Quick check...
Check your Docroot (& add <Directory ...> ?). Just looked at your site & I
get http fine (with content) but https shows SuSE test page.
FYI - to remove this error:
[15/Mar/2003 14:30:20 11314] [warn] Init: (matrix.pelathe.org:443) RSA
server
certificate CommonName (CN) `www.pelathe.org' does NOT match se
rver name!?
change this line...
ServerName matrix.pelathe.org
(no big deal...)
----- Original Message -----
From: "A. Putnam" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 15, 2003 3:07 PM
Subject: Re: private key not found
I found the SSLLogLevel, thanks. Here is the engine log from today. I'm not
really sure what to make of it...
[15/Mar/2003 14:30:18 11313] [info] Server: Apache/1.3.26, Interface:
mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
[15/Mar/2003 14:30:18 11313] [info] Init: 1st startup round (still not
detached)
[15/Mar/2003 14:30:18 11313] [info] Init: Initializing OpenSSL library
[15/Mar/2003 14:30:18 11313] [info] Init: Loading certificate & private key
of SSL-aware server matrix.pelathe.org:443
[15/Mar/2003 14:30:18 11313] [info] Init: Seeding PRNG with 136 bytes of
entropy
[15/Mar/2003 14:30:18 11313] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[15/Mar/2003 14:30:18 11313] [info] Init: Configuring temporary DH
parameters
(512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info] Init: 2nd startup round (already
detached)
[15/Mar/2003 14:30:20 11314] [info] Init: Reinitializing OpenSSL library
[15/Mar/2003 14:30:20 11314] [info] Init: Seeding PRNG with 136 bytes of
entropy
[15/Mar/2003 14:30:20 11314] [info] Init: Configuring temporary RSA private
keys (512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info] Init: Configuring temporary DH
parameters
(512/1024 bits)
[15/Mar/2003 14:30:20 11314] [info] Init: Initializing (virtual) servers
for
SSL
[15/Mar/2003 14:30:20 11314] [info] Init: Configuring server
matrix.pelathe.org:443 for SSL protocol
[15/Mar/2003 14:30:20 11314] [info] Init: (matrix.pelathe.org:443) RSA
server
certificate enables Server Gated Cryptography (SGC)
[15/Mar/2003 14:30:20 11314] [warn] Init: (matrix.pelathe.org:443) RSA
server
certificate CommonName (CN) `www.pelathe.org' does NOT match se
rver name!?
[15/Mar/2003 14:34:52 11671] [info] Connection to child 2 established
(server
matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:34:52 11671] [info] Seeding PRNG with 1160 bytes of entropy
[15/Mar/2003 14:37:04 11671] [info] Connection: Client IP: 24.124.34.100,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[15/Mar/2003 14:37:04 11671] [info] Initial (No.1) HTTPS request received
for
child 2 (server matrix.pelathe.org:443)
[15/Mar/2003 14:37:16 11671] [info] Subsequent (No.2) HTTPS request
received
for child 2 (server matrix.pelathe.org:443)
[15/Mar/2003 14:37:33 11671] [info] Connection to child 2 closed with
standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:52:36 11499] [info] Connection to child 1 established
(server
matrix.pelathe.org:443, client 24.124.34.100)
[15/Mar/2003 14:52:36 11499] [info] Seeding PRNG with 1160 bytes of entropy
[15/Mar/2003 14:52:36 11499] [info] Connection: Client IP: 24.124.34.100,
Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[15/Mar/2003 14:52:36 11499] [info] Initial (No.1) HTTPS request received
for
child 1 (server matrix.pelathe.org:443)
[15/Mar/2003 14:52:52 11499] [info] Connection to child 1 closed with
standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
ssl_engine_log lines 394-440/440 (END)
I'll go ahead and post the mod_ssl section of my httpd.conf as well, sans
the
descriptive text:
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
#SSLSessionCache none
#SSLSessionCache shmht:/var/run/ssl_scache(512000)
#SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel trace
</IfModule>
<IfDefine SSL>
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
DocumentRoot "/srv/www/htdocs"
ServerName matrix.pelathe.org
ServerAdmin [EMAIL PROTECTED]
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key
SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
SSLCARevocationPath /etc/httpd/ssl.crl
SSLVerifyClient none
SSLVerifyDepth 10
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
I hope this helps. I'm really becoming baffled by this.
On Thursday 13 March 2003 13:36, you wrote:
> A. Putnam said:
> > Right then. I moved my certificates into their respective directories
> > and re-reeditted my httpd.conf file to reflect those changes and set
> > the SSLVerifyClient to 'none'. I was not sure where to go to change
> > the logging to 'trace' though. But, I can get into the secure server
> > now so it technically works. (thank you again Camun, and DuFresne and
> > Stromas too)
>
> SSLLogLevel trace
>
> > However, I am finding that all of the pages I've visited while in https
> > are pulling up 404 errors. The same pages pull up fine in http. Do I
> > need to have a mirrored web directory just for https to get the files
> > to show up or something? This is the only real conclusion I can think
> > of.
>
> What does the access log say?
>
> If you still can't figure it out looking at logs you should post your
> httpd.conf>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
