Re: SOME QUESTIONS ABOUT APACHE+MOD_SSL
hi, --- Giuliano Cocchi <[EMAIL PROTECTED]> wrote: > Hi all. > > I have apache 1.3.12 + openssl 0.9.5a + modssl > 2.6.6. > I have setted up my apache + ssl correctly, > registered my certificate and > tested my own site. > All works ! i've the same system setting as yours > But now my problem is that i must configure many > name based virtual host (some > with ssl other without). > Reading the FAQS, i noticed that even if i use name > based virtual host, i > cannot sign one certificate per site, but i can use > port based. OK. > After writing the directive for virtual host, i have > encountered some problem > and i have some questions. > > I have vhost via http and https and i want that my > realhost is reacheable via http and https. > Using the directives, i created my realhost > (http+https), vhost1 > (https:443), vhost2 (https:444), vhost3 (http:80), > vhost4 (http:80). > For my realhost i have created 2 directory (one for > http and one for https) > When i access http://vhost3 all was ok. > Trying to access https://vhost3, apache connect to > my realhost via HTTPS. that's why u can't implement namevirtualhost with the same port. this is what i presumed happened: when u go to https://vhost3 without any port, apache will default to port 443, since the ip addr of vhost3=vhost1 ,it'll map to ip:443 which will be your vhost1! > I think that the system must give an error to the > client, but this is not true. > The same thing appen when i connect to > https://vhost1 and then http://vhost1, > but in this case apache give me the realhost via > HTTP. of this this should happen!!otherwise why set up http & https??? > > Someone have hints for me? > > Another questions.. > Can i use name based virtual host on the same port > 443 for all my vhost. > I think that i must use only one certificate in this > case > > Bye. > nope, answered above! > > MY CONFIG FILES: > > 1)httpd.conf: > ServerType standalone > port 80 > User nobody > Group nobody > ServerAdmin x@xxx > ServerName realhost > DocumentRoot /wwwroot/html > > Options FollowSymLinks > AllowOverride None > > > Options Indexes Includes FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > > DirectoryIndex index.html index.htm index.shtml > index.cgi > AccessFileName .htaccess > UseCanonicalName On > HostnameLookups Off > IndexOptions FancyIndexing > Include conf/ssl/ssl.conf > Include conf/ssl/ssl.vhost.conf > > > > 2)ssl.conf: > Listen 192.168.1.2:80 > Listen 192.168.1.2:443 > Listen 192.168.1.2:444 > Listen 192.168.1.2:445 > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > SSLPassPhraseDialog builtin > SSLSessionCachedbm:logs/ssl_scache > SSLSessionCacheTimeout 300 > SSLMutex file:logs/ssl_mutex > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > > > 3)ssl.vhost.conf > > NameVirtualHost 192.168.1.2 > > > DocumentRoot /wwwroot/https/html > ServerName realhost > ServerAdmin root@realhost > ErrorLog logs/ssl-error_log > TransferLog logs/ssl-access_log > SSLEngine on > SSLCertificateFile conf/ssl/server.crt > SSLCertificateKeyFile conf/ssl/server.key > > > > DocumentRoot /wwwroot/html/vhost1 > ServerName vhost1 > ServerAdmin root@vhost1 > ErrorLog logs/ssl-error_log > TransferLog logs/ssl-access_log > SSLEngine on > SSLCertificateFile conf/ssl/vhost1.crt > SSLCertificateKeyFile conf/ssl/vhost1.key > > > > DocumentRoot /wwwroot/html/vhost2 > ServerName vhost2 > ServerAdmin root@vhost2 > ErrorLog logs/ssl-error_log > TransferLog logs/ssl-access_log > SSLCertificateFile conf/ssl/vhost2.crt > SSLCertificateKeyFile conf/ssl/vhost2.key > SSLEngine on > > > > DocumentRoot /wwwroot/http/html > ServerName realhost > ServerAdmin root@realhost > ErrorLog logs/ssl-error_log > TransferLog logs/ssl-access_log > SSLEngine off > > > > DocumentRoot /wwwroot/html/vhost3 > ServerName vhost3 > ServerAdmin root@vhost3 > ErrorLog logs/ssl-error_log > TransferLog logs/ssl-access_log > SSLEngine off > > > > DocumentRoot /wwwroot/html/vhost4 > ServerName vhost4 > ServerAdmin root@vhost4 > ErrorLog logs/ssl-error_log > TransferLog logs/ssl-access_log > SSLEngine off > > > > > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___
Re: Apache-SSL Configuration
hi kai yin, > we are using Apache + openssl + mod_ssl > and i have installed all of stuff > but i dont know how to activated it > if i have webpages wanted to run under ssl. > > i know that i should place pages in htdocs if such > pages don't run > ssl. don't know what u meant by activating, do u mean u want to run apache with ssl? if that's the case then u can try /path/to/apachectl startssl (stop,start) or u check your /usr/local/apache/bin/httpd file make sure the following line is there: startproc /usr/local/apache/bin/httpd -f \ /usr/local/apache/conf/httpd.conf -D SSL if u've that it should automatically b started when u start your linux. pls customize the directories according to your setup. anor assumption is that your apache is 'standalone', i.e. not started by inetd. good luck! tk = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apache & SSL
