>-----Original Message----- >From: Tom Bartling [mailto:[EMAIL PROTECTED] > >Thanks for the help. When I comment out the <IfDefine> >containers, none of >the sites work. If I leave everything the way I have it now >except move the >"Port 443" line outsite the IfDefine containers, http'ing to any of the >sites will display the primary site.
Commenting out the <IfDefine> tags means that the directives that they contain will be acted upon. If that changes things, then they can't have been getting activated before. If activating these directives breaks your VirtualHosting setup, then it must have been in error to begin with and was "working" by accident. If you'd care to post your config or send it directly, I'll have a look and see if there's anything wrong with it. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > >Any ideas? > >Thanks, again. > >Tom > > > >----- Original Message ----- >From: "Boyle Owen" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, May 28, 2003 3:31 AM >Subject: RE: unknown protocol > > >Plain text please... > >It looks like you are not succeeding in starting an SSL VH. > >Looking at your config, there is no obvious error, although I >don't know >why you put the "Listen 80" inside the IfDefine - this would mean that >even plain HTTP wouldn't work unless you started with SSL. > >Just to be clear how it works, "apachectl startssl" causes the apache >control script to execute "httpd -DSSL". This starts apache with the >environment variable SSL defined. So when apache finds an ><IfDefine SSL> >container, it evaluates the condition as "true" and so reads the >directives inside. This is the canonical way of selecting SSL. > >Of course, you don't need to bother with all of this. If you >put the SSL >VH outside the <IfDefine SSL> block (or just remove the <IfDefine SSL> >tags) then the SSL VH and its directives will fire up in a normal >"apachectl start". > >You might try this - just make sure you have a single VH on >port 443 and >a Listen 443 and it should startup. Be careful you don't have a plain >HTTP VH on port 443 - it could supersede the SSL VH. To test, what >happens if you make a plain HTTP request to port 443 (it shouldn't >work!) > >About the PHP warning - when you recompiled apache to include mod_ssl, >it patched the apache API to extend it to allow hooks into the OpenSSL >library (EAPI = Extended API). Since the PHP module was compiled before >this, it is expecting the standard API. Probably it will continue to >work since the EAPI is a superset of the API but you never >know if there >will be a conflict in some call somewhere (you'll get a seg fault if >there is). The safest thing to do is to recompile mod_php against the >new API. > >Rgds, >Owen Boyle >Disclaimer: Any disclaimer attached to this message may be ignored. > > > >-----Original Message----- >From: Tom Bartling [mailto:[EMAIL PROTECTED] >Sent: Mittwoch, 28. Mai 2003 07:51 >To: [EMAIL PROTECTED] >Subject: unknown protocol > > >Hi, > >I am new to the list and relatively new to administering SSL, so please >forgive me if this is not the right place to ask this question. > >I am having trouble getting SSL to work. I'm on FreeBSD 4.5 Stable with >apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2. > >Everything seems to have installed okay and I can run >apachectl startssl >without any problems, but I can't get SSL to actually work. When I try >to go the url via https, it immediately displays the dreaded "this page >cannot be displayed" message. When I run apachectl configtest, it spits >out the following: > >apachectl configtest >[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so >uses plain Apache 1.3 API, this module might crash under EAPI! (please >recompile it with -DEAPI) >Syntax OK > >PHP works without any problems, so I'm not concerned about that at the >moment. The manual says to try: > >openssl s_client -connect localhost:443 -state -debug > >As an alternative, it suggests: > >curl https://localhost/ > >Both display an error message: > >SSL: error:140770FC:SSL >routines:SSL23_GET_SERVER_HELLO:unknown protocol > >So, I'm thinkin' that the problem is in the httpd.conf file. A few >things that are in there of importance (excluding comments and all of >the other stuff) include: > >Port 80 > ><IfDefine SSL> >Listen 80 >Listen 443 ></IfDefine> > ><IfDefine SSL> >#<VirtualHost www.mintecommerce.com:443> >#<VirtualHost secure.mintecommerce.com:443> >#<VirtualHost mintecommerce.com:443> >#<VirtualHost *:443> ><VirtualHost _default_:443> > >DocumentRoot "/usr/local/www/data" >ServerName www.mintecommerce.com >ServerAdmin [EMAIL PROTECTED] >ErrorLog /var/log/httpd-error.log >TransferLog /var/log/httpd-access.log > >SSLEngine on >SSLCipherSuite >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt >SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key >SSLCACertificatePath /usr/local/etc/apache/ssl.crt >SSLCARevocationPath /usr/local/etc/apache/ssl.crl >SSLVerifyClient require ></VirtualHost> ></IfDefine> > >You can see where I tried different versions of the VirtualHost tag (I >did change the ServerName value for each variation). This is a server >that hosts several sites, but they all use the same IP, so all of the >VirtualHost tags are > ><VirtualHost *> >... ></VirtualHost> > >This seems to get the job done for the few sites on this one computer, >but now I need SSL. I'm at a loss and any help would be appreciated. > >TIA, > >Tom >Diese E-mail ist eine private und persönliche Kommunikation. Sie hat >keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss >Exchange. >This e-mail is of a private and personal nature. It is not related to >the exchange or business activities of the SWX Swiss Exchange. Le >présent e-mail est un message privé et personnel, sans rapport avec >l'activité boursière de la SWX Swiss Exchange > >This message is for the named person's use only. It may contain >confidential, proprietary or legally privileged information. No >confidentiality or privilege is waived or lost by any mistransmission. >If you receive this message in error, please notify the sender urgently >and then immediately delete the message and any copies of it from your >system. Please also immediately destroy any hardcopies of the message. >You must not, directly or indirectly, use, disclose, distribute, print, >or copy any part of this message if you are not the intended recipient. >The sender's company reserves the right to monitor all e-mail >communications through their networks. Any views expressed in this >message are those of the individual sender, except where the message >states otherwise and the sender is authorised to state them to be the >views of the sender's company. > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Swiss Exchange. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière de la SWX Swiss Exchange ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
