> -----Original Message----- > From: Aaron Stromas [mailto:[EMAIL PROTECTED] > Did you add any directories to be served over SSL? e.g. for CGI,
No, it is almost untouched. The only changes are to give it the path to the key file, the cert file, and the Document Root. Was I supposed to do something like that? Thanks Edmund > Mitchell, Edmund said: > > Hello all > > > > I just built from source apache 2 on RedHat 8 with this config: > > $->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin > > --sbindir=/usr/sbin --enable-mods-shared=all --enable-so > > --with-mpm=worker --enable-ssl --with-ssl=/usr/include/openssl > > --libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man > > --sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var > > --disable-imap --disable-dav --disable-dav_fs --disable-speling > > --disable-autoindex > > > > and it went smoothly, as did make and make install. > > > > I tried to startssl, but it complained about the cert and > key file, so > > I > > built those using the makefile that RedHat provides to build dummy > > certs > > and > > keys, and that went smoothly. It then complained about the > > DocumentRoot, > > so > > I fixed that, and now it doesn't complain, but nothing happens. > > > > #->/usr/sbin/apachectl startssl > > #->ps -eaf | grep httpd > > root 19590 19172 0 13:53 pts/1 00:00:00 grep httpd > > > > #->/usr/sbin/httpd -DSSL > > #->ps -eaf | grep httpd > > root 19594 19172 0 13:53 pts/1 00:00:00 grep httpd > > > > I figured it was a weird situation so I tore out everything, and > > rebuilt from > > scratch. Twice, and yes, both times I md5summed the tarball. > > > > However, each time, if I don't start ssl, it works: > > > > #->/usr/sbin/httpd -k start > > #->ps -eaf | grep httpd > > root 19597 1 0 13:56 ? 00:00:00 /usr/sbin/httpd -k > > start nobody 19598 19597 0 13:56 ? 00:00:00 > /usr/sbin/httpd > > -k start nobody 19599 19597 0 13:56 ? 00:00:00 > > /usr/sbin/httpd -k start nobody 19600 19597 1 13:56 ? > > 00:00:00 /usr/sbin/httpd -k start root 19658 19172 0 > 13:56 pts/1 > > 00:00:00 grep httpd > > > > and then, I can connect to localhost, but not to port 443, > even though > > I have > > no firewall at all. > > > > #->/sbin/iptables --list > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > #->/usr/bin/openssl s_client -connect localhost:80 > > CONNECTED(00000003) > > 19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > > protocol:s23_clnt.c:460: > > > > #->/usr/bin/openssl s_client -connect localhost:443 > > connect: Connection refused > > connect:errno=29 > > > > The syntax seems to be OK; I haven't changed anything but what I > > mentioned above - > > > > #->/usr/sbin/httpd -t > > Syntax OK > > #->/usr/sbin/httpd -S > > VirtualHost configuration: > > Syntax OK > > > > I'm (obviously) new to this whole thing, so I'd be grateful > if anyone > > who's been through this before can steer me in the right direction. > > > > Thanks for your time > > > > E > > > > ------------------------------------------------------- > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Aaron Stromas | "Tik-tik-tik!!!... ja, Pantani is weg..." [EMAIL PROTECTED] | BRTN commentator +1 (301) 493 4933 | L'Alpe d'Huez http://www.izoard.com | 1995 Tour de France ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
