RE: How to install mod_ssl + mod_webapp?
i did compile a post-1.1.2 EAPI version of mod_jserv which works fine - and without warnings - with my configuration (apache 1.3.22/mod_ssl 2.8.5): http://www.modssl.org/contrib/mod_jserv-1.1.3-dev-eapi-WIN32.zip ...had to set KeepAlive Off in httpd.conf however (BUG #569) to get production quality. michael -Ursprungliche Nachricht- Von: Will Guaraldi [mailto:[EMAIL PROTECTED]] Gesendet: Freitag, 22. Februar 2002 15:36 An: [EMAIL PROTECTED] Betreff: RE: How to install mod_ssl + mod_webapp? For the record, we're running Apache 1.3.20/mod_ssl 2.8.4 with ApacheJServer 1.1.2 and we get the same warning when it loads JServ that you get with mod_webapp.c and our application works fine. So you might not have to recompile the mod_webapp module with -DEAPI. /will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wes Barris Sent: Thursday, February 21, 2002 5:21 PM To: modssl list Subject: How to install mod_ssl + mod_webapp? We are currently using Jakarta-tomcat-4.0.1 with Apache httpd 1.3.22 (binary distributions for linux downloaded from the www.apache.org website). I also have mod_webapp installed (downloaded from the same website). Now, I want to add mod_ssl functionality to this mix. From what I gather from the www.modssl.org website, I must throw away what I have and compile from sources in order to use mod_ssl. I followed the instructions on this page: http://www.modssl.org/example/ and everything seemed to build properly. After copying mod_ssl.so to the new ./libexec directory and adding the following two lines to ./conf/httpd.conf: LoadModule webapp_module libexec/mod_webapp.so AddModule mod_webapp.c I get this error message: root@redhat# /usr/local/apache-ssl/bin/apachectl configtest [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO libexec/mod_webapp.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already added, skipping Syntax OK I can read the words but I don't really know what to do. It seems to be saying that I have to compile mod_webapp using -DEAPI. Can anyone provide some guidance? -- Wes Barris E-Mail: [EMAIL PROTECTED] Phone: 07-3346-2504 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
wildcard certificate errors?
Hello, [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA server certificate CommonName (CN) *.fantomas.sk' does NOT match server name!? I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, right? It works but why does it produce warning? -- Matus fantomas Uhlar, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I don't wish to receive spam to this address. Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu. Save the whales. Collect the whole set. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL-Problem with Mac MSIE
Hi, i am using a self-signed (but valid) certificate with 'Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6' and the workarounds for MSIE in the http.conf: SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Allowed ciphers: SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL But there is still a problem when trying to connect with MSIE 5.13 on Macintosh (compatible; MSIE 5.13; Mac_PowerPC). Here's my SSL-Log: [info] Connection to child 0 established (server x.x.x:443, client x.x.x.x) [info] Seeding PRNG with 1160 bytes of entropy [error] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [error] System: Connection reset by peer (errno: 104) Becaus MSIE 5.13 is the latest MSIE on Mac i need a solution/workaround for this problem. Any ideas? Thomas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] SSL config w 1.3.23/2.8.6/0.9.6c +php4.1.1 (PR#666)
Full_Name: Amael Version: mod_ssl-2.8.6-1.3.23 OS: FreeBSD 4.5 Submission from: (NULL) (194.237.142.7) I have problems creating a SSL vhost. I cant define SSL options ie SSLEngine etc outside IfDefine SSL part of the httpd.conf. If i do, i get this error message: Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration But if i check the ssl_engine.log modssl and openssl seems to be with me: [26/Feb/2002 09:03:48 20479] [info] Server: Apache/1.3.23, Interface: mod_ssl/2.8.6, Library: OpenSSL/0.9.6c [Tue Feb 26 09:03:53 2002] [notice] Apache/1.3.23 (Unix) PHP/4.1.1 mod_ssl/2.8.6 OpenSSL/0.9.6c configured -- resuming normal operations So currently i have a *:80 vhost defined, a _default_:443 defined within the IfDefine SSL part and two vhost with the same ip, one with port 80 and one with port 443 outside the ifdefine part. When i try to access the https part this shows up in the errorlog [Tue Feb 26 10:20:53 2002] [error] [client 192.168.0.13] Invalid method in request \x80L^A^C^A And access.log - [26/Feb/2002:10:20:53 +0100] L 501 - So i change the _default_:443 vhost to myip:443. Now i get a completly different messages in the logs: [ssl_engine.log] [26/Feb/2002 10:26:32 20646] [trace] OpenSSL: Handshake: done [26/Feb/2002 10:26:32 20646] [info] Connection: Client IP: myip, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits) .. [26/Feb/2002 10:26:32 20646] [trace] OpenSSL: Write: SSL negotiation finished successfully [26/Feb/2002 10:26:32 20646] [info] Connection to child 2 closed with standard shutdown (server myservername:443, client myip) So it seems that the handshake part went ok, but no page is displayed, only a The page cannot be displayed error page (Cannot find server or DNS Error). I have tried with both IE 5.x and IE6. If i type ../bin/httpd -L i cant see any SSL directives in the list, and with ../bin/httpd -S i cant see the vhost defined within the IfDefine SSL part. The config file has both a 'LoadModule ssl_module libexec/libssl.so' and 'AddModule mod_ssl.c' defined. Whats the problem? Btw, i couldnt use my old httpd.conf, it seems to have the same problems, but httpd.conf changed so much i didn´t dare to use it, so i wrote a new one. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: wildcard certificate errors?