Hi all, previously i installed suse6.4(kernel2.2.14) with apache etc. since the bundled openssl & modssl didn't really work..i reinstalled it again myself..in the prefix directory /usr/local/apache. my ques: 1.everytime i restart my server, it'll default to the original apache, so each time i need to command #/etc/rc.d/init.d/apache stop then i restart my new server with #/usr/local/apache/bin/apachectl startssl -how do i make sure that apachectl will restart automatically each time my server is restarted instead of the 'old' httpd? -why is it that after i run startssl(as above), when i checked #/etc/rc.d/init.d/apache status it'll report ..ok & how long httpd has started. if i put "/etcapache stop" my apachectl is also stopped. can anyone tell me what's the connection between this apache & apachectl(ps.i did cp apachectl into /etc/rc.d/init.d) 2.the default apache comes with many modules e.g. php3,perl etc & i found out that i need to recompile apache to include them into my 'new' apachectl. does it mean that in the future if i were to add new modules, i've to recompile apache & also reconfigure httpd.conf? thanks in advance for all your help. really appreciate it. rgds tk = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ques re pass phrase
hi all according the mod_ssl user guide, if i use "sslpass phrasedialog exec:/xx/xx/xx ", i need to have an external program. unfortunately i can't find pp-filter (in chap 3-sslpassphrasedialog) in my system. can anyone please tell me where i can get a sample program with provides the pass phrase on stdout? thanks in advance for your assistance. tk = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apache & modssl
hi all i've installed suse6.4 together with apache. when i check the version #rpm -qa | grep apache what i got was apache-1.3.12-15 the directories with apache are /usr/lib/apache : contains all mod.so /usr/include/apache : files *.h the binary is in /sbin/init.d/apache my ques is : when i configure mod_ssl with ./configure --with-apache=/usr/lib/apache (i've tried all the above directories) i'd get an error message: -cannot find apache 1.3 source tree. what should i do? reinstall apache & recompile? i don't understand why is it when i installed apache with openssl/0.9.5 & mod_ssl/2.6.2 nothing seemed to work?(a lot of things is missing e.g. sign.sh etc - that's why i'm forced to reinstall openssl & modssll- now maybe even apache!) Is Suse 6.4 with bug? thanks for your answers. tk = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: how do i know the version & how to start https
hi, i'm sorry if i've offended u so greatly...but i really have no idea that i can find the source of this trouble... honestly i've used man openssl etc but there's an error saying no such man page. i'm also new with apache: yes i'm still striving, thanks for your hint on what to read. N.B. i apologize too to all those who find my ques - irrelavant. tk --- [EMAIL PROTECTED] wrote: > > In order: > Hi. > Really, I would never have guessed. I thought you > might have some insight > (other than you're too lazy to read *massive* man > pages) to contribute. > 1. Read up on server-status - failing this: > check your deleted> apache logs. > 2. Read up on the difference between static and > dynamic linking. The > version of the libraries Netscape is using may or > may not be the latest and > greatest version you have installed on your system. > (Notice there is no > sarcastic gasp on this answer because this is the > only question you could > not reasonably be expected to puzzle out for > yourself before wasting the > time of the participants on this mailing list.) > 3. RTF install document . > > You are not welcome. Why, because you don't have to > learn to read? If you > had made *ANY* effort whatsoever it would be > different. > > > > > > tk dev <[EMAIL PROTECTED]> on 08/24/2000 03:03:03 PM > > Please respond to [EMAIL PROTECTED] > > To: modssluser <[EMAIL PROTECTED]>, > openssluser > <[EMAIL PROTECTED]>, suse > <[EMAIL PROTECTED]>, > suse-security <[EMAIL PROTECTED]> > cc: > Subject: how do i know the version & how to start > https > > > > > hi all > > i've some ques re modssl,openssl & apache-would b > glad > to hear from u all. > (i'm using suse6.4,kernel2.2.16 - also installed > modssl/2.62 & openssl/0.95 together with suse6.4) > > 1. how do i know the version for openssl & modssl > that's running on my system? > > 2.i've downloaded & installed openssl/0.95a,without > any error message- yet when i open netscape > communicator(for suse6.4 users = it'll show the > apache > version,openssl,modssl version etc) the version > shown > is still 0.95!! > what should i do so that i'm using the latest > openssl?btw, how do i know that's it's running the > latest version i've installed ?- should i delete the > old version, how? > > 3.as i know, modssl & apache-ssl is different. how > should i start apache after i enabled ssl? should i > stop the current apache? should i change/start/stop > any daemon? > > pls advise & thanks in advance. thanks also to all > u've been so helpful & answered many of the ques in > this list...one reason why i love linux/open system > so > much. > > cheers > tk > > = > 0Oo~~:o) > Smile! You'r Alive!!! > > Q:What's peacefulness? > A:What's confusion? Peacefulness is the end of > confusion. > > o.0.Oo.o May there be peace in every step we take > :o):tk > > __ > Do You Yahoo!? > Yahoo! Mail - Free email you can access from > anywhere! > http://mail.yahoo.com/ > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager > [EMAIL PROTECTED] > > > > > > > ** > Important Note > This email (including any attachments) contains > information which is > confidential and may be subject to legal privilege. > If you are not > the intended recipient you must not use, distribute > or copy this > email. If you have received this email in error > please notify the > sender immediately and delete this email. Any views > expressed in this > email are not necessarily the views of AXA. Thank > you. > ** > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
