Okay, I'm not terribly familiar with https... so bearing that..
If the Listen 443 is in listen.conf, but the flag isn't set in apache...
Does this mean https:// is just serving http on 443 without actual
encrypting the session?
Visually in the browser how is this signalled, no lock?
I'm mostly curious for signs of misconfiguration than anything.
I am just taking a class that sort of touches on https but doesn't give
specifics of implementation.
I was contemplating setting one up to get some hands on..
As I understand it, https is usually 3 things to an end-user.
1. A web server running on 443 typically.
Is this just done by the browser trying to connect to a web server
on port 443 if https:// is used?
I also assume the port can be changed as usual, (e.g.
https://securedwebserver.com:<unusual port number>)
2. A guarantee that this web server will encrypt traffic with the client
browser, usually signalled by a lock icon in the browser.
Otherwise it is regular http protocol traffic.
3. Verification of a certificate through a trusted third party like
Verisign.
Finally, I understand the specific encryption implementations might vary
between web servers.
I didn't find any site that touches on common misconfigurations or their
avoidance.
Anyway, thanks for help on correcting my perceptions/comprehension at
this point.
Doug Taggart
Brian Blater (BBList) wrote:
Thanks,
It is in the /etc/sysconfig/apache2 file and it is called APACHE_SERVER_FLAGS=
on SLES9.
Brian
On Mon, Apr 17, 2006 at 11:56 am, in message
<[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
I can't comment on SLES 9, but on a RHEL 4 box I have
/etc/sysconfig/httpd, which has a section as follows:
# To pass additional options (for instance, - D definitions) to the
# httpd binary at startup, set OPTIONS here.
#
#OPTIONS=
Maybe you have the same system config file, or similar?
Owen
On Mon, Apr 17, 2006 at 10:59:40AM - 0400, Brian Blater (BBList) wrote:
I have a SLES 9 box running Apache 2.0.54 happily. However, I would like to
setup SSL an be able to access pages on the box using https://. Easy enough I
thought. I looked in the listen.conf file and saw the following:
Listen 80
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen 443
</IfModule>
</IfDefine>
</IfDefine>
This should mean that the server will listen on port 443, however it isn't.
If I add a Listen 443 right under the Listen 80 it works. So, that got me
wondering what this <ifdefine ssl> does and why it wasn't working. I did the
google search and found a couple of things, one which mentioned apache2
should be started with the - DSSL option (as seen in a ps awx | grep http), but
I just see the following:
21671 ? Ss 0:00 /usr/sbin/httpd2- prefork - f /etc/apache2/httpd.conf
So, what do I need to do to get apache2 to start on SLES with SSL support? I
know I can just add the Listen 443 option manually, but this has become more
of a quest for learning what the <ifdefine ssl> is for and why it isn't
working.
Thanks for your help.
Brian
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
