Re: private key not found
I had a domain that was transferred to my server, and with it came the key and crt files from the old server. That particular domain the SSL is blowing up... More accurately, Apache refuses to start, with the same error you get, when I try to enable the SSL for that domain... - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 08, 2003 4:48 PM Subject: Re: private key not found I'm not too sure what you mean when you ask if the domain was transferred. What domain? All I know I did was that I generated the key/csr/crts and self-signed the CA. On Thursday 06 March 2003 14:03, Justin Williams wrote: was the domain moved over to your server, or did you generate key/csr/crt? I'm having the same difficulty with one where the domain, cert and key were transferred; all my others work properly... - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 07, 2003 5:20 PM Subject: Re: private key not found The permissions for the server.crt file are rw-r--r-- but it still cannot find the Private Key. On Thursday 06 March 2003 13:36, Ron Gedye wrote: Please check the permissions on your private key. They should be readable only by owner (400) (knee-jerk first guess reaction) Best of luck - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 07, 2003 3:42 PM Subject: private key not found I'm trying to get mod_ssl to work on my server, but each time I try to restart apache with mod_ssl activated, it gives me this error: /etc/init.d/apache start returned 7 (Program is not running.) Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server matrix.pelathe.org:443 (RSA) Enter pass phrase: Apache:mod_ssl:Error: Private key not found. **Stopped stty: standard input: Inappropriate ioctl for device ..failed What I don't understand is how it can't find the Private key. The SSLCertificateKeyFile path in httpd.conf matches the location of the key in my directory. Isn't the SSLCertificateKeyFile the Private Key path? I'm including the Virtual Host code (sans the explination text and a passkey). I'm very new to this so I won't be surprised if there is a glaring error in here that I missed... VirtualHost _default_:443 DocumentRoot /srv/www/htdocs ServerName matrix.pelathe.org ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/ssl.crt/server.crt #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt #SSLCACertificatePath /etc/httpd/ssl.crt SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt SSLCARevocationPath /etc/httpd/ssl.crl #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl SSLVerifyClient require SSLVerifyDepth 10 #Location / #SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ #and %{SSL_CLIENT_S_DN_O} eq Snake Oil, Ltd. \ #and %{SSL_CLIENT_S_DN_OU} in {Staff, CA, Dev} \ #and %{TIME_WDAY} = 1 and %{TIME_WDAY} = 5 \ #and %{TIME_HOUR} = 8 and %{TIME_HOUR} = 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #/Location #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files Directory /srv/www/cgi-bin SSLOptions +StdEnvVars /Directory SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL 2.8.10 on a SuSE 8.1 box. Thanks, -Andrew __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- A. Putnam Assistant IT Administrator Pelathe Community Resource
Re: private key not found
don't think you can make a key from a crt... only works the other way around... Tempted to do that, though... - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 08, 2003 6:01 PM Subject: Re: private key not found Oh, I see now. Well, it's nothing like that. Pelathe has had its domain since '98. We've had a sever that died and had to transfer everything to a new Linux box, but this is the first time we've ever tried to make a ssl server, so I don't think that would make a difference. It's really strange that the crt for your transferred domain won't work though. Maybe there is some fundamental difference between the two servers that would cause problems? Can you just make new keys for the domain instead? Or is that not how it works? On Friday 07 March 2003 13:38, Justin Williams wrote: I had a domain that was transferred to my server, and with it came the key and crt files from the old server. That particular domain the SSL is blowing up... More accurately, Apache refuses to start, with the same error you get, when I try to enable the SSL for that domain... - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 08, 2003 4:48 PM Subject: Re: private key not found I'm not too sure what you mean when you ask if the domain was transferred. What domain? All I know I did was that I generated the key/csr/crts and self-signed the CA. On Thursday 06 March 2003 14:03, Justin Williams wrote: was the domain moved over to your server, or did you generate key/csr/crt? I'm having the same difficulty with one where the domain, cert and key were transferred; all my others work properly... - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 07, 2003 5:20 PM Subject: Re: private key not found The permissions for the server.crt file are rw-r--r-- but it still cannot find the Private Key. On Thursday 06 March 2003 13:36, Ron Gedye wrote: Please check the permissions on your private key. They should be readable only by owner (400) (knee-jerk first guess reaction) Best of luck - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 07, 2003 3:42 PM Subject: private key not found I'm trying to get mod_ssl to work on my server, but each time I try to restart apache with mod_ssl activated, it gives me this error: /etc/init.d/apache start returned 7 (Program is not running.) Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server matrix.pelathe.org:443 (RSA) Enter pass phrase: Apache:mod_ssl:Error: Private key not found. **Stopped stty: standard input: Inappropriate ioctl for device ..failed What I don't understand is how it can't find the Private key. The SSLCertificateKeyFile path in httpd.conf matches the location of the key in my directory. Isn't the SSLCertificateKeyFile the Private Key path? I'm including the Virtual Host code (sans the explination text and a passkey). I'm very new to this so I won't be surprised if there is a glaring error in here that I missed... VirtualHost _default_:443 DocumentRoot /srv/www/htdocs ServerName matrix.pelathe.org ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/ssl.crt/server.crt #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt #SSLCACertificatePath /etc/httpd/ssl.crt SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt SSLCARevocationPath /etc/httpd/ssl.crl #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl SSLVerifyClient require SSLVerifyDepth 10 #Location / #SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ #and %{SSL_CLIENT_S_DN_O} eq Snake Oil, Ltd. \ #and %{SSL_CLIENT_S_DN_OU} in {Staff, CA, Dev} \ #and %{TIME_WDAY} = 1 and %{TIME_WDAY} = 5 \ #and %{TIME_HOUR} = 8 and %{TIME_HOUR} = 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #/Location #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files Directory /srv/www/cgi-bin SSLOptions +StdEnvVars /Directory SetEnvIf User
Re: private key not found
oh goody... LOL The CA tells me it was on an Apache server, and the owner tells me it was on a *nix system, but, with them downloading the file and tinkering, maybe something got tinkered the wrong way... - Original Message - From: Carlos Villegas [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 07, 2003 4:57 PM Subject: Re: private key not found On Fri, 7 Mar 2003, Justin Williams wrote: don't think you can make a key from a crt... only works the other way around... Tempted to do that, though... You're right, it doesn't work the other way around. otherwise SSL would be worthless... It seems to me that your keys might be corrupted, my guess is that the other server was a windows box and this one is unix (or the other way around, but I doubt it), so you have all the end of lines messed up (with a bunch of ^M at the end of each line or similar). Carlos __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: private key not found
was the domain moved over to your server, or did you generate key/csr/crt? I'm having the same difficulty with one where the domain, cert and key were transferred; all my others work properly... - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 07, 2003 5:20 PM Subject: Re: private key not found The permissions for the server.crt file are rw-r--r-- but it still cannot find the Private Key. On Thursday 06 March 2003 13:36, Ron Gedye wrote: Please check the permissions on your private key. They should be readable only by owner (400) (knee-jerk first guess reaction) Best of luck - Original Message - From: A. Putnam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 07, 2003 3:42 PM Subject: private key not found I'm trying to get mod_ssl to work on my server, but each time I try to restart apache with mod_ssl activated, it gives me this error: /etc/init.d/apache start returned 7 (Program is not running.) Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server matrix.pelathe.org:443 (RSA) Enter pass phrase: Apache:mod_ssl:Error: Private key not found. **Stopped stty: standard input: Inappropriate ioctl for device ..failed What I don't understand is how it can't find the Private key. The SSLCertificateKeyFile path in httpd.conf matches the location of the key in my directory. Isn't the SSLCertificateKeyFile the Private Key path? I'm including the Virtual Host code (sans the explination text and a passkey). I'm very new to this so I won't be surprised if there is a glaring error in here that I missed... VirtualHost _default_:443 DocumentRoot /srv/www/htdocs ServerName matrix.pelathe.org ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/ssl.crt/server.crt #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt SSLCertificateKeyFile /etc/httpd/ssl.key/server.key #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt #SSLCACertificatePath /etc/httpd/ssl.crt SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt SSLCARevocationPath /etc/httpd/ssl.crl #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl SSLVerifyClient require SSLVerifyDepth 10 #Location / #SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ #and %{SSL_CLIENT_S_DN_O} eq Snake Oil, Ltd. \ #and %{SSL_CLIENT_S_DN_OU} in {Staff, CA, Dev} \ #and %{TIME_WDAY} = 1 and %{TIME_WDAY} = 5 \ #and %{TIME_HOUR} = 8 and %{TIME_HOUR} = 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #/Location #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files Directory /srv/www/cgi-bin SSLOptions +StdEnvVars /Directory SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL 2.8.10 on a SuSE 8.1 box. Thanks, -Andrew __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- A. Putnam Assistant IT Administrator Pelathe Community Resource Center __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: newbie: help to create ssl connection.
