Re: Apache with mod_ssl

Thu, 21 Jun 2007 11:08:46 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Even more revealing was the passphrase prompt, not required for plain httpd... 


Thanks,

Ron DuFresne


On Tue, 19 Jun 2007, Omar W. Hannet wrote:


Are you quite certain that the LoadModule for mod_ssl has been
commented out?  The reason I ask: the output from 'apachectl start'
which you provided below shows 'mod_ssl/2.2.4'.

In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
'Apache/2.2.4' and 'configured -- resuming normal operations', do
you see 'mod_ssl/2.2.4'?  If so, it is still being loaded from somewhere
in your configuration.

Saikat Saha wrote:

Sorry for late response on this one. This is what we have in httpd.conf
which is generated at compile time. This problem does not go away even
if I comment out last four lines and restart apache. Could you please
advise what else could be leading apache to think it is https rather
than http?



# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>


With above commented out, when I try to start apache, I get following
passphrase prompt and apache does not start even after saying passphrase
successful, no logs in logs directory although log level is "debug"

]# ./apachectl start
httpd: Could not reliably determine the server's fully qualified domain
name, using 10.3.110.109 for ServerName
Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server 10.3.110.109:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[EMAIL PROTECTED] bin]#

Thanks you very much for your help.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Omar W. Hannet
Sent: Monday, June 18, 2007 8:34 AM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl

Do you have <IfModule ssl_module> tags surrounding all
SSL directives in your configuration file?  For example:

<IfModule ssl_module>
SSLPassPhraseDialog  builtin
# etc.
</IfModule>

Saikat Saha wrote:_module>

Apache was compiled as below

./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
disk_cache" --prefix=/opt/apache-2.2.4

Httpd -l gives below
[EMAIL PROTECTED] bin]# httpd -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c

How do I compile so that it does not load mod_ssl automatically and
loads only if httpd.conf is configured.

Surprisingly there are no error logs even at debug level.

Thank you so very much for the kind help.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Omar W. Hannet
Sent: Friday, June 15, 2007 4:13 PM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl

Saikat Saha wrote:
We have apache 2.2.4 compiled with all modules but commented out all load modules. Do not have anything in httpd.conf file to state that
this 
is https. But when I start apache, it tries to goto https and prompts



for pass phrase. How does apache determine that this is https whereas



this is actually a http server.

Perhaps mod_ssl is a compiled-in module.  Run 'httpd -l' to check

this.
After I enter a passphrase, it shows successful but the server never starts up. Can someone please help? 
The reason probably can be found in Apache's error_log file.


Also can apache support both http and https at different ports at the



same time?

Yes.  The defaults are port 80 for http and port 443 for https.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGer+zst+vzJSwZikRAlhnAJ4rLby4nNIlTNYwr0Vq2bQdI1TGmwCgwn1e
itrUfe7Vl+cuoIdY3KOVw8M=
=LeZD
-----END PGP SIGNATURE-----
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to