On Tue, 26 Feb 2002, Matus fantomas Uhlar wrote: [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA server certificate CommonName (CN) *.fantomas.sk' does NOT match server name!? I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, right? It works but why does it produce warning? No, it doesn't, because there are no wildcard expansion patterns accepted on the server end. Wildcard certs only work because the _browser_ accepts the wildcard in the CN. In any case the warning you are seeing is only a warning; it's not fatal. - Julian -- Julian C. Dunn, B.A.Sc [EMAIL PROTECTED] Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com Windows NT encountered the following error: The operation was completed successfully. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: wildcard certificate errors?
I have this problem viewing our site with IE5.5 Do all microsoft browsers reject wildcard certs ? Is there a patch for IE5 to get round this problem ? Why don't Thawte tell you about this when you buy the certificate? Rhys. -Original Message- From: Julian C. Dunn [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:19 To: [EMAIL PROTECTED] Subject: Re: wildcard certificate errors? On Tue, 26 Feb 2002, Matus fantomas Uhlar wrote: [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA server certificate CommonName (CN) *.fantomas.sk' does NOT match server name!? I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, right? It works but why does it produce warning? No, it doesn't, because there are no wildcard expansion patterns accepted on the server end. Wildcard certs only work because the _browser_ accepts the wildcard in the CN. In any case the warning you are seeing is only a warning; it's not fatal. - Julian -- Julian C. Dunn, B.A.Sc [EMAIL PROTECTED] Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com Windows NT encountered the following error: The operation was completed successfully. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: wildcard certificate errors?
-Original Message- From: Rhys Hopkins [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:26 To: '[EMAIL PROTECTED]' Subject: RE: wildcard certificate errors? I have this problem viewing our site with IE5.5 Do all microsoft browsers reject wildcard certs ? Some reject them entirely, eg IE3, but these are no longer supported. I trust that you mean IE5.5SP2? Is there a patch for IE5 to get round this problem ? You should be able to either disable the warning or click past it. Why don't Thawte tell you about this when you buy the certificate? The information is there on their site: http://www.thawte.com/getinfo/products/wildcard/overview.html I found this clicking the wildcard certificates link from www.thawte.com. Not exactly hidden. There's even a link to creating test certificates that you can play with until you get the process right. Officialy IE doesn't support wildcard certificates, but other than the original IE5 refusing them unofficially it does. In fact, there were enormous bugs with IE5 (pre version 5.01). - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Evolution - A crutch for scientists who can't handle the existence of the creator. See disproven scientific theories and Romans 1:22. -Original Message- From: Julian C. Dunn [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:19 To: [EMAIL PROTECTED] Subject: Re: wildcard certificate errors? On Tue, 26 Feb 2002, Matus fantomas Uhlar wrote: [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA server certificate CommonName (CN) *.fantomas.sk' does NOT match server name!? I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, right? It works but why does it produce warning? No, it doesn't, because there are no wildcard expansion patterns accepted on the server end. Wildcard certs only work because the _browser_ accepts the wildcard in the CN. In any case the warning you are seeing is only a warning; it's not fatal. - Julian -- Julian C. Dunn, B.A.Sc [EMAIL PROTECTED] Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com Windows NT encountered the following error: The operation was completed successfully. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: wildcard certificate errors?