how do i know the version & how to start https
hi all i've some ques re modssl,openssl & apache-would b glad to hear from u all. (i'm using suse6.4,kernel2.2.16 - also installed modssl/2.62 & openssl/0.95 together with suse6.4) 1. how do i know the version for openssl & modssl that's running on my system? 2.i've downloaded & installed openssl/0.95a,without any error message- yet when i open netscape communicator(for suse6.4 users = it'll show the apache version,openssl,modssl version etc) the version shown is still 0.95!! what should i do so that i'm using the latest openssl?btw, how do i know that's it's running the latest version i've installed ?- should i delete the old version, how? 3.as i know, modssl & apache-ssl is different. how should i start apache after i enabled ssl? should i stop the current apache? should i change/start/stop any daemon? pls advise & thanks in advance. thanks also to all u've been so helpful & answered many of the ques in this list...one reason why i love linux/open system so much. cheers tk = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
how do i generate CA/certs : esp with CA.pl
hi all i've been trying to generate certificates - following mod_ssl user manual. unfortunately i can't find sign.sh to sign my server.csr. p.s. i'm using suse6.4,kernel2.2.16;installed with mod_ssl/2.62 & openssl/0.95. anyway i've downloaded openssl/0.95a & install it. & i've found CA.pl: as i know this is one program to generate certificates. but when i tried CA.pl -newca it only come up with a dir (demoCA) with some .pem files inside. i want a real SSL cert with names which i specify. how do i go about doing that?...the man page of CA.pl is so massive & i don't know what to do to have -x509(just like the one used by openssl). pls advise me what to do with CA.pl/how to get other scripts that enable me to create cert. thanks a lot for your help. tk = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
further ques on creating own ca(cert authority)
hi all thanks for your suggestion on creating ca(following use manual in mod_ssl>faq> "how can i create and use my own ca?" however i still can't get step 3/4 to work-i.e. creating server cert. i can't find the sign.sh nor CA.pl in my system!! i'm using suse6.4 kernel 2.2.14 & when i installed suse i included mod_ssl & openssl. when i search for mod_ssl, what i found was it's in /usr/doc/packages/mod_ssl & the files that look promising ( to substitute for sign.sh) were mkcert.sh & certificate.sh . so i tried /usr/doc/packages/mod_ssl/mkcert.sh server.csr & the result: mkcert.sh:Error:Cannot operate outside the Apache 1.3 source tree. mkcert.sh:Hint:you have to stay inside apache_1.3.x/src there's no apache_1.3.x directory in my system!! so i tried the whole process under all my apaches directory: /usr/include/apache /usr/lib/apache /usr/lib/apache/bin ALL of them returned the same error...can't operate outside Apache 1.3 source tree. glad to hear from u for any hints...i hope i don't have to download & reinstall openssl & mod_ssl! well, thanks in advance tk = 0Oo~~:o) Smile! You'r Alive!!! Q:What's peacefulness? A:What's confusion? Peacefulness is the end of confusion. o.0.Oo.o May there be peace in every step we take :o):tk __ Do You Yahoo!? Yahoo! Mail Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
signing own ca(certificate authority)
hi all,
ust read the mod_ssl manual -faq section.
i'm referring to the ques:
how can i create and use my own certificate
authority(ca)?
- i can follow until step 2, which is creating a
self-signed ca.
unfortunately when it comes to step 3...which stated
that i need the 'sign.sh', i can't find this program.
so when i type in 'openssl ca' there's an error
message:
Using configuration from /usr/ssl/openssl.cnf
./demoCA/private/cakey.pem:No such file or directory
trying to load CA private key
436:error:02001002:system library:fopen:system
lib:bss_file.c:245:fopen('./demoCA/private/cakey.pem',
'r')
436:error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:247:
when i follow thru with step 4:
./sign.sh server.csr
not surprising the error:
./sign.sh:No such file or directory appeared.
n.b.
i'm using suse 6.4,kernel2.2.14.
during the installation i've installed
mod_ssl/2.6.2,openssl/0.95 as well as apache1.3.12
pls, how should i solve this problem.
thanks a million for your help.
cheers
tk
=
0Oo~~:o)
Smile! You'r Alive!!!
Q:What's peacefulness?
A:What's confusion? Peacefulness is the end of confusion.
o.0.Oo.o May there be peace in every step we take :o):tk
__
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
