Re: Re: Re: httpd configuration problem

[Bob McKay]

Solution (mostly) found. The problem is with a misconfiguration of  
the Fecora Core 4
http configuration tool: the tool doesn't know about the split in  
configuration files
in core 4 (httpd.conf in /etc/httpd/conf, ssl.conf in /etc/httpd/ 
conf.d). ssl.conf already
contains a Listen on 443 directive, so the listen on 443 directive  
which the configuration
tool creates in httpd.conf is a duplicate, and causes a duplicate  
listener problem.


I'll report the bug on bugzilla (my solution is to comment out the  
listent directive in ssl.conf,
so I can still use the configuration tool). I'm still left with one  
relatively minor problem. Fedora has a nice
Makefile support for creating certificates, including self-signed  
certificates, which is what I
need. However there is no provision for creating a chain file, yet  
the configuration tool insists
on there being one (it crashes otherwise). I put in a ca-bundle, and  
it appears to work, but it's
clearly not the right solution. What should go there? Or is there an  
appropriate way to create
my own chain file? Or is the configuration tool just wrong in  
insisting on one?


Thanks for any suggestions
Bob McKay

On 29/09/2005, at 21:13, Cliff Woolley wrote:


Starting httpd: (98)Address already in use: make_sock: could not
bind to address my IP address:443
no listening sockets available, shutting down


However the key information really is missing. So it looks like this
may be a problem in the fedora httpd configuration tool, because  
the key

information definitely is
there in the virtual host configuration in the gui, it's just not
getting saved for some reason.



Okay... although I don't think we've yet found a good explanation for
why you're getting the message you're getting.  Perhaps duplicate
Listen statements?
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]




***
Bob McKay
521-302, School of Computer Science  Engineering,
College of Engineering, Seoul National University, San 56-1,
Sinlim-dong, Gwanak-gu, Seoul 151-744, Korea

Tel:  +82 2 880 9392
email: [EMAIL PROTECTED]
web:   http://sc.snu.ac.kr




__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Grr.. where is my CA's Certificate file?

[Pigeon]

Hello, I am trying to setup apache to use a PKI (I think that is what it is 
called)... So each client will have to already have a public key to have 
access to my 'secure' apache server. I might hand out 5 of these public 
keys, and I want only those users to have access to this server.


My issue is this.. I cannot find my CA's certificate file (so I can tell 
ssl.conf about it via SSLCACertificateFile).


I have run  CA.pl -newca and then it creates these files:


--

[EMAIL PROTECTED] demoCA]# ls
cacert.pem  careq.pem  certs  crl  index.txt  index.txt.attr  index.txt.old 
newcerts  private  serial

[EMAIL PROTECTED] demoCA]# ls -R
.:
cacert.pem  careq.pem  certs  crl  index.txt  index.txt.attr  index.txt.old 
newcerts  private  serial


./certs:

./crl:

./newcerts:
EC895C0D3F2DC916.pem

./private:
cakey.pem
[EMAIL PROTECTED] demoCA]#

--

but now where is the file I tell ssl.conf about via  SSLCACertificateFile.


Sorry to bother you'll, but I have been trying to find this out nearly all 
day.. without sucess :(


thanks for any input!
Lee 
__

Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]