steve does it hang *indefintiely*? What OS are you running?
I've been having issues running on win2k.
Two things to try and gather more info
set LogLevel to debug
Enable visual notification in Dr. Watson
>-----Original Message-----
>From: Steve [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, November 02, 2000 12:03 PM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: [opensa-users] OpenSA 1.0.0 beta 2 - https connection hangs?
>
>
>
>Hello,
>
>I recently installed the newly released OpenSA Beta 1.0.0b2
>so I could do offline PHP development work running localhost.
>
>STEP 1: Installed a Private Key (see below)
>
>STEP 2: Set up httpd.conf (see below)
>
>STEP 3: Start Apache....
> "C:\Program Files\OpenSA\Apache\Apache.exe" -D SSL
>
> Server localhost:443 (RSA)
> Enter pass phrase:
> Ok: Pass Phrase Dialog successful.
>
> This prompt was issued TWICE.... I know you were wondering!
>
> http://localhost/ Works fine.
>
> https://localhost/ HANGS, and HANGS and HANGS!!
>
>STEP 4: Shutdown Apache and viewed the engine.log (see below).
>
>I should mention here that the shortcut to Stop Apache:
>"C:\Program Files\OpenSA\Apache\Apache.exe" -k shutdown
>rarely seems to work when running in SSL, but otherwise works fine.
>Same deal with CTRL-C.... no effect?
>
>Anyway, thought the private key/passphrase thing could be an issue,
>so I started over and generated an RSA private key (genrsa) that is
>unencrypted by leaving out the "-des3" option:
>
> OpenSSL> genrsa -out test.key 1024
>
>No more password prompts..... but https://localhost/ still hangs!
>
>I have a hunch this an issue with localhost vs. a domain name
>(www.whatever.com) in both httpd.conf and the certificate?
>
>Or should I have stayed clear of the Beta....
>
>Can anybody shed any light on this?
>
>Regards,
>
>Steve
>
>
>=======================================================================
>STEP 1: Installed a Private Key - localhost
>=======================================================================
>
>This was from Chapter 20 of the Wrox Press book:
>Professional PHP Programming
> http://www.wrox.com/Consumer/Store/Books/2963/29632006.htm
>
>First, fired up the OpenSSL command line tool:
>
> C:\Program Files\OpenSA\OpenSSL\bin\openssl.exe
>
>1. Generate an RSA private key (genrsa) that is
> triple DES (des3) encrypted and 1024 bits:
>
> OpenSSL> genrsa -des3 -out test.key 1024
>
>2. Create a certificate request file (CSR):
>
> OpenSSL> req -new -key test.key -out test.csr
>
> Note: Used Common Name: localhost(?)
>
>3. Once the CSR (test.csr) has been generated, we can sign it ourselves
> to create a temporary certificate (test.crt) for the private key
> (test.key) we generated earlier:
>
> OpenSSL> req -x509 -key test.key -in test.csr -out test.crt
>
>
>Copied the 3 files from: C:\Program Files\OpenSA\OpenSSL\bin\
>
>(1) "test.crt" into C:\Program Files\OpenSA\Apache\conf\ssl.crt\
>(2) "test.csr" into C:\Program Files\OpenSA\Apache\conf\ssl.csr\
>(3) "test.key" into C:\Program Files\OpenSA\Apache\conf\ssl.key\
>
>=======================================================================
>STEP 2: My httpd.conf - Virtual Hosts - Snipped out all the comments
>=======================================================================
>
>### Section 3: Virtual Hosts
>
><IfDefine SSL>
>AddType application/x-x509-ca-cert .crt
>AddType application/x-pkcs7-crl .crl
></IfDefine>
>
><IfModule mod_ssl.c>
>SSLPassPhraseDialog builtin
>SSLSessionCache dbm:logs/ssl/scache
>SSLSessionCacheTimeout 300
>SSLMutex sem
>SSLRandomSeed startup builtin
>SSLRandomSeed connect builtin
>SSLLog logs/ssl/engine.log
>SSLLogLevel info
></IfModule>
>
>
><IfDefine SSL>
>
><VirtualHost _default_:443>
>
># General setup for the virtual host
>DocumentRoot "C:/PROGRA~1/OPENSA/APACHE/HTDOCS"
>ServerName localhost
>ServerAdmin [EMAIL PROTECTED]
>ErrorLog logs/ssl/error.log
>TransferLog logs/ssl/access.log
>
>SSLEngine on
>
>SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
>SSLCertificateFile "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.crt/test.crt"
>
>SSLCertificateKeyFile "C:/PROGRA~1/OPENSA/APACHE/conf/ssl.key/test.key"
>
>SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
>
><Files ~ "\.(cgi|shtml)$">
> SSLOptions +StdEnvVars
></Files>
>
><Directory "C:/PROGRA~1/OPENSA/APACHE/cgi-bin">
> SSLOptions +StdEnvVars
></Directory>
>
>SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
>CustomLog logs/ssl/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
></VirtualHost>
></IfDefine>
>
>=======================================================================
>STEP 4: C:\Program Files\OpenSA\Apache\logs\ssl\engine.log
>=======================================================================
>
>[info] Server: OpenSA/1.0.0 / Apache/1.3.14, Interface: mod_ssl/2.7.2,
>Library: OpenSSL/0.9.6
>[warn] You are using mod_ssl under Win32. This combination is *NOT*
>officially supported. Use it at your own risk!
