Re: Apache and mod_ssl - refusing connections on https?

Wed, 01 Aug 2007 15:03:25 -0700 

I figured it out people, I just needed to start httpd with -DSSL.

SO I was being dumb.

--- Glyn Astill <[EMAIL PROTECTED]> wrote:

> Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file:
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> <IfDefine SSL>
> Listen 443
> Listen my.ip.ad.dr:443
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> 
> SSLPassPhraseDialog  builtin
> 
> SSLSessionCache         dbm:/var/run/ssl_scache
> SSLSessionCacheTimeout  300
> 
> SSLMutex  file:/var/run/ssl_mutex
> 
> <VirtualHost _default_:443>
> 
> DocumentRoot "/usr/pkg/share/httpd/htdocs"
> ServerName www.mydomain.net:443
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
> 
> SSLEngine on
> 
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
> SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem
> 
> <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
>     SSLOptions +StdEnvVars
> </FilesMatch>
> <Directory "/usr/pkg/libexec/cgi-bin">
>     SSLOptions +StdEnvVars
> </Directory>
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> CustomLog /var/log/httpd/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
> </VirtualHost>                                  
> 
> </IfDefine>
> 
> Any ideas?
> 
> --- "Omar W. Hannet" <[EMAIL PROTECTED]> wrote:
> 
> > SSLEngine On?
> > 
> > Glyn Astill wrote:
> > > Hi people,
> > > 
> > > I'm new to this list, so hello.
> > > 
> > > I've been trying to get https working with apache 2.0.59 on
> > NetBSD
> > > 3.99 today, and it's
> > > beginning to make my face ache.
> > > 
> > > Basically when I try to view a page via https I get connection
> > > refused. Apache is compiled with mod_ssl.c, I have openssl
> > installed.
> > > 
> > > This is what I've done so far:
> > > 
> > > 1) Copied the example openssl cfg from examples to
> > > /etc/openssl/openssl.cnf
> > > 
> > > 2)Generated my server key, then pem file then the csr and crt. 
> > > 
> > > 3)Then coppied them all into ssl.key (server.pem, server.key),
> > > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
> > > ssl.conf expects them.
> > > 
> > > 4) Made sure ssl.conf is pointing to these files properly and
> is
> > > listening on port 443 (Listen <ipaddress>:443)
> > > 
> > > 5) Made sure ssl.conf is included in httpd.conf properly
> > > 
> > > 6) check that mod_ssl.c is compiled in with https -l
> > > 
> > > 7) checked my apache access and error logs - nothing !
> > > 
> > > .... And still nothing, it can't be listening on 443.
> > > 
> > > If I do the following:
> > > 
> > > #openssl s_client -connect localhost:443 -state -debug
> > > 
> > > I get:
> > > 
> > > connect: Connection refused
> > > connect:errno=61
> > > I've even tried copying all my virtual hosts and changing :80
> to
> > > :443, still nothing.
> > > 
> > > This is really the first time I've ever touched ssl, so I'm
> > hoping
> > > I'm missing something really dumb. I've basically just got the
> > > standard ssl.conf example modified ever so slightly so that
> > things
> > > point in the right place.
> > > 
> > > ?
> > > 
> > > Any ideas?
> > > 
> > > 
> > > Cheers
> > > Glyn
> > > 
> > > 
> > >      
> ___________________________________________________________
> > 
> > > Yahoo! Mail is the world's favourite email. Don't settle for
> > less, sign up for
> > > your free account today
> >
>
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
> > 
> > >
> >
>
______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)                  
> > www.modssl.org
> > > User Support Mailing List                     
> > modssl-users@modssl.org
> > > Automated List Manager                           
> > [EMAIL PROTECTED]
> > 
> > 
> > -- 
> > Omar W. Hannet
> > http://www.allez-oop.net/
> >
>
______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                  
> > www.modssl.org
> > User Support Mailing List                     
> > modssl-users@modssl.org
> > Automated List Manager                           
> > [EMAIL PROTECTED]
> > 
> 
> 
> 
>       ___________________________________________________________
> Yahoo! Answers - Got a question? Someone out there knows the
> answer. Try it
> now.
> http://uk.answers.yahoo.com/ 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                  
> www.modssl.org
> User Support Mailing List                     
> modssl-users@modssl.org
> Automated List Manager                           
> [EMAIL PROTECTED]
> 



      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today 
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to