Hi actually I'm not a crack in this stuff, but maybe this will help you. This worked with Jserv, with tomcat I have a problem with the definition of virtual hosts in file server.xml (no documentation) regards Markus In httpd.conf I have inserted: # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # Listen 80 Listen 443 #----------------------------------------------------------------------- --------- # Section 3: Virtual Hosts #----------------------------------------------------------------------- --------- # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. # Please see the documentation at <URL:http://www.apache.org/docs/vhosts/> # for further details before you try to setup virtual hosts. # You may use the command line option '-S' to verify your virtual host # configuration. # # If you want to use name-based virtual hosts you need to define at # least one IP address (and port number) for them. # NameVirtualHost 10.1.1.74:80 NameVirtualHost 10.1.1.74:443 #----------------------------------------------------------------------- --------- # Section 4: SSL Global Context #----------------------------------------------------------------------- --------- # # All SSL configuration in this context applies both to # the main server and all SSL-enabled virtual hosts. # # # Some MIME-types for downloading Certificates and CRLs # # <IfDefine SSL> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # # Disable SSL. Usefull in combination with virtual hosts # SSLEngine off # # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. # SSLPassPhraseDialog builtin # # Set the session cache timeout, in seconds (set to 15 for testing, use a # higher value in real life) # #SSLSessionCacheTimeout 15 # # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. # SSLMutex sem # # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # SSLRandomSeed startup builtin SSLRandomSeed connect builtin # # Logging: # The home of the dedicated SSL protocol logfile. Errors are # additionally duplicated in the general error log file. Put # this somewhere where it cannot be used for symlink attacks on # a real server (i.e. somewhere where only root can write). # Log levels are (ascending order: higher ones include lower ones): # none, error, warn, info, trace, debug. # SSLLog logs/ssl_engine_log SSLLogLevel info # # Set the CA certificate verification path (must be PEM encoded). # (in addition to getenv("SSL_CERT_DIR"), I think). # #SSLCACertificatePath /usr/local/etc/apache/apache_1.3.1/SSLconf/conf # # Set the CA certificate verification file (must be PEM encoded). # (in addition to getenv("SSL_CERT_FILE"), I think). # SSLCACertificateFile D:\WebSpace\ApacheSSL\conf\ssl.crt\swisskey.crt # # Point SSLCertificateFile at a PEM encoded certificate. # If the certificate is encrypted, then you will be prompted for a pass phrase. # Note that a kill -1 will prompt again. # A test certificate can be generated with "make certificate". # SSLCertificateFile D:\WebSpace\ApacheSSL\conf\ssl.crt\snakeoil-rsa.crt # # If the key is not combined with the certificate, use this directive to # point at the key file. If this starts with a '/' it specifies an absolute # path, otherwise it is relative to the default certificate area. That is, it # means "<default>/private/<keyfile>". # SSLCertificateKeyFile D:\WebSpace\ApacheSSL\conf\ssl.key\snakeoil-rsa.key # # Set SSLVerifyClient to: none / optional / require # # SSLVerifyClient optional # # How deeply to verify before deciding they don't have a valid certificate # #SSLVerifyDepth 1 SSLVerifyDepth 10 # # Translate the client X509 into a Basic authorisation. This means that the # standard Auth/DBMAuth methods can be used for access control. The user name # is the "one line" version of the client's X509 certificate. Note that no # password is obtained from the user. Every entry in the user file needs this # password: xxj31ZMTZzkVA. See the code for further explanation. # SSLOptions +FakeBasicAuth # # List the ciphers that the client is permitted to negotiate. See the source # for a definitive list. For example: # #SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA # # These two can be used per-directory to require or ban ciphers. Note that (at # least in the current version) Apache-SSL will not attempt to renegotiate if a # cipher is banned (or not required). # #SSLRequireCipher #SSLBanCipher # # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown # # Custom logging # CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # # ab hier Text von MS # <VirtualHost www.prot-gemeinde.ch:80> ServerName www.prot-gemeinde.ch ServerAdmin [EMAIL PROTECTED] ErrorLog logs/prot-gemeinde_error.log CustomLog logs/prot-gemeinde_access.log common DocumentRoot D:/WebSpace/ApacheSSL/tomcat/webapps/Prototyp DirectoryIndex Formular.htm <Directory "D:/WebSpace/ApacheSSL/tomcat/webapps/Prototyp"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> JkMount /*.jsp ajp13 JkMount /servlet/* ajp13 ScriptAlias /cgi-bin/ "D:/WebSpace/Prototyp/Version10/cgi-bin/" <Directory "D:/WebSpace/Prototyp/Version10/cgi-bin"> AllowOverride None Options None </Directory> </VirtualHost> #----------------------------------------------------------------------- --------- <VirtualHost www.snakeoil.dom:443> #----------------------------------------------------------------------- --------- SSLOptions +StdEnvVars +ExportCertData SSLEngine on ServerName www.snakeoil.dom ServerAdmin [EMAIL PROTECTED] ErrorLog logs/snake_error.log CustomLog logs/snake_access.log common DocumentRoot D:/WebSpace/ApacheSSL/tomcat/webapps/securesite <Directory "D:/WebSpace/ApacheSSL/tomcat/webapps/securesite"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> JkMount /*.jsp ajp13 JkMount /servlet/* ajp13 <Directory "D:/WebSpace/ApacheSSL/tomcat/webapps/securesite/WEB-INF"> Options none Deny from all </Directory> </VirtualHost> -----Ursprüngliche Nachricht----- Von: Pete Ehli [SMTP:[EMAIL PROTECTED]] Gesendet am: Dienstag, 16. Januar 2001 08:34 An: [EMAIL PROTECTED] Betreff: Apache mod_SSL and Tomcat using mod_jk Hello I am new to Apache and am using mod_ssl Apache server connected with Tomcat via the mod_jk module - I get the following warning when starting Apache after I start tomcat "Loaded DSO modules/mod_jk.dll uses plain Apache 1.3 API, this module might crash under EAPI! (Please recompile it with -DEAPI) I am trying to get Apache and Tomcat to use SSL . I don't have a certificate configured and get the following error "localhost:443 should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]" Can someone point me to the exact directions on how to configure a certificate and also will this module mod_jk work with the version of Apache I am using - Apache_1.3.14-mod_ssl_2.7.2-openssl_0.96-win32.zip and Tomcat 3.2.1 I have configured this via the documentation in Tomcat. Any ideas or suggestion on where to go form here would be much appreciated - Pete - [EMAIL PROTECTED] << Datei: ATT00010.html >> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
