Hi all, I've been trying to get mod-ssl working with Apache on OS X Server without much success. We're running a Blue and White G3-350 with OS X Server 1.0, patched to 1.02. We've got a number of web sites set up with name-based virtual hosting, and would like to ideally enable SSL selectively for some of the hosts. I tried compiling using the instructions in the INSTALL file that came with the mod_ssl distribution without much success. Using a modfied version of the script detailed here (http://http://marc.theaimsgroup.com/?l=apache-modssl&m=94794968607971&w=2) I was able to compile and install mod_ssl and Apache. I've tried to modify my existing apache.conf file using the demo file, and portions of my file dealing with SSL follow: ------- Begin Snippets ### DSO Support Section <IfDefine SSL> LoadModule ssl_module /System/Library/Apache/Modules/libssl.so </IfDefine> ~~[ other LoadModule/AddModule commands snipped]~ <IfDefine SSL> AddModule mod_ssl.c </IfDefine> ------- ### Server Configuration Port 80 <IfDefine SSL> Listen 80 Listen 443 </IfDefine> ~~[ snipped non-SSL directives]~ <IfDefine SSL> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfDefine> <IfModule mod_ssl.c> SSLPassPhrase builtin SSLSessionCache dbm:/Local/Library/WebServer/Logs/ssl_cache SSLSessionCacheTimeout 300 SSLMutex file:/Local/Library/WebServer/Logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /Local/Library/WebServer/Logs/ssl_log SSLLogLevel info </IfModule> ------- ### Virtual Host Config <VirtualHost xxx.xxx.xxx.xxx> ServerAdmin [EMAIL PROTECTED] DocumentRoot /path/to/html CustomLog /path/to/logs/access ServerName www.somedomain.com <IfDefine SSL> SSLEngine on SSLCertificateFile /Local/Library/WebServer/Configuration/ssl.crt/somecert.crt SSLCertificateKeyFile /Local/Library/WebServer/Configuration/ssl.key/somecert.key </IfDefine> </VirtualHost> ------- End Snippets Whew! I think that's all of them. Once installed, "apachectl startssl" reports that apache is succesfully started, and a "ps aux" confirms that it is started normally, plus it serves out non-secure pages with no problem. Requesting pages via https:// fails, with no response from the server. Running a portscan showed that port 443 wasn't in use, and no log file was created at the location specified by the SSLLog directive, which suggested to me that the module wasn't being loaded and/or apache didn't recognize that SSL had been defined. Next, I tried manually issuing the LoadModule directive by command line to see how apache reacted, and got the following: ]$ apache -C "LoadModule ssl_module /System/Library/Apache/Modules/libssl.so" Syntax error in -C/-c directive: Cannot load /System/Library/Apache/Modules/libssl.so into server: (reason unknown) I've got LogLevel set to "info", but the error_log file doesn't note anything but the stopping and starting of Apache (this makes me wonder if I've done something stupid, since I would have thought that not being able to load a module would be noted . . .): ------- error_log excerpt [Thu Apr 20 20:38:54 2000] [notice] caught SIGTERM, shutting down [Thu Apr 20 20:38:57 2000] [notice] Apache/1.3.9 (Mac OS X Server) configured -- resuming normal operations [Thu Apr 20 20:45:03 2000] [notice] caught SIGTERM, shutting down [Thu Apr 20 20:45:05 2000] [notice] Apache/1.3.9 (Mac OS X Server) configured -- resuming normal operations ------- end excerpt I've rebuilt the whole mess three times just to make sure I did that right, but I'm still not absolutely sure I haven't done something wrong in compiling the software. Alternatively, I can blame my woes on OS X's general weirdness, since I have only compiled a handful of packages on the platform painlessly. I apologize for the lengthy post; I'm just trying to get all the relevant info I can think of in here up front. Anyway, if any of you good folks have any idea [what I've done wrong/why OS X is strange/how to make my zip drive spit out freshly printed twenty dollar bills], I would greatly appreciate the assist, as I only have a small amount of hair left that I can pull out. I'll be happy to provide more info if necessary. Thanks, Jeremy Clifton [[EMAIL PROTECTED]] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
