[opensa-users] OpenSA 1.0.0 beta 2 - https connection hangs?

Thu, 02 Nov 2000 08:54:51 -0800 


Hello,

I recently installed the newly released OpenSA Beta 1.0.0b2
so I could do offline PHP development work running localhost.

STEP 1: Installed a Private Key (see below)

STEP 2: Set up httpd.conf (see below)

STEP 3: Start Apache....
        "C:\Program Files\OpenSA\Apache\Apache.exe" -D SSL

        Server localhost:443 (RSA)
        Enter pass phrase: 
        Ok: Pass Phrase Dialog successful.

        This prompt was issued TWICE.... I know you were wondering!

        http://localhost/   Works fine.

        https://localhost/  HANGS, and HANGS and HANGS!!

STEP 4: Shutdown Apache and viewed the engine.log (see below).

I should mention here that the shortcut to Stop Apache:
"C:\Program Files\OpenSA\Apache\Apache.exe" -k shutdown
rarely seems to work when running in SSL, but otherwise works fine.
Same deal with CTRL-C.... no effect?

Anyway, thought the private key/passphrase thing could be an issue,
so I started over and generated an RSA private key (genrsa) that is
unencrypted by leaving out the "-des3" option:

        OpenSSL> genrsa -out test.key 1024

No more password prompts..... but https://localhost/ still hangs! 

I have a hunch this an issue with localhost vs. a domain name
(www.whatever.com) in both httpd.conf and the certificate?

Or should I have stayed clear of the Beta....

Can anybody shed any light on this?

Regards,

Steve


=======================================================================
STEP 1: Installed a Private Key - localhost
=======================================================================

This was from Chapter 20 of the Wrox Press book:
Professional PHP Programming
        http://www.wrox.com/Consumer/Store/Books/2963/29632006.htm

First, fired up the OpenSSL command line tool:

        C:\Program Files\OpenSA\OpenSSL\bin\openssl.exe

1. Generate an RSA private key (genrsa) that is
   triple DES (des3) encrypted and 1024 bits:

        OpenSSL> genrsa -des3 -out test.key 1024

2. Create a certificate request file (CSR):

        OpenSSL> req -new -key test.key -out test.csr

        Note: Used Common Name: localhost(?)

3. Once the CSR (test.csr) has been generated, we can sign it ourselves
   to create a temporary certificate (test.crt) for the private key
   (test.key) we generated earlier:

        OpenSSL> req -x509 -key test.key -in test.csr -out test.crt


Copied the 3 files from: C:\Program Files\OpenSA\OpenSSL\bin\

(1) "test.crt"  into  C:\Program Files\OpenSA\Apache\conf\ssl.crt\
(2) "test.csr"  into  C:\Program Files\OpenSA\Apache\conf\ssl.csr\
(3) "test.key"  into  C:\Program Files\OpenSA\Apache\conf\ssl.key\

=======================================================================
STEP 2: My httpd.conf - Virtual Hosts - Snipped out all the comments
=======================================================================

### Section 3: Virtual Hosts

<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>

<IfModule mod_ssl.c>
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:logs/ssl/scache
SSLSessionCacheTimeout  300
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      logs/ssl/engine.log
SSLLogLevel info
</IfModule>


<IfDefine SSL>

<VirtualHost _default_:443>

#  General setup for the virtual host
DocumentRoot "C:/PROGRA~1/OPENSA/APACHE/HTDOCS"
ServerName localhost
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/ssl/error.log
TransferLog logs/ssl/access.log

SSLEngine on

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.crt/test.crt"

SSLCertificateKeyFile "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.key/test.key"

SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

<Files ~ "\.(cgi|shtml)$">
    SSLOptions +StdEnvVars
</Files>

<Directory "C:/PROGRA~1/OPENSA/APACHE/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog logs/ssl/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  
</IfDefine>

=======================================================================
STEP 4:   C:\Program Files\OpenSA\Apache\logs\ssl\engine.log
=======================================================================

[info]  Server: OpenSA/1.0.0 / Apache/1.3.14, Interface: mod_ssl/2.7.2,
Library: OpenSSL/0.9.6
[warn]  You are using mod_ssl under Win32. This combination is *NOT*
officially supported. Use it at your own risk!
[info]  Init: 1st startup round (still not detached)
[info]  Init: Initializing OpenSSL library
[info]  Init: Loading certificate & private key of SSL-aware server
localhost:443
[info]  Init: Requesting pass phrase via builtin terminal dialog
[info]  Init: Wiped out the queried pass phrases from memory
[info]  Init: Seeding PRNG with 136 bytes of entropy
[info]  Init: Generating temporary RSA private keys (512/1024 bits)
[info]  Init: Configuring temporary DH parameters (512/1024 bits)
[info]  Init: Seeding PRNG with 136 bytes of entropy
[info]  Init: Configuring temporary RSA private keys (512/1024 bits)
[info]  Init: Configuring temporary DH parameters (512/1024 bits)
[info]  Init: Initializing (virtual) servers for SSL
[info]  Init: Configuring server localhost:443 for SSL protocol
[warn]  Init: (localhost:443) RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[info]  Init: 2nd startup round (already detached)
[info]  Init: Reinitializing OpenSSL library
[info]  Init: Seeding PRNG with 136 bytes of entropy
[info]  Init: Configuring temporary RSA private keys (512/1024 bits)
[info]  Init: Configuring temporary DH parameters (512/1024 bits)
[info]  Init: Initializing (virtual) servers for SSL
[info]  Init: Configuring server localhost:443 for SSL protocol
[warn]  Init: (localhost:443) RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[info]  Server: OpenSA/1.0.0 / Apache/1.3.14, Interface: mod_ssl/2.7.2,
Library: OpenSSL/0.9.6
[warn]  You are using mod_ssl under Win32. This combination is *NOT*
officially supported. Use it at your own risk!
[info]  Init: 1st startup round (still not detached)
[info]  Init: Initializing OpenSSL library
[info]  Init: Loading certificate & private key of SSL-aware server
localhost:443
[info]  Init: Requesting pass phrase via builtin terminal dialog
[info]  Init: Wiped out the queried pass phrases from memory
[info]  Init: Seeding PRNG with 136 bytes of entropy
[info]  Init: Generating temporary RSA private keys (512/1024 bits)
[info]  Init: Configuring temporary DH parameters (512/1024 bits)
[info]  Init: Seeding PRNG with 136 bytes of entropy
[info]  Init: Configuring temporary RSA private keys (512/1024 bits)
[info]  Init: Configuring temporary DH parameters (512/1024 bits)
[info]  Init: Initializing (virtual) servers for SSL
[info]  Init: Configuring server localhost:443 for SSL protocol
[warn]  Init: (localhost:443) RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[info]  Connection to child 4 established (server localhost:443, client
127.0.0.1)

=======================================================================




____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at 
http://home.netscape.com/webmail

--
This is The OpenSA Project's mailing list. For more information,
please visit the project's web site at http://www.opensa.org

To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]

Reply via email to