Hi Rob- wrt the -DEAPI, you might want to have a look on the apache/tomcat site-- there's an in-depth discussion on mod_jserv, mod_jk (jserv replacement) and the -DEAPI option, how it's made, etc.
glen On Wed, Oct 03, 2001 at 09:13:36AM -0700, Robert Mazur wrote: > Hi friends, > > Both Owen and Dwayne nailed it. I did not have a LISTEN statement for the > 443 port. > > I am up and running, less the warning saying: > "Loaded DSO libexec/mod_jserv.so uses plain Apache .....recompile > using -DEAPI". > > I know I have seen this in the Mail archives.....so I will go check. But > quickly, is this referring to the ./compile that I do in the mod_ssl > directory, when making an SSL-enabled Apache? I used an --add-module<path > to>/mod_so.c so I can load my jserv module for Tomcat (I use a LoadModule > jserv_module in my httpd.conf). But I guess that doesn't jive with mod_ssl? > Am I to work the -DEAPI into the ./compile somehow? > > Thanks to all for helping. And, thanks to the mod_ssl Gods (if you're > listening) for creating it. > Rob Mazur > > > ----- Original Message ----- > From: "P. Dwayne Miller" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, October 03, 2001 8:02 AM > Subject: Re: ServerName Problem (I think) > > > > do you have a > > > > listen 63.229.30.179:443 > > > > statement in you conf file? > > > > Robert Mazur wrote: > > > > >----- Original Message ----- > > >From: "Eric Paynter" <[EMAIL PROTECTED]> > > >To: <[EMAIL PROTECTED]> > > >Sent: Tuesday, October 02, 2001 8:58 PM > > >Subject: Re: ServerName Problem (I think) > > > > > > > > >>On October 2, 2001 08:32 pm, Robert Mazur wrote: > > >> > > >>>I might have confused the issue. My goal is to have one ip address > > >>>listening for two http: sites and one https: site. I think I read that > > >>> > > >you > > > > > >>>can host multiple sites using VH, but only one can be https: Did I > > >>>possibly misunderstand that? > > >>> > > >>You did not misunderstand. > > >> > > >> > > >>>Basically....I have always hosted 3 sites with one ip address using VH. > > >>>Now one of them needs SSL for credit cards. I am pretty sure I can > > >>> > > >change > > > > > >>>one to use SSL, and still have all three on the same ip address, no? > It > > >>> > > >is > > > > > >>>likely I have misled myself....please let me know if so! > > >>> > > >>Yes, this will work because SSL listens on a different port. You can > have > > >> > > >as > > > > > >>many virtual hosts as you want with your server listening on port 80 and > > >> > > >only > > > > > >>hostname listening on 443. > > >> > > >> > > >>>>>(servername.somedomain.com:443) RSA server certificate CommonName > > >>>>> > > >(CN) > > > > > >>>>>`www.mydomain.com' does NOT match server name!? > > >>>>>This is true, but the server name does not have to be the domain > > >>>>> > > >name > > > > > >>>>>of the site, does it? > > >>>>> > > >>The CN must match the URL that the person types into the web browser. > e.g. > > >>for my site, https://www.arcticbears.com/manage.cgi, the part > > >>"www.arcticbears.com" must exactly match the CN. > > >> > > >> > > >> > > >>>>>DETAIL: > > >>>>>After a LONG battle getting "apachectl startssl" to launch > > >>>>> > > >(including > > > > > >>>>>it asking me for the password) without errors, > > >>>>> > > >>There is info in the mod_ssl docs for how to automate this so that the > pw > > >> > > >is > > > > > >>automatically entered. > > >> > > >> > > >>>>>I can not get a secured page to come up. Instead I get a Page Not > > >>>>>Found, and "DNS server not found" error > > >>>>>in the browser. No errors on the server. > > >>>>> > > >>Are you using IE? This sounds like a typical M$ style un-informative > > >> > > >error. > > > > > >>Is your server listening on port 443? Can you port-scan it? Or give us > the > > >>public IP so we can try? > > >> > > >> > > >>>>>To make my httpd.conf, I took the resulting "httpd.conf.original" > > >>>>> > > >and > > > > > >>>>>modified it for my virtual hosting and such. Bascially, I copied the > > >>>>> > > >>Do you have a conf/vhosts/Vhosts.conf file? Or a > > >>conf/ssl/ssl.default-vhost.conf file? That's