Plain text please... It looks like you are not succeeding in starting an SSL VH.
Looking at your config, there is no obvious error, although I don't know why you put the "Listen 80" inside the IfDefine - this would mean that even plain HTTP wouldn't work unless you started with SSL. Just to be clear how it works, "apachectl startssl" causes the apache control script to execute "httpd -DSSL". This starts apache with the environment variable SSL defined. So when apache finds an <IfDefine SSL> container, it evaluates the condition as "true" and so reads the directives inside. This is the canonical way of selecting SSL. Of course, you don't need to bother with all of this. If you put the SSL VH outside the <IfDefine SSL> block (or just remove the <IfDefine SSL> tags) then the SSL VH and its directives will fire up in a normal "apachectl start". You might try this - just make sure you have a single VH on port 443 and a Listen 443 and it should startup. Be careful you don't have a plain HTTP VH on port 443 - it could supersede the SSL VH. To test, what happens if you make a plain HTTP request to port 443 (it shouldn't work!) About the PHP warning - when you recompiled apache to include mod_ssl, it patched the apache API to extend it to allow hooks into the OpenSSL library (EAPI = Extended API). Since the PHP module was compiled before this, it is expecting the standard API. Probably it will continue to work since the EAPI is a superset of the API but you never know if there will be a conflict in some call somewhere (you'll get a seg fault if there is). The safest thing to do is to recompile mod_php against the new API. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. -----Original Message----- From: Tom Bartling [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 28. Mai 2003 07:51 To: [EMAIL PROTECTED] Subject: unknown protocol Hi, I am new to the list and relatively new to administering SSL, so please forgive me if this is not the right place to ask this question. I am having trouble getting SSL to work. I'm on FreeBSD 4.5 Stable with apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2. Everything seems to have installed okay and I can run apachectl startssl without any problems, but I can't get SSL to actually work. When I try to go the url via https, it immediately displays the dreaded "this page cannot be displayed" message. When I run apachectl configtest, it spits out the following: apachectl configtest [Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) Syntax OK PHP works without any problems, so I'm not concerned about that at the moment. The manual says to try: openssl s_client -connect localhost:443 -state -debug As an alternative, it suggests: curl https://localhost/ Both display an error message: SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol So, I'm thinkin' that the problem is in the httpd.conf file. A few things that are in there of importance (excluding comments and all of the other stuff) include: Port 80 <IfDefine SSL> Listen 80 Listen 443 </IfDefine> <IfDefine SSL> #<VirtualHost www.mintecommerce.com:443> #<VirtualHost secure.mintecommerce.com:443> #<VirtualHost mintecommerce.com:443> #<VirtualHost *:443> <VirtualHost _default_:443> DocumentRoot "/usr/local/www/data" ServerName www.mintecommerce.com ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd-error.log TransferLog /var/log/httpd-access.log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key SSLCACertificatePath /usr/local/etc/apache/ssl.crt SSLCARevocationPath /usr/local/etc/apache/ssl.crl SSLVerifyClient require </VirtualHost> </IfDefine> You can see where I tried different versions of the VirtualHost tag (I did change the ServerName value for each variation). This is a server that hosts several sites, but they all use the same IP, so all of the VirtualHost tags are <VirtualHost *> ... </VirtualHost> This seems to get the job done for the few sites on this one computer, but now I need SSL. I'm at a loss and any help would be appreciated. TIA, Tom Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Swiss Exchange. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière de la SWX Swiss Exchange This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