Thanks - My own fault for not reading things properly. Darn infuriating though - considering xx% of users have IE. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:48 To: [EMAIL PROTECTED] Subject: RE: wildcard certificate errors? -Original Message- From: Rhys Hopkins [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:26 To: '[EMAIL PROTECTED]' Subject: RE: wildcard certificate errors? I have this problem viewing our site with IE5.5 Do all microsoft browsers reject wildcard certs ? Some reject them entirely, eg IE3, but these are no longer supported. I trust that you mean IE5.5SP2? Is there a patch for IE5 to get round this problem ? You should be able to either disable the warning or click past it. Why don't Thawte tell you about this when you buy the certificate? The information is there on their site: http://www.thawte.com/getinfo/products/wildcard/overview.html I found this clicking the wildcard certificates link from www.thawte.com. Not exactly hidden. There's even a link to creating test certificates that you can play with until you get the process right. Officialy IE doesn't support wildcard certificates, but other than the original IE5 refusing them unofficially it does. In fact, there were enormous bugs with IE5 (pre version 5.01). - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Evolution - A crutch for scientists who can't handle the existence of the creator. See disproven scientific theories and Romans 1:22. -Original Message- From: Julian C. Dunn [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:19 To: [EMAIL PROTECTED] Subject: Re: wildcard certificate errors? On Tue, 26 Feb 2002, Matus fantomas Uhlar wrote: [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA server certificate CommonName (CN) *.fantomas.sk' does NOT match server name!? I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, right? It works but why does it produce warning? No, it doesn't, because there are no wildcard expansion patterns accepted on the server end. Wildcard certs only work because the _browser_ accepts the wildcard in the CN. In any case the warning you are seeing is only a warning; it's not fatal. - Julian -- Julian C. Dunn, B.A.Sc [EMAIL PROTECTED] Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com Windows NT encountered the following error: The operation was completed successfully. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: wildcard certificate errors?
The most infuriating thing is that too many people use IE (including myself)! IE breaks so many standards it's incredible. The recent fiasco over handling a file according to its Mime-Type rather than its contents comes to mind. Faking extensions or Mime-Types is trivial, whereas faking contents isn't. This is precisely why most of the posts to this list seem to involve IE more than mod_ssl. Dismounts soapbox. John -Original Message- From: Rhys Hopkins [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 14:00 To: '[EMAIL PROTECTED]' Subject: RE: wildcard certificate errors? Thanks - My own fault for not reading things properly. Darn infuriating though - considering xx% of users have IE. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:48 To: [EMAIL PROTECTED] Subject: RE: wildcard certificate errors? -Original Message- From: Rhys Hopkins [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:26 To: '[EMAIL PROTECTED]' Subject: RE: wildcard certificate errors? I have this problem viewing our site with IE5.5 Do all microsoft browsers reject wildcard certs ? Some reject them entirely, eg IE3, but these are no longer supported. I trust that you mean IE5.5SP2? Is there a patch for IE5 to get round this problem ? You should be able to either disable the warning or click past it. Why don't Thawte tell you about this when you buy the certificate? The information is there on their site: http://www.thawte.com/getinfo/products/wildcard/overview.html I found this clicking the wildcard certificates link from www.thawte.com. Not exactly hidden. There's even a link to creating test certificates that you can play with until you get the process right. Officialy IE doesn't support wildcard certificates, but other than the original IE5 refusing them unofficially it does. In fact, there were enormous bugs with IE5 (pre version 5.01). - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Evolution - A crutch for scientists who can't handle the existence of the creator. See disproven scientific theories and Romans 1:22. -Original Message- From: Julian C. Dunn [mailto:[EMAIL PROTECTED]] Sent: 26 February 2002 13:19 To: [EMAIL PROTECTED] Subject: Re: wildcard certificate errors? On Tue, 26 Feb 2002, Matus fantomas Uhlar wrote: [26/Feb/2002 09:06:59 15055] [warn] Init: (ssl.fantomas.sk:443) RSA server certificate CommonName (CN) *.fantomas.sk' does NOT match server name!? I really don't understand this. *.fantomas.sk DOES match ssl.fantomas.sk, right? It works but why does it produce warning? No, it doesn't, because there are no wildcard expansion patterns accepted on the server end. Wildcard certs only work because the _browser_ accepts the wildcard in the CN. In any case the warning you are seeing is only a warning; it's not fatal. - Julian -- Julian C. Dunn, B.A.Sc [EMAIL PROTECTED] Senior Software Developer, VerticalScope Inc. Tel.: (416) 341-8950 x236 Fax: (416) 341-8959 WWW: www.verticalscope.com Windows NT encountered the following error: The operation was completed successfully. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk 14th June 2002 is RNIB Look Loud Day - visit http://www.lookloud.org.uk to find out all about it. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org
