Subject: Re: httpd tls - what am i missing?
On 3/25/15, Theodore Wynnychenko <t...@uchicago.edu> wrote:
>
> Is there anything for me to look at/consider in trying to correct this?
>
> Thanks
> Ted
>
>
Here is a working example from my server. Note that I don't bother
with port 80. You might want to try without the port 80 listen line to
rule out some config parsing issue. Also the tls options are in a {}
block and make sure your cert and key have secure permissions.
server "mydomain.com" {
listen on $ext_addr tls port 443
alias "www.mydomain.com"
tls {
certificate "/etc/ssl/mydomain.com.crt"
key "/etc/ssl/private/mydomain.com.key"
}
# Set max upload size to 513M (in bytes)
connection max request body 537919488
root "/htdocs"
directory index index.html
}
----------------
I tried modifying my httpd.conf to only include the only the https server (and
changed the tls options as shown above); but this did
not allow me to connect with https.
The permissions on the cert is 644 root.wheel, and the key is 400 root.wheel.
I did notice that when I try to connect, and firefox is "hanging" (little
spinning wheel going round and round), if I kill the httpd
parent process on the server, then firefox (within a second or so) drops into
an "unable to connect" page.
It seems to me that something odd is happening within httpd - like it starts to
process the request, but refuses to complete it.
Are there any restrictions on the key size or certificate properties (like
alternative names) for use with httpd? (I don't see
anything in the man pages)
Is there any way to get more verbose logs of what httpd is doing/waiting for?
(I don't see anything in the man pages)
Thanks again
Ted
[demime 1.01d removed an attachment of type application/x-pkcs7-signature which
had a name of smime.p7s]
