Ohhhh...okay. I see it now. One of those 'duh, it's right in front of me'
things.
Ok, so now I've changed the DocumentRoot, but the only <Directory... > line I
could find already had the correct path in it. There was one other
<Directory... > type line:
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
But it didn't have any effect when I changed it so I changed it back.
On Friday 14 March 2003 13:45, Ron Gedye wrote:
> <VirtualHost _default_:443>
>
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin [EMAIL PROTECTED]
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
>
> Is DocumentRoot above the actual content of your site? (betting not) Maybe
> compare this setting to what is set for port 80 (http)
> Other than that I had no problems with getting to your site via https.
>
> #
> # DocumentRoot: The directory out of which you will serve your
> # documents. By default, all requests are taken from this directory, but
> # symbolic links and aliases may be used to point to other locations.
> #
> DocumentRoot "/home/httpd/html"
>
> There is usually a related setting (maybe not in virtual hosts, little
> rusty - brainfog)
> #
> # This should be changed to whatever you set DocumentRoot to.
> #
> <Directory "/home/httpd/html">
>
> ----- Original Message -----
> From: "A. Putnam" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, March 15, 2003 4:02 PM
> Subject: Re: private key not found
>
>
> Changed the SeverName - thanks, I was wondering about that.
>
> How do I check my Docroot? "& add <Directory ...> ?" What does that mean?
>
> On Friday 14 March 2003 12:53, Ron Gedye wrote:
> > Quick check...
> > Check your Docroot (& add <Directory ...> ?). Just looked at your site &
>
> I
>
> > get http fine (with content) but https shows SuSE test page.
> >
> > FYI - to remove this error:
> > [15/Mar/2003 14:30:20 11314] [warn] Init: (matrix.pelathe.org:443) RSA
> > server
> > certificate CommonName (CN) `www.pelathe.org' does NOT match se
> > rver name!?
> >
> > change this line...
> > ServerName matrix.pelathe.org
> > (no big deal...)
> >
> > ----- Original Message -----
> > From: "A. Putnam" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Saturday, March 15, 2003 3:07 PM
> > Subject: Re: private key not found
> >
> >
> > I found the SSLLogLevel, thanks. Here is the engine log from today. I'm
>
> not
>
> > really sure what to make of it...
> >
> > [15/Mar/2003 14:30:18 11313] [info] Server: Apache/1.3.26, Interface:
> > mod_ssl/2.8.10, Library: OpenSSL/0.9.6g
> > [15/Mar/2003 14:30:18 11313] [info] Init: 1st startup round (still not
> > detached)
> > [15/Mar/2003 14:30:18 11313] [info] Init: Initializing OpenSSL library
> > [15/Mar/2003 14:30:18 11313] [info] Init: Loading certificate & private
> > key of SSL-aware server matrix.pelathe.org:443
> > [15/Mar/2003 14:30:18 11313] [info] Init: Seeding PRNG with 136 bytes of
> > entropy
> > [15/Mar/2003 14:30:18 11313] [info] Init: Generating temporary RSA
>
> private
>
> > keys (512/1024 bits)
> > [15/Mar/2003 14:30:18 11313] [info] Init: Configuring temporary DH
> > parameters
> > (512/1024 bits)
> > [15/Mar/2003 14:30:20 11314] [info] Init: 2nd startup round (already
> > detached)
> > [15/Mar/2003 14:30:20 11314] [info] Init: Reinitializing OpenSSL library
> > [15/Mar/2003 14:30:20 11314] [info] Init: Seeding PRNG with 136 bytes of
> > entropy
> > [15/Mar/2003 14:30:20 11314] [info] Init: Configuring temporary RSA
> > private keys (512/1024 bits)
> > [15/Mar/2003 14:30:20 11314] [info] Init: Configuring temporary DH
> > parameters
> > (512/1024 bits)
> > [15/Mar/2003 14:30:20 11314] [info] Init: Initializing (virtual) servers
> > for
> > SSL
> > [15/Mar/2003 14:30:20 11314] [info] Init: Configuring server
> > matrix.pelathe.org:443 for SSL protocol
> > [15/Mar/2003 14:30:20 11314] [info] Init: (matrix.pelathe.org:443) RSA
> > server
> > certificate enables Server Gated Cryptography (SGC)
> > [15/Mar/2003 14:30:20 11314] [warn] Init: (matrix.pelathe.org:443) RSA
> > server
> > certificate CommonName (CN) `www.pelathe.org' does NOT match se
> > rver name!?
