On Mon, Jun 04, 2007 at 07:50:14PM -0400, Tom Allison wrote: > Tom Allison wrote: > > > >OK, at one point in my life I had something working for a very brief > >period that looked like https. > >Unfortunately after a few days... it stopped. Never got it working > >again... > > I've found a number of mailing lists in search engines that talk about > > openssl s_client -connect localhost:443 -state -debug -showcerts > connect: Connection refused > connect:errno=29
I only get that error when I do openssl s_client as soon as i put in the -connect localhost:443 part, it connects. And I get various bits of output. (including some errors). I don't really know about this, so i don't know how to interpret that except that perhaps you are not listening on 443? I also get that error if I try to connect to a port that I know is not listening, so I think that might be the problem (simple as it may be...). > > I'm really frustrated with this SSL stuff, is this like a state secret or > something? probably > > I've tried rebuilding keys using every possible combination I can find for > doing it. The latest was > openssl req -new -x509 -nodes -out server.crt -keyout server.key > taken straight from the apache2.2 site. > > I'm stuck. How do you get SSL to work? > > I did have this under apache 1 years ago. > > How do you do it under Apache 2.2? > > I created the keys as mentioned above. > I enabled ssl.conf > I added to http.conf the following: > SSLEngine on > FWIW, this is what is in my /etc/apache2.2/sites-available/default that might be pertinent. note that i made the key and cert using a multi-step procedure that I can't find right now... NameVirtualHost 192.168.2.3:80 NameVirtualHost 192.168.2.3:443 <VirtualHost 192.168.2.3:443> ... SSLEngine on SSLCertificateFile /etc/apache2/ssl/cert.pem SSLCertificateKeyFile /etc/apache2/ssl/key.pem DocumentRoot /var/www/ ... </VirtualHost> > and found that even though it was listed in ssl.conf I also had to include > the Directives for the CertificatFile, CertificatKeyFile, Cache and that > would at least allow it to start, but not serve a page. > > Also tried moving all the SSL directives into the <VirtualHost *> Directive > and that also started but did nothing. > > > > HOWTO? Anyone have a HOWTO that actually works? how about this one? http://www.debian-administration.org/articles/349 it includes a few links to some other stuff as well. hth A
signature.asc
Description: Digital signature