL> and do a apache -l where I get this: Compiled-in modules: http_core.c mod_so.c mod_mime.c mod_access.c mod_auth.c mod_negotiation.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_userdir.c mod_alias.c mod_env.c mod_log_config.c mod_asis.c mod_imap.c mod_actions.c mod_setenvif.c mod_isapi.c and my suspicions were correct, "where are/is the SSL - module(s)?" cause it ain't in the compiled apache :) If some could explain/help me how to meld this SSL module into apache, it would be great :) thanks. // with regards // ID :: danalien :: <[EMAIL PROTECTED]> PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 DmQQDW2F53itoAyTwCj7zlEj =hTM+ -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows
Dear Hassan, RE:>>Windows 2000 Not to be smart or anything but why are you trying to run a server based application on a desktop operating system? Since PC's are so cheap and Linux is so cheap, why not invest in a machine that will do what you want it to do without having to pull out all of your hair? RE:>>> "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The memory could not be read." This tells very little about the problem. Oh, I suppose the authors of these programs might be able to figure out what instruction is in that memory location at the exact time that your programs fail, but this is typical of Desktop O/S's. They give you a bomb and then hope you can figure it out. RE:>>This has become a critical issue for me! If that were true, you would already be running this on Linux... Well, maybe that's a bit strong but I am serious that source code type applications are more compatible with source code type O/S's. Do you have a vested interest in running this on Windows 2000? Is that a must do for you? IMHO, whatever is holding you back from installing this application onto Linux, you might as well deal with it and then move on ... RedHat, SuSE, Caldera, Mandrake... just do it! Andrew Lietzow The ACL Group, Inc. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apache 1.3.24 + mod_ssl 2.8.8 for Windows (2000)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I need some help, i patch, complie, and everything according to: http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL.Win32 all goes fine fine, only get a few warnings (during the apache complie) I then go to the httpd.conf (%my_apache_ssl_root%/conf) and put this in: LoadModule ssl_module modules/mod_ssl.so and I get (this) when i do apache -t : C:\Program Files\Apache_SSL>apache -t Syntax error on line 62 of c:/program files/apache_ssl/conf/httpd.conf: Cannot load c:/program files/apache_ssl/modules/mod_ssl.so into server: (182) Note the errors or messages above, and press the key to exit. 26... C:\Program Files\Apache_SSL> *thinking* *thinking*... ... then I just do a little test. remove the previos loadModule by puting a # infront (lite this): #LoadModule ssl_module modules/mod_ssl.so and add: AddModule mod_ssl.c and get : C:\Program Files\Apache_SSL>apache -t Syntax error on line 110 of c:/program files/apache_ssl/conf/httpd.conf: Cannot add module via name 'mod_ssl.c': not in list of loaded modules Note the errors or messages above, and press the key to exit. 23... C:\Program Files\Apache_SSL> and do a apache -l where I get this: Compiled-in modules: http_core.c mod_so.c mod_mime.c mod_access.c mod_auth.c mod_negotiation.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_userdir.c mod_alias.c mod_env.c mod_log_config.c mod_asis.c mod_imap.c mod_actions.c mod_setenvif.c mod_isapi.c and my suspicions were correct, "where are/is the SSL - module(s)?" cause it ain't in the compiled apache :) If some could explain/help me how to meld this SSL module into apache, it would be great :) thanks. // with regards // ID :: danalien :: <[EMAIL PROTECTED]> PGP Public Key Fingerprint: C891 D3A1 427A A5E7 449F B19E 1E85 A109 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPKsI9x6FoQlEaqKIEQKKOQCfQTAK3SV7vSoe8aE8YQqv7cjVqrQAoOe7 DmQQDW2F53itoAyTwCj7zlEj =hTM+ -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Nowhere talks about RPMS installation. Is it possible?