>[info] Init: 1st startup round (still not detached)
>[info] Init: Initializing OpenSSL library
>[info] Init: Loading certificate & private key of SSL-aware server
>localhost:443
>[info] Init: Requesting pass phrase via builtin terminal dialog
>[info] Init: Wiped out the queried pass phrases from memory
>[info] Init: Seeding PRNG with 136 bytes of entropy
>[info] Init: Generating temporary RSA private keys (512/1024 bits)
>[info] Init: Configuring temporary DH parameters (512/1024 bits)
>[info] Init: Seeding PRNG with 136 bytes of entropy
>[info] Init: Configuring temporary RSA private keys (512/1024 bits)
>[info] Init: Configuring temporary DH parameters (512/1024 bits)
>[info] Init: Initializing (virtual) servers for SSL
>[info] Init: Configuring server localhost:443 for SSL protocol
>[warn] Init: (localhost:443) RSA server certificate is a CA
>certificate
>(BasicConstraints: CA == TRUE !?)
>[info] Init: 2nd startup round (already detached)
>[info] Init: Reinitializing OpenSSL library
>[info] Init: Seeding PRNG with 136 bytes of entropy
>[info] Init: Configuring temporary RSA private keys (512/1024 bits)
>[info] Init: Configuring temporary DH parameters (512/1024 bits)
>[info] Init: Initializing (virtual) servers for SSL
>[info] Init: Configuring server localhost:443 for SSL protocol
>[warn] Init: (localhost:443) RSA server certificate is a CA
>certificate
>(BasicConstraints: CA == TRUE !?)
>[info] Server: OpenSA/1.0.0 / Apache/1.3.14, Interface: mod_ssl/2.7.2,
>Library: OpenSSL/0.9.6
>[warn] You are using mod_ssl under Win32. This combination is *NOT*
>officially supported. Use it at your own risk!
>[info] Init: 1st startup round (still not detached)
>[info] Init: Initializing OpenSSL library
>[info] Init: Loading certificate & private key of SSL-aware server
>localhost:443
>[info] Init: Requesting pass phrase via builtin terminal dialog
>[info] Init: Wiped out the queried pass phrases from memory
>[info] Init: Seeding PRNG with 136 bytes of entropy
>[info] Init: Generating temporary RSA private keys (512/1024 bits)
>[info] Init: Configuring temporary DH parameters (512/1024 bits)
>[info] Init: Seeding PRNG with 136 bytes of entropy
>[info] Init: Configuring temporary RSA private keys (512/1024 bits)
>[info] Init: Configuring temporary DH parameters (512/1024 bits)
>[info] Init: Initializing (virtual) servers for SSL
>[info] Init: Configuring server localhost:443 for SSL protocol
>[warn] Init: (localhost:443) RSA server certificate is a CA
>certificate
>(BasicConstraints: CA == TRUE !?)
>[info] Connection to child 4 established (server localhost:443, client
>127.0.0.1)
>
>=======================================================================
>
>
>
>
>____________________________________________________________________
>Get your own FREE, personal Netscape WebMail account today at
http://home.netscape.com/webmail
--
This is The OpenSA Project's mailing list. For more information,
please visit the project's web site at http://www.opensa.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
--
This is The OpenSA Project's mailing list. For more information,
please visit the project's web site at http://www.opensa.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