Thawte.com, actually, has a great step-by-step on this one That's where the following comes from: 1- make sure you know the full domain name (https://www.domain.com) 2- pick 5 random files that are of moderate size (I use about a 5K file). Thawte refers to these files as file1:file2:file3... 3- generate the key as follows: openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out www.domain.com.key (you can leave out the -des3, if you are confident and secure about your server) 4- generate the CSR from the key: openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common name, when you are prompted, is not YOUR name, but the complete and entire domain name) 5- generatea temporary, self-signedCRT from the CSR: openssl x509 -req -days 30 -in www.domain.com.csr -signkey www.domain.com.key -out www.domain.com.crt You will then send the CSR to the CA of your choice. Whenthey send you the CRT back, replace your temporary CRT with the real one. - Original Message - From: kulkarni veena To: [EMAIL PROTECTED] Sent: Wednesday, February 05, 2003 1:32 PM Subject: newbie: help to create ssl connection. Hi, I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started? Thanks in advance. Veena Kulkarni Do you Yahoo!?Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Re: newbie: help to create ssl connection.
That is a set of directions on creating your self-signed certificate. As far as encryption, what, exactly, are you trying to accomplish? - Original Message - From: kulkarni veena To: [EMAIL PROTECTED] Sent: Wednesday, February 05, 2003 3:32 PM Subject: Re: newbie: help to create ssl connection. Thanks. But I'm not clear about how to obtain encrytpion on the server and client side . Also, are there any tools to create Digital certificates becasue i need a self signed certificate. My configurations: Server: Apache web server with Modssl enabled on Linux platform client: internet explorer 5.0, netscape 6.0 programming language to be used for encryption: Java Justin Williams [EMAIL PROTECTED] wrote: Thawte.com, actually, has a great step-by-step on this one That's where the following comes from: 1- make sure you know the full domain name (https://www.domain.com) 2- pick 5 random files that are of moderate size (I use about a 5K file). Thawte refers to these files as file1:file2:file3... 3- generate the key as follows: openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out www.domain.com.key (you can leave out the -des3, if you are confident and secure about your server) 4- generate the CSR from the key: openssl -req -new -key www.domain.com.key -out www.domain.com.csr (common name, when you are prompted, is not YOUR name, but the complete and entire domain name) 5- generatea temporary, self-signedCRT from the CSR: openssl x509 -req -days 30 -in www.domain.com.csr -signkey www.domain.com.key -out www.domain.com.crt You will then send the CSR to the CA of your choice. Whenthey send you the CRT back, replace your temporary CRT with the real one. - Original Message - From: kulkarni veena To: [EMAIL PROTECTED] Sent: Wednesday, February 05, 2003 1:32 PM Subject: newbie: help to create ssl connection. Hi, I'm new to all this ssl thing and I wanted to create a ssl connection for online store using modssl. Could you please advice how do i get started? Thanks in advance. Veena Kulkarni Do you Yahoo!?Yahoo! Mail Plus - Powerful. Affordable. Sign up now Do you Yahoo!?Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Re: how to add multiple SSL cert for each virtual host?