Dear Sergie Mayordomo, RE:>>> Is it normal that when I try $apachectl startssl , or $httpd -SSLD it don't works at all ? --- In your apache home directory, e.g. /usr/local/apache, you have a few important directories (they are probably ALL important but we're only going to talk about three). 1) In the conf directory, do you have an httpd.conf? If not, then it's probably in your /etc/httpd directory. Either way, load this datafile into a text editor and examine all of your SSL statements. Make sure SSL is set up correctly. What does correctly mean? Set up so that it works. 2) In your bin directory, you have apachectl. Execute <./apachectl configtest> (there is a dot in front of the slash). Does that run cleanly. 3) In the logs directory, you have the access_log and the error_log. What, if anything, about your problem shows up in these two files? Are there any clues that you can discover that might help? Provide more infomation and maybe you can get it going. The programs work but you are still learning how to work the programs. It might take a little while. This is a "non-trivial" application. As for the RPM's I am sure thousands of people have made them work... Good Luck! Andrew Lietzow The ACL Group, Inc. - Original Message - From: "Sergi Mayordomo" <[EMAIL PROTECTED]> To: "modssl" <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 5:41 AM Subject: Nowhere talks about RPMS installation. Is it possible? > Hi, > > I have: -apache-1.3.22-2.i386.rpm, mod_ssl-2.8.5-4.i386.rpm. under > Redhat 7.2 > I have php-4.0.6-12.i386.rpm too. > Is it normal that when I try $apachectl startssl , or $httpd -SSLD it > don't works at all ? > the previous commands aren't recognized for apache. > > Do you know if any RPM version would work correctly ?? > > Thanks. > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Nowhere talks about RPMS installation. Is it possible?
Sergi Mayordomo wrote: > > Hi, > > I have: -apache-1.3.22-2.i386.rpm, mod_ssl-2.8.5-4.i386.rpm. under > Redhat 7.2 > I have php-4.0.6-12.i386.rpm too. > Is it normal that when I try $apachectl startssl , or $httpd -SSLD it > don't works at all ? > the previous commands aren't recognized for apache. > > Do you know if any RPM version would work correctly ?? I don't know much about the RPM environment (I usually "use the source, Luke") but I doubt very much that getting a mod_ssl aware apache is as simple as rpm -i on the packages above... For one thing, the standard apache cannot load mod_ssl like a normal module, the apache API has to be extended to allow mod_ssl access to the openssl library. This means an apache recompile with mod_ssl... Did you do something like this? In any case, you can check the status of your apache binary by doing "httpd -l" which will list the compiled in modules - do you see mod_ssl? If you are using DSO, do you get an error about the LoadModule directive or any SSL directives in the config? What do you see in the error_log when you try to start apache like this? What SSL directives do you have in the config? Do you have an SSL virtualhost defined? Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Nowhere talks about RPMS installation. Is it possible?
Hi, I have: -apache-1.3.22-2.i386.rpm, mod_ssl-2.8.5-4.i386.rpm. under Redhat 7.2 I have php-4.0.6-12.i386.rpm too. Is it normal that when I try $apachectl startssl , or $httpd -SSLD it don't works at all ? the previous commands aren't recognized for apache. Do you know if any RPM version would work correctly ?? Thanks. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ModSSL 2.8.8 + Apache 1.3.24 crashing on Windows
Hi, I have a situation where I have to redirect from a HTTP to a HTTPS connection via a servlet. That is I send a HTTP GET request to a servlet which in reply sends a redirect to a web page with the URL protocol changed to HTTPS. Till Apache 1.3.20+ModSSL 2.8.4 this was working fine. But after I upgraded to Apache 1.3.24+ModSSL 2.8.8 (to get the security fixes :) ), it is crashing with a error message like "The instruction at "0x6ff90e08" referenced memory at "0x72676f76". The memory could not be read." If I click Cancel to debug using VC++ it shows an invalid memory access in ApacheCore.dll. My platform config is Windows 2000 MS VC++ 6.0 (SP5) OpenSSL 0.9.6c (built using MASM optimizations). Please let me know where the problem is, or maybe where I should look to try and debug this. This has become a critical issue for me! Regards, Hassan. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]