RE: newbie mod_ssl questions
Read the docs at http://modssl.org/docs/ that'll get you started. You'll need to: create a certificate self-sign it (or get thawte, verisign, etc to do so) configure apache for SSL operation restart with SSL support test etc. -glen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Webber Sent: Monday, February 25, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: newbie mod_ssl questions I have a linux box that came with Apache preinstalled and in the httpd.conf there are entries such as IfDefine HAVE_SSL LoadModule ssl_module modules/libssl.so /IfDefine which would seem to indicate mod ssl is loaded but when I go to https://myserver.com I get nothing. How can I tell if ssl is really loaded, and what is the best faq to read for my situation, i.e. I have apache 1.3.20 RedHat, OpenSSL version 0.9.6b, on redhat version 2.4.7-10. Is there a simple way to list all my modules that are actually loaded dynamically ? [I know the static command] I want to simply provide ssl encryption of web sessions between known and unknown clients and our webserver. I have attached a copy of my httpd.conf file. warmest regards, Eric Sean Webber Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: RE: newbie mod_ssl questions
thanks. it appears to work but only from my a browser on the same box as the server. Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Tue, 26 Feb 2002, Glen S Mehn ([EMAIL PROTECTED]) wrote: Read the docs at http://modssl.org/docs/ that'll get you started. You'll need to: create a certificate self-sign it (or get thawte, verisign, etc to do so) configure apache for SSL operation restart with SSL support test etc. -glen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Webber Sent: Monday, February 25, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: newbie mod_ssl questions I have a linux box that came with Apache preinstalled and in the httpd.conf there are entries such as IfDefine HAVE_SSL LoadModule ssl_module modules/libssl.so /IfDefine which would seem to indicate mod ssl is loaded but when I go to https://myserver.com I get nothing. How can I tell if ssl is really loaded, and what is the best faq to read for my situation, i.e. I have apache 1.3.20 RedHat, OpenSSL version 0.9.6b, on redhat version 2.4.7-10. Is there a simple way to list all my modules that are actually loaded dynamically ? [I know the static command] I want to simply provide ssl encryption of web sessions between known and unknown clients and our webserver. I have attached a copy of my httpd.conf file. warmest regards, Eric Sean Webber Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: How to install mod_ssl + mod_webapp?
On Tue, Feb 26, 2002 at 09:41:51AM +0100, [EMAIL PROTECTED] wrote: i did compile a post-1.1.2 EAPI version of mod_jserv which works fine - and without warnings - with my configuration (apache 1.3.22/mod_ssl 2.8.5): http://www.modssl.org/contrib/mod_jserv-1.1.3-dev-eapi-WIN32.zip Thanks. The mod_webapp binary from jakarta.apache.org seems to be working fine despite the warning about EAPI. ...had to set KeepAlive Off in httpd.conf however (BUG #569) to get production quality. michael -Ursprungliche Nachricht- Von: Will Guaraldi [mailto:[EMAIL PROTECTED]] Gesendet: Freitag, 22. Februar 2002 15:36 An: [EMAIL PROTECTED] Betreff: RE: How to install mod_ssl + mod_webapp? For the record, we're running Apache 1.3.20/mod_ssl 2.8.4 with ApacheJServer 1.1.2 and we get the same warning when it loads JServ that you get with mod_webapp.c and our application works fine. So you might not have to recompile the mod_webapp module with -DEAPI. /will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wes Barris Sent: Thursday, February 21, 2002 5:21 PM To: modssl list Subject: How to install mod_ssl + mod_webapp? We are currently using Jakarta-tomcat-4.0.1 with Apache httpd 1.3.22 (binary distributions for linux downloaded from the www.apache.org website). I also have mod_webapp installed (downloaded from the same website). Now, I want to add mod_ssl functionality to this mix. From what I gather from the www.modssl.org website, I must throw away what I have and compile from sources in order to use mod_ssl. I followed the instructions on this page: http://www.modssl.org/example/ and everything seemed to build properly. After copying mod_ssl.so to the new ./libexec directory and adding the following two lines to ./conf/httpd.conf: LoadModule webapp_module libexec/mod_webapp.so AddModule mod_webapp.c I get this error message: root@redhat# /usr/local/apache-ssl/bin/apachectl configtest [Wed Feb 20 15:59:04 2002] [warn] Loaded DSO libexec/mod_webapp.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI) [Wed Feb 20 15:59:04 2002] [warn] module mod_webapp.c is already added, skipping Syntax OK I can read the words but I don't really know what to do. It seems to be saying that I have to compile mod_webapp using -DEAPI. Can anyone provide some guidance? -- Wes Barris E-Mail: [EMAIL PROTECTED] Phone: 07-3346-2504 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Wes Barris E-Mail: [EMAIL PROTECTED] Phone: 07-3346-2504 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]