what we use... btw, what is > > >> > > >your > > > > > >>version of apache and mod_ssl? > > >> > > >> > > >>>>>p.s. I should be able to just call a secured page like this, right?: > > >>>>>https://www.mydomain.com/welcome.html > > >>>>> > > >>Yes, that should work. > > >> > > >>-Eric > > >> > > >____________________ > > >Wow, first off, thanks for everyone's response. Your help for this > "rookie" > > >is well appreciated! > > > > > >OK, I think I almost have it. I am going to lay to gory details on the > > >table here..... > > > > > >Server: Apache 1.3.12 on a RH6.2 box (the box does it's own dns for the > > >hosted domains too). > > >mod_ssl version: 2.6.6-1.3.12 > > >openssl version: 0.9.6b > > >ip address of server: 63.229.30.179 > > >CN in my certificate is: www.cascadewreaths.com > > > > > >I am hosting essentially three domains (one SSL, and the other 2 straight > > >port 80) > > >www.cascadewreaths.com (needs SSL) > > >www.sherwoodforestfarms.com (just http: stuff) > > >www.greenmountainwreaths (just http: stuff) > > > > > >My ServerName in the httpd.conf...like way towards the top of the file > (not > > >the VH section) is 63.229.30.179 > > > > > >My NameVirtualHost section (not for the SSL stuff) is as such (works with > > >http:): > > > > > >NameVirtualHost 63.229.30.179 > > > <VirtualHost 63.229.30.179> > > > ServerName 63.229.30.179 > > > ServerAlias www.sherwoodforestfarms.com > > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/sff" > > > DirectoryIndex welcome.html > > ></VirtualHost> > > > > > ><VirtualHost 63.229.30.179> > > > ServerName 63.229.30.179 > > > ServerAlias www.cascadewreaths.com > > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > > > DirectoryIndex welcome.html > > ></VirtualHost> > > >...and the other http: domain..... > > >----------------------------------------------------- > > > > > >And my SSL VH section starts like: > > > > > ><VirtualHost 63.229.30.179:443> > > > DocumentRoot "/usr/local/apache_1.3.12/rob_htdocs/che" > > > ServerName www.cascadewreaths.com > > > ServerAdmin [EMAIL PROTECTED] > > > ErrorLog /usr/local/apache_1.3.12/logs/error_log > > > TransferLog /usr/local/apache_1.3.12/logs/access_log > > > > > >#And I have: > > >SSLCertificateFile /usr/<path_to_file>/www.cascadewreaths.com.crt > > >SSLCertificateKeyFile /usr/<path_to_file>/www.cascadewreaths.com.key > > >--------------------------------------------- > > > > > >So, when I start apache with "apachectl startssl", my ssl_engine_log > looks > > >good, saying: > > >#other good lines, then.... > > >Initializing (virtual) servers for SSL > > >Configuring server www.cascadewreaths.com:443 for SSL protocol > > > > > >I can see all my hosted sites with http:. But when I try > > >https://www.cascadewreaths.com, I get in > > >IE "Cannot find server or DNS error", and in Netscape I get "Netscape's > > >network conneciton was refused by server www.cascadewreaths.com". > > > > > >So, I think I have all three important things lined up (the CN in my key, > > >the ServerName in the SSL VH section and the URL a user types are all > > >www.cascadewreaths.com). One thing that comes to mind is that I have > > >www.cascadewreaths.com in both the http: VH section, as well as the > > >https:443 VH section. But I think this is proper, as not the whole > domain > > >requires SSL. Isn't this ok? > > > > > >I know you gurus see something glaringly wrong! :-) I would be > immensely > > >indebted to anyone offering help. Who knows, the good karma could get > you a > > >xmas wreath (we sell wreaths). :-p > > > > > >Thanks, > > >Rob Mazur > > > > > >p.s. I am clearing the browsers cache and restarting between server > > >restarts > > > > > >______________________________________________________________________ > > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > >User Support Mailing List [EMAIL PROTECTED] > > >Automated List Manager [EMAIL PROTECTED] > > > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Glen S Mehn Lead Systems Administrator SquareTrade, Inc [EMAIL PROTECTED] Building Trust in Transactions (sm) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
