OK, at one point in my life I had something working for a very brief period that
looked like https.
Unfortunately after a few days... it stopped. Never got it working again...
So I'm trying to get sane directions working and I'm pretty hosed... apache will
start but https doesn't respond. This seems fairly common.
[Sat Jun 02 22:09:55 2007] [info] Init: Seeding PRNG with 0 bytes of entropy
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Sat Jun 02 22:09:55 2007] [warn] Init: Session Cache is not configured [hint:
SSLSessionCache]
[Sat Jun 02 22:09:55 2007] [info] Init: Initializing (virtual) servers for SSL
[Sat Jun 02 22:09:55 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8c
[Sat Jun 02 22:09:55 2007] [notice] suEXEC mechanism enabled (wrapper:
/usr/lib/apache2/suexec)
[Sat Jun 02 22:09:55 2007] [info] mod_fcgid: Process manager 16591 started
[Sat Jun 02 22:09:55 2007] [info] Init: Seeding PRNG with 0 bytes of entropy
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Sat Jun 02 22:09:55 2007] [info] Init: Initializing (virtual) servers for SSL
[Sat Jun 02 22:09:55 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8c
[Sat Jun 02 22:09:55 2007] [notice] Apache/2.2.3 (Debian) mod_ssl/2.2.3
OpenSSL/0.9.8c configured -- resuming normal operations
[Sat Jun 02 22:09:55 2007] [info] Server built: Mar 27 2007 14:54:26
The response from Firefox is some error called "has sent an incorrect or
unexpected message. Error Code -12263"
I have Directives in apache.conf for:
Listen 443
Directives in ssl.conf
<IfModule mod_ssl.c>
# added by me.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/host.cert
SSLCertificateKeyFile /etc/apache2/ssl/host.key
NOTE: I also have SsLSessionCache called out even though the logs say I don't.
It's the debian default so I'm kind of "wtf?" on this one.
Now, I have about 100 questions that I've been searching for all night long.
I'm either hitting the wrong keywords or just can't find anything.
First. If I want to have both SSL and non-SSL Virtual Hosts: It is my
understanding that I can only have one HTTPS host but many HTTP hosts (chicken
and egg).
For the most part, this is fine. I'm primarily looking at a http+https host and
perhaps smaller (static) http sites.
It's fairly obvious to me that I don't have any clue where to put the
SSLEngine/SSLCertificate* directives becuase they just don't act like they are
being considered at all.
So I'm asking if someone has some concise information on how this can be
done....
I assume that no matter what I want to do I have to leave the 'Listen 443'
directive in Section 1 of apache.conf.
true/false?
I suspect that the SSL Directives I want to use have to be entered into a
VirtualHost Directive like:
<VirtualHost *:443/>
SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...
/// And other stuff there with directories and cgi-bin directories...
</VirtualHost>
And so I have to write a *lot* of stuff for the HTTPS stuff to work.
Seems that for just about every directive out there (cgi, fcgi, ...) I have to
darn near copy and repeat for HTTPS.
This seems incorrect because it's repetative, lengthy, and does nothing to
restrict sections to only HTTPS.
I haven't any idea how to make certain areas HTTP only and others HTTPS only but
it's probably related to SSLRequire.
Unfortunately, since I have no SSL working at all my ability to investigate this
is slightly limited.. ;)
So, what's a good practice for doing this kind of stuff.
Am I even close?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
