Re: private key not found

Ron Gedye Fri, 14 Mar 2003 11:44:11 -0800

<VirtualHost _default_:443>
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log


Is DocumentRoot above the actual content of your site? (betting not)  Maybe
compare this setting to what is set for port 80 (http)
Other than that I had no problems with getting to your site via https.

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/home/httpd/html"

There is usually a related setting (maybe not in virtual hosts, little
rusty - brainfog)
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/home/httpd/html">

----- Original Message -----
From: "A. Putnam" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 15, 2003 4:02 PM
Subject: Re: private key not found


Changed the SeverName - thanks, I was wondering about that.

How do I check my Docroot? "& add <Directory ...> ?" What does that mean?


On Friday 14 March 2003 12:53, Ron Gedye wrote:
> Quick check...
> Check your Docroot (& add <Directory ...> ?).  Just looked at your site &
I
> get http fine (with content) but https shows SuSE test page.
>
> FYI - to remove this error:
> [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate CommonName (CN) `www.pelathe.org' does NOT match se
> rver name!?
>
> change this line...
> ServerName matrix.pelathe.org
>  (no big deal...)
>
> ----- Original Message -----
> From: "A. Putnam" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, March 15, 2003 3:07 PM
> Subject: Re: private key not found
>
>
> I found the SSLLogLevel, thanks. Here is the engine log from today. I'm
not
> really sure what to make of it...
>
> [15/Mar/2003 14:30:18 11313] [info]  Server: Apache/1.3.26, Interface:
> mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> [15/Mar/2003 14:30:18 11313] [info]  Init: 1st startup round (still not
> detached)
> [15/Mar/2003 14:30:18 11313] [info]  Init: Initializing OpenSSL library
> [15/Mar/2003 14:30:18 11313] [info]  Init: Loading certificate & private
> key of SSL-aware server matrix.pelathe.org:443
> [15/Mar/2003 14:30:18 11313] [info]  Init: Seeding PRNG with 136 bytes of
> entropy
> [15/Mar/2003 14:30:18 11313] [info]  Init: Generating temporary RSA
private
> keys (512/1024 bits)
> [15/Mar/2003 14:30:18 11313] [info]  Init: Configuring temporary DH
> parameters
> (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: 2nd startup round (already
> detached)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Reinitializing OpenSSL library
> [15/Mar/2003 14:30:20 11314] [info]  Init: Seeding PRNG with 136 bytes of
> entropy
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring temporary DH
> parameters
> (512/1024 bits)
> [15/Mar/2003 14:30:20 11314] [info]  Init: Initializing (virtual) servers
> for
> SSL
> [15/Mar/2003 14:30:20 11314] [info]  Init: Configuring server
> matrix.pelathe.org:443 for SSL protocol
> [15/Mar/2003 14:30:20 11314] [info]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate enables Server Gated Cryptography (SGC)
> [15/Mar/2003 14:30:20 11314] [warn]  Init: (matrix.pelathe.org:443) RSA
> server
> certificate CommonName (CN) `www.pelathe.org' does NOT match se
> rver name!?
> [15/Mar/2003 14:34:52 11671] [info]  Connection to child 2 established
> (server
> matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:34:52 11671] [info]  Seeding PRNG with 1160 bytes of
> entropy [15/Mar/2003 14:37:04 11671] [info]  Connection: Client IP:
> 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> [15/Mar/2003 14:37:04 11671] [info]  Initial (No.1) HTTPS request received
> for
> child 2 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:37:16 11671] [info]  Subsequent (No.2) HTTPS request
> received
> for child 2 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:37:33 11671] [info]  Connection to child 2 closed with
> standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:52:36 11499] [info]  Connection to child 1 established
> (server
> matrix.pelathe.org:443, client 24.124.34.100)
> [15/Mar/2003 14:52:36 11499] [info]  Seeding PRNG with 1160 bytes of
> entropy [15/Mar/2003 14:52:36 11499] [info]  Connection: Client IP:
> 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> [15/Mar/2003 14:52:36 11499] [info]  Initial (No.1) HTTPS request received
> for
> child 1 (server matrix.pelathe.org:443)
> [15/Mar/2003 14:52:52 11499] [info]  Connection to child 1 closed with
> standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> ssl_engine_log lines 394-440/440 (END)
>
> I'll go ahead and post the mod_ssl section of my httpd.conf as well, sans
> the
> descriptive text:
>
> <IfModule mod_ssl.c>
>
> SSLPassPhraseDialog  builtin
>
> #SSLSessionCache        none
> #SSLSessionCache        shmht:/var/run/ssl_scache(512000)
> #SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
> SSLSessionCache         dbm:/var/run/ssl_scache
> SSLSessionCacheTimeout  300
>
> SSLMutex  file:/var/run/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> #SSLRandomSeed startup file:/dev/random  512
> #SSLRandomSeed startup file:/dev/urandom 512
> #SSLRandomSeed connect file:/dev/random  512
> #SSLRandomSeed connect file:/dev/urandom 512
>
> SSLLog      /var/log/httpd/ssl_engine_log
> SSLLogLevel trace
>
> </IfModule>
>
> <IfDefine SSL>
>
> ##
> ## SSL Virtual Host Context
> ##
>
> <VirtualHost _default_:443>
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
>
> SSLVerifyClient none
> SSLVerifyDepth  10
>
> #<Location />
> #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
> #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #</Location>
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>     SSLOptions +StdEnvVars
> </Files>
> <Directory "/srv/www/cgi-bin">
>     SSLOptions +StdEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
> I hope this helps. I'm really becoming baffled by this.
>
> On Thursday 13 March 2003 13:36, you wrote:
> > A. Putnam said:
> > > Right then. I moved my certificates into their respective directories
> > > and  re-reeditted my httpd.conf file to reflect those changes and set
> > > the  SSLVerifyClient to 'none'. I was not sure where to go to change
> > > the logging  to 'trace' though. But, I can get into the secure server
> > > now so it  technically works. (thank you again Camun, and DuFresne and
> > > Stromas too)
> >
> > SSLLogLevel trace
> >
> > > However, I am finding that all of the pages I've visited while in
https
> > > are  pulling up 404 errors. The same pages pull up fine in http. Do I
> > > need to have  a mirrored web directory just for https to get the files
> > > to show up or  something? This is the only real conclusion I can think
> > > of.
> >
> > What does the access log say?
> >
> > If you still can't figure it out looking at logs you should post your
> > httpd.conf>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Re: private key not found

Reply via email to