Hi. I'm trying to add mod_ssl-2.0.13-1.3.3/SSLeay-0.9.0b/rsaref-2.0 onto a heavily
used and working mod_perl-1.16/apache_1.3.3 installation. Testing the new build is
problematic because every time I install the new build, vanilla http: access stops
working and users start complaining. I am obviously confused by the installation
instructions. Can someone please help?
Latest problem is that when I turn on the new httpd, https:// works (but with an error
message regarding invalid certificates) but http:// will not respond (presumably
causing the unknown protocol msg below)
Here's the ssl.log
[05/Nov/1998:18:02:11 -0500] Cipher: EXP-RC4-MD5
SSLeay: error:140760F8:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
SSLeay: error:140760F8:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
[05/Nov/1998:18:02:38 -0500] Cipher: EXP-RC4-MD5
SSLeay: error:0906D06C:PEM routines:PEM_read_bio:no start line
SSLeay: error:0906D06C:PEM routines:PEM_read_bio:no start line
[05/Nov/1998:20:38:45 -0500] Cipher: EXP-RC4-MD5
Here's ssl_error.log
[Thu Nov 5 18:36:30 1998] [crit] (2)No such file or directory: mod_ssl: Failed to
read private key file /usr/local/apache/conf/ssl.crt/server.crt
[Thu Nov 5 18:36:30 1998] [error] SSLeay: error:0906D06C:PEM routines:PEM_read_bio:no
start line
[Thu Nov 5 18:36:45 1998] [crit] (2)No such file or directory: mod_ssl: Failed to
read private key file /usr/local/apache/conf/ssl.crt/server.crt
[Thu Nov 5 18:36:45 1998] [error] SSLeay: error:0906D06C:PEM routines:PEM_read_bio:no
start line
[Thu Nov 5 20:29:56 1998] [error] (2)No such file or directory: mod_ssl: Can't open
SSL server certificate file /usr/local/apache/conf/ssl.crt/server.csr, nor
/usr/local/ssl/certs//usr/local/apache/conf/ssl.crt/server.csr
Here's the relevant bits from httpd.conf
# bjc: see
http://www.engelschall.com/sw/mod_ssl/docs/apachecon/mod_ssl.slides/slide-09.html
<IfDefine SSL>
SSLDisable
Listen 129.174.23.43:443
<VirtualHost _default_:443>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /usr/local/htdocs
ServerName www.virtualschool.edu
ErrorLog /usr/local/apache/var/log/ssl_error_log
TransferLog /usr/local/apache/var/log/ssl_access_log
SSLCacheServerPort /usr/local/apache/var/run/ssl_gcache_port
SSLCacheServerPath /usr/local/apache/sbin/ssl_gcache
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SSLLogFile /usr/local/apache/var/log/ssl.log
SSLRequireSSL
SSLSessionCacheTimeout 15
SSLVerifyDepth 10
SSLEnable
# SLVerifyClient none
# SSLMutex file:/usr/local/apache/var/run/ssl.mutex
# SSLSessionCache /usr/local/apache/var/run/ssl.scache
# SSLEngine on
</VirtualHost>
</IfDefine>
The commented-out lines were mentioned in Rolf's slides but aren't accepted by the
software (but I have the latest version, right?)
Here are the files in /usr/local/apache/conf (presummably ssl.* is created by make
certificates? It is quite difficult to know for sure; there is very similar stuff in
../etc, ../../ssl, and so forth. God only knows how many different certificates exist
by now in various obscure directories). The dox have been of very help.
vs2:/usr/local/apache/conf$ ls -Rl .
total 121
-rw-r--r-- 1 bcox daemon 3298 Nov 5 08:51 access.conf
-rw-r--r-- 1 bcox daemon 2797 Oct 3 07:05 access.conf-dist
-rw-r--r-- 1 bcox daemon 3083 Sep 3 14:04 access.conf-dist-win
-rw-r--r-- 1 bcox daemon 1608 Oct 3 07:05 highperformance.conf-dist
-rw-r--r-- 1 bcox daemon 14781 Nov 5 20:48 httpd.conf
-rw-r--r-- 1 bcox daemon 14237 Oct 23 22:23 httpd.conf-dist
-rw-r--r-- 1 bcox daemon 8640 Sep 12 16:16 httpd.conf-dist-win
-rw-r--r-- 1 bcox daemon 10021 Oct 3 07:05 httpd.conf-dist.orig
-rw-r--r-- 1 bcox daemon 12441 Jul 18 07:35 magic
-rw-r--r-- 1 bcox daemon 2952 Sep 30 13:42 mime.types
-rw-r--r-- 1 bcox daemon 18746 Nov 1 18:16 srm.conf
-rw-r--r-- 1 bcox daemon 8440 Oct 5 13:53 srm.conf-dist
-rw-r--r-- 1 bcox daemon 8862 Aug 30 17:47 srm.conf-dist-win
dr-xr-xr-x 2 nobody daemon 1024 Nov 5 13:08 ssl.crt/
dr-xr-xr-x 2 nobody daemon 1024 Nov 4 22:41 ssl.csr/
dr-xr-xr-x 2 nobody daemon 1024 Nov 5 13:08 ssl.key/
ssl.crt:
total 111
lrwxrwxrwx 1 nobody root 6 Nov 5 13:08 024ff96f.0 -> ca.crt
lrwxrwxrwx 1 nobody root 10 Nov 5 13:08 024ff96f.1 -> server.crt
-r--r--r-- 1 nobody daemon 887 Sep 23 04:52 Makefile
-r--r--r-- 1 nobody daemon 1225 Sep 9 04:28 README.CRT
-r--r--r-- 1 nobody daemon 102580 Sep 9 03:41 ca-bundle.crt
-r--r--r-- 1 nobody daemon 1054 Nov 5 13:07 ca.crt
lrwxrwxrwx 1 nobody root 12 Nov 5 13:08 e52d41d0.0 -> snakeoil.crt
-r--r--r-- 1 nobody daemon 1054 Nov 5 13:08 server.crt
-r--r--r-- 1 nobody daemon 1078 Oct 9 04:36 snakeoil.crt
ssl.csr:
total 3
-r--r--r-- 1 nobody daemon 925 Sep 9 04:24 README.CSR
-r--r--r-- 1 nobody daemon 729 Nov 5 13:07 ca.csr
-r--r--r-- 1 nobody daemon 729 Nov 5 13:08 server.csr
ssl.key:
total 4
-r--r--r-- 1 nobody daemon 946 Sep 9 04:28 README.KEY
-r--r--r-- 1 nobody daemon 951 Nov 5 13:08 ca.key
-r--r--r-- 1 nobody daemon 963 Nov 5 13:08 server.key
-r--r--r-- 1 nobody daemon 887 Oct 9 04:36 snakeoil.key
------------------------------------------------
Brad Cox; George Mason University; 703 361 4751; [EMAIL PROTECTED]
http://www.virtualschool.edu/mon A Project with Paradoxical Goals
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
