Hi friends, Both Owen and Dwayne nailed it. I did not have a LISTEN statement for the 443 port.
I am up and running, less the warning saying: "Loaded DSO libexec/mod_jserv.so uses plain Apache .....recompile using -DEAPI". I know I have seen this in the Mail archives.....so I will go check. But quickly, is this referring to the ./compile that I do in the mod_ssl directory, when making an SSL-enabled Apache? I used an --add-module<path to>/mod_so.c so I can load my jserv module for Tomcat (I use a LoadModule jserv_module in my httpd.conf). But I guess that doesn't jive with mod_ssl? Am I to work the -DEAPI into the ./compile somehow? Thanks to all for helping. And, thanks to the mod_ssl Gods (if you're listening) for creating it. Rob Mazur ----- Original Message ----- From: "P. Dwayne Miller" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 03, 2001 8:02 AM Subject: Re: ServerName Problem (I think) > do you have a > > listen 63.229.30.179:443 > > statement in you conf file? > > Robert Mazur wrote: > > >----- Original Message ----- > >From: "Eric Paynter" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Sent: Tuesday, October 02, 2001 8:58 PM > >Subject: Re: ServerName Problem (I think) > > > > > >>On October 2, 2001 08:32 pm, Robert Mazur wrote: > >> > >>>I might have confused the issue. My goal is to have one ip address > >>>listening for two http: sites and one https: site. I think I read that > >>> > >you > > > >>>can host multiple sites using VH, but only one can be https: Did I > >>>possibly misunderstand that? > >>> > >>You did not misunderstand. > >> > >> > >>>Basically....I have always hosted 3 sites with one ip address using VH. > >>>Now one of them needs SSL for credit cards. I am pretty sure I can > >>> > >change > > > >>>one to use SSL, and still have all three on the same ip address, no? It > >>> > >is > > > >>>likely I have misled myself....please let me know if so! > >>> > >>Yes, this will work because SSL listens on a different port. You can have > >> > >as > > > >>many virtual hosts as you want with your server listening on port 80 and > >> > >only > > > >>hostname listening on 443. > >> > >> > >>>>>(servername.somedomain.com:443) RSA server certificate CommonName > >>>>> > >(CN) > > > >>>>>`www.mydomain.com' does NOT match server name!? > >>>>>This is true, but the server name does not have to be the domain > >>>>> > >name > > > >>>>>of the site, does it? > >>>>> > >>The CN must match the URL that the person types into the web browser. e.g. > >>for my site, https://www.arcticbears.com/manage.cgi, the part > >>"www.arcticbears.com" must exactly match the CN. > >> > >> > >> > >>>>>DETAIL: > >>>>>After a LONG battle getting "apachectl startssl" to launch > >>>>> > >(including > > > >>>>>it asking me for the password) without errors, > >>>>> > >>There is info in the mod_ssl docs for how to automate this so that the pw > >> > >is > > > >>automatically entered. > >> > >> > >>>>>I can not get a secured page to come up. Instead I get a Page Not > >>>>>Found, and "DNS server not found" error > >>>>>in the browser. No errors on the server. > >>>>> > >>Are you using IE? This sounds like a typical M$ style un-informative > >> > >error. > > > >>Is your server listening on port 443? Can you port-scan it? Or give us the > >>public IP so we can try? > >> > >> > >>>>>To make my httpd.conf, I took the resulting "httpd.conf.original" > >>>>> > >and > > > >>>>>modified it for my virtual hosting and such. Bascially, I copied the > >>>>> > >>Do you have a conf/vhosts/Vhosts.conf file? Or a > >>conf/ssl/ssl.default-vhost.conf file? That's what we use... btw, what is > >> > >your > > > >>version of apache and mod_ssl? > >> > >> > >>>>>p.s. I should be able to just call a secured page like this, right?: > >>>>>https://www.mydomain.com/welcome.html > >>>>> > >>Yes, that should work. > >> > >>-Eric > >> > >____________________ > >Wow, first off, thanks for everyone's response. Your help for this "rookie" > >is well appreciated! > > > >OK, I think I almost have it. I am going to lay to gory details on the > >table here..... > > > >Server: Apache 1.3.12 on a RH6.2 box (the box does it's own dns for the > >hosted domains too). > >mod_ssl version: 2.6.6-1.3.12 > >openssl version: 0.9.6b > >ip address of server: 63.229.30.179 > >CN in my certificate is: www.cascadewreaths.com > > > >I am hosting essentially three domains (one SSL, and the other 2 straight > >port 80) > >www.cascadewreaths.com (needs SSL) > >www.sherwoodforestfarms.com (just http: stuff) > >www.greenmountainwreaths (just http: stuff) > > > >My ServerName in the httpd.conf...like way towards the top of the file (not > >the VH section) is 63.229.30.179 > > > >My NameVirtualHost section (not for the SSL stuff) is as such (works with > >http:): > > > >NameVirtualHost 63.229.30.179 > > <VirtualHost 63.229.30.179> > > ServerName 63.229.30.179 > > ServerAlias www.sherwoodforestfarms.com > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/sff" > > DirectoryIndex welcome.html > ></VirtualHost> > > > ><VirtualHost 63.229.30.179> > > ServerName 63.229.30.179 > > ServerAlias www.cascadewreaths.com > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > > DirectoryIndex welcome.html > ></VirtualHost> > >...and the other http: domain..... > >----------------------------------------------------- > > > >And my SSL VH section starts like: > > > ><VirtualHost 63.229.30.179:443> > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > > ServerName www.cascadewreaths.com > > ServerAdmin [EMAIL PROTECTED] > > ErrorLog /usr/local/apache_1.3.12/logs/error_log > > TransferLog /usr/local/apache_1.3.12/logs/access_log > > > >#And I have: > >SSLCertificateFile /usr/<path_to_file>/www.cascadewreaths.com.crt > >SSLCertificateKeyFile /usr/<path_to_file>/www.cascadewreaths.com.key > >--------------------------------------------- > > > >So, when I start apache with "apachectl startssl", my ssl_engine_log looks > >good, saying: > >#other good lines, then.... > >Initializing (virtual) servers for SSL > >Configuring server www.cascadewreaths.com:443 for SSL protocol > > > >I can see all my hosted sites with http:. But when I try > >https://www.cascadewreaths.com, I get in > >IE "Cannot find server or DNS error", and in Netscape I get "Netscape's > >network conneciton was refused by server www.cascadewreaths.com". > > > >So, I think I have all three important things lined up (the CN in my key, > >the ServerName in the SSL VH section and the URL a user types are all > >www.cascadewreaths.com). One thing that comes to mind is that I have > >www.cascadewreaths.com in both the http: VH section, as well as the > >https:443 VH section. But I think this is proper, as not the whole domain > >requires SSL. Isn't this ok? > > > >I know you gurus see something glaringly wrong! :-) I would be immensely > >indebted to anyone offering help. Who knows, the good karma could get you a > >xmas wreath (we sell wreaths). :-p > > > >Thanks, > >Rob Mazur > > > >p.s. I am clearing the browsers cache and restarting between server > >restarts > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager [EMAIL PROTECTED] > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