A whole new error class! RTFM errors and ID-10-T error codes alongside! If nothing else, it would be thoroughly entertaining! On Wednesday 04 December 2002 12:17 pm, Boyle Owen wrote: From: Cliff Woolley [mailto:[EMAIL PROTECTED]] But please, people, this is SUCH a frequently asked question. Definitely one of the top three. I'd say it is THE most frequently asked question (but I can't be bothered scanning the archives to prove it :-) The FAQ (http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47) is all very well, but it is rather technical for a newbie and, having been written by someone for whom English is a second language, is not as illuminating as it might be. I had a go a re-writing it a few years ago (http://marc.theaimsgroup.com/?l=apache-modsslm=98559369910170w=2) so maybe we could start there... However, given the tendency of people to read the instructions only if all else fails, putting a warning in the default config sounds like a good idea. Putting an error message in the source-code would be even better! Rgds, Owen Boyle This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
(Hopefully) easy SSL question
I have openssl and mod_ssl on a server running Apache. On independent IPs, I have three websites. One is listening *only* on port 443, and works just fine. The other two need to listen on both 80 and 443, but I have only been able to get them to listen on one port at a time. If I add the directive: SSLEngine on, then port 80 stops listening (more accuarately, it complains that I didn't type in https:). If I remove that directive, then port 443 stops listening. Page cannot be found. Is there some other directive I need to use? Thanks!! Justin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: (Hopefully) easy SSL question
Is this directive the same thing as if mod_ssl.c? Thanks! - Original Message - From: R. DuFresne [EMAIL PROTECTED] To: Justin Williams [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, December 03, 2002 2:19 PM Subject: Re: (Hopefully) easy SSL question under the IfDefine SSL directive, list each port to listen on with the: Listen domain.com:80 Listen domain.com:443 ... /IfDefine see if that corrects matters for you. Thanks, Ron DuFresne On Tue, 3 Dec 2002, Justin Williams wrote: I have openssl and mod_ssl on a server running Apache. On independent IPs, I have three websites. One is listening *only* on port 443, and works just fine. The other two need to listen on both 80 and 443, but I have only been able to get them to listen on one port at a time. If I add the directive: SSLEngine on, then port 80 stops listening (more accuarately, it complains that I didn't type in https:). If I remove that directive, then port 443 stops listening. Page cannot be found. Is there some other directive I need to use? Thanks!! Justin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: (Hopefully) easy SSL question
In the if mod_ssl.c, I spotted more than a couple of Listen statements. Any time I added IP:443 in there, Apache pitched a hissy fit. So, I ended up taking a slightly different route. I set up two entries in the .conf: IP1:80 no SSL info IP1:443 SSL info IP2:80 no SSL info IP2:443 SSL info Apache stopped complaining, and the domains are listening on both ports... - Original Message - From: R. DuFresne [EMAIL PROTECTED] To: Justin Williams [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, December 03, 2002 3:43 PM Subject: Re: (Hopefully) easy SSL question shrug I have that statement coming after the IfDefine SSL directive (meaning it's defined within that IfDefine SSL//IfDefine). Of course, and I dont't state my conf file is the cleanest of meanest, I have 3 such openings and closings of like this: IfDefine SSL /IfDefine IfDefine SSL /IfDefine IfDefine SSL /IfDefine This happens to be the first such set if IfDefine SSL directives: IfDefine SSL Listen domain.com:80 Listen domain.com:443 ... /IfDefine Damn, now I have to go cleanup things one of these days smile. Thanks, Ron DuFresne On Tue, 3 Dec 2002, Justin Williams wrote: Is this directive the same thing as if mod_ssl.c? Thanks! - Original Message - From: R. DuFresne [EMAIL PROTECTED] To: Justin Williams [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, December 03, 2002 2:19 PM Subject: Re: (Hopefully) easy SSL question under the IfDefine SSL directive, list each port to listen on with the: Listen domain.com:80 Listen domain.com:443 ... /IfDefine see if that corrects matters for you. Thanks, Ron DuFresne On Tue, 3 Dec 2002, Justin Williams wrote: I have openssl and mod_ssl on a server running Apache. On independent IPs, I have three websites. One is listening *only* on port 443, and works just fine. The other two need to listen on both 80 and 443, but I have only been able to get them to listen on one port at a time. If I add the directive: SSLEngine on, then port 80 stops listening (more accuarately, it complains that I didn't type in https:). If I remove that directive, then port 443 stops listening. Page cannot be found. Is there some other directive I need to use? Thanks!! Justin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]