> > [15/Mar/2003 14:34:52 11671] [info] Connection to child 2 established
> > (server
> > matrix.pelathe.org:443, client 24.124.34.100)
> > [15/Mar/2003 14:34:52 11671] [info] Seeding PRNG with 1160 bytes of
> > entropy [15/Mar/2003 14:37:04 11671] [info] Connection: Client IP:
> > 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> > [15/Mar/2003 14:37:04 11671] [info] Initial (No.1) HTTPS request
> > received for
> > child 2 (server matrix.pelathe.org:443)
> > [15/Mar/2003 14:37:16 11671] [info] Subsequent (No.2) HTTPS request
> > received
> > for child 2 (server matrix.pelathe.org:443)
> > [15/Mar/2003 14:37:33 11671] [info] Connection to child 2 closed with
> > standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> > [15/Mar/2003 14:52:36 11499] [info] Connection to child 1 established
> > (server
> > matrix.pelathe.org:443, client 24.124.34.100)
> > [15/Mar/2003 14:52:36 11499] [info] Seeding PRNG with 1160 bytes of
> > entropy [15/Mar/2003 14:52:36 11499] [info] Connection: Client IP:
> > 24.124.34.100, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
> > [15/Mar/2003 14:52:36 11499] [info] Initial (No.1) HTTPS request
> > received for
> > child 1 (server matrix.pelathe.org:443)
> > [15/Mar/2003 14:52:52 11499] [info] Connection to child 1 closed with
> > standard shutdown (server matrix.pelathe.org:443, client 24.124.34.100)
> > ssl_engine_log lines 394-440/440 (END)
> >
> > I'll go ahead and post the mod_ssl section of my httpd.conf as well, sans
> > the
> > descriptive text:
> >
> > <IfModule mod_ssl.c>
> >
> > SSLPassPhraseDialog builtin
> >
> > #SSLSessionCache none
> > #SSLSessionCache shmht:/var/run/ssl_scache(512000)
> > #SSLSessionCache shmcb:/var/run/ssl_scache(512000)
> > SSLSessionCache dbm:/var/run/ssl_scache
> > SSLSessionCacheTimeout 300
> >
> > SSLMutex file:/var/run/ssl_mutex
> >
> > SSLRandomSeed startup builtin
> > SSLRandomSeed connect builtin
> > #SSLRandomSeed startup file:/dev/random 512
> > #SSLRandomSeed startup file:/dev/urandom 512
> > #SSLRandomSeed connect file:/dev/random 512
> > #SSLRandomSeed connect file:/dev/urandom 512
> >
> > SSLLog /var/log/httpd/ssl_engine_log
> > SSLLogLevel trace
> >
> > </IfModule>
> >
> > <IfDefine SSL>
> >
> > ##
> > ## SSL Virtual Host Context
> > ##
> >
> > <VirtualHost _default_:443>
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin [EMAIL PROTECTED]
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/www.pelathe.org.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/www.pelathe.org.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> >
> > SSLVerifyClient none
> > SSLVerifyDepth 10
> >
> > #<Location />
> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > #</Location>
> >
> > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> > SSLOptions +StdEnvVars
> > </Files>
> > <Directory "/srv/www/cgi-bin">
> > SSLOptions +StdEnvVars
> > </Directory>
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> > </VirtualHost>
> >
> > I hope this helps. I'm really becoming baffled by this.
> >
> > On Thursday 13 March 2003 13:36, you wrote:
> > > A. Putnam said:
> > > > Right then. I moved my certificates into their respective directories
> > > > and re-reeditted my httpd.conf file to reflect those changes and set
> > > > the SSLVerifyClient to 'none'. I was not sure where to go to change
> > > > the logging to 'trace' though. But, I can get into the secure server
> > > > now so it technically works. (thank you again Camun, and DuFresne
> > > > and Stromas too)
> > >
> > > SSLLogLevel trace
> > >
> > > > However, I am finding that all of the pages I've visited while in
>
> https
>
> > > > are pulling up 404 errors. The same pages pull up fine in http. Do I
> > > > need to have a mirrored web directory just for https to get the
> > > > files to show up or something? This is the only real conclusion I
> > > > can think of.
> > >
> > > What does the access log say?
> > >
> > > If you still can't figure it out looking at logs you should post your
> > > httpd.conf>
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
