cant start ssl on apache2
Hello, im having some trouble when starting ssl on my apache2 server, first i must say that i did not install apache, so i really dont know if ssl was enabled, but i guess so since in the httpd.conf i have Include conf/ssl.conf well, the second thing is that i have configured everything in my ssl.conf file (i think it is ok) but when i restart apache it doesnt even "read" the ssl.conf file, i renamed the ssl.conf file to ssl.conf.1 and apache restarted successfully, so i think it just doesnt look for it when restarting. i did comment the in ssl.conf, in order to be able to start apache always with ssl support im pretty sure my ssl.conf and my httpd.conf files are correctly since i have another server with the same configurations and its working properly, but when i netstat -nl | grep 443 theres nothing listening and on the /usr/local/apache/logs/ directory theres no ssl_request_log/ ssl_scache.dir ssl_scache.pag log files, can anyone help me? -- Ciao, Javier linux counter #393724 GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: cant start ssl on apache2
Are you calling apachectl using the full path to the apachectl that knows where THOSE conf files are? Sorry for top-posting... It just seemed like the right thing to do in this case. javier rojas wrote: > Hello, > > im having some trouble when starting ssl on my apache2 server, first i > must say that i did not install apache, so i really dont know if ssl > was enabled, but i guess so since in the httpd.conf i have > > >Include conf/ssl.conf > > > well, the second thing is that i have configured everything in my > ssl.conf file (i think it is ok) but when i restart apache it doesnt > even "read" the ssl.conf file, i renamed the ssl.conf file to > ssl.conf.1 and apache restarted successfully, so i think it just > doesnt look for it when restarting. > > i did comment the > > > in ssl.conf, in order to be able to start apache always with ssl support > > im pretty sure my ssl.conf and my httpd.conf files are correctly since > i have another server with the same configurations and its working > properly, but when i > > netstat -nl | grep 443 > > theres nothing listening and on the /usr/local/apache/logs/ directory > theres no > ssl_request_log/ ssl_scache.dir ssl_scache.pag > log files, can anyone help me? > > -- > Ciao, Javier > linux counter #393724 > GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager[EMAIL PROTECTED] -- Phil Ehrens <[EMAIL PROTECTED]>| Fun stuff: The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org California Institute of Technology| http://www.trenchman.com 1200 East California Blvd.| http://www.tokyotosho.com Pasadena, CA 91125 USA| My gpg public key: Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: cant start ssl on apache2
2007/4/27, Phil Ehrens <[EMAIL PROTECTED]>: Are you calling apachectl using the full path to the apachectl that knows where THOSE conf files are? Sorry for top-posting... It just seemed like the right thing to do in this case. hello :) well im using the only apachectl in my machine, thats in /usr/local/apache2/bin and i comment the line Listen 80 and then /usr/local/apache2/bin/apachectl restart to see if apachectl was reading the correct httpd.conf and it didn't start the server -- Ciao, Javier linux counter #393724 GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: cant start ssl on apache2
javier rojas wrote: > 2007/4/27, Phil Ehrens <[EMAIL PROTECTED]>: > >Are you calling apachectl using the full path to the apachectl > >that knows where THOSE conf files are? > > > >Sorry for top-posting... It just seemed like the right thing to do > >in this case. > hello :) > > well im using the only apachectl in my machine, thats in > /usr/local/apache2/bin > > and i comment the line > Listen 80 > > and then > /usr/local/apache2/bin/apachectl restart > > to see if apachectl was reading the correct httpd.conf and it didn't > start the server And when you run /usr/local/apache2/bin/httpd -V Does everything look okay? Phil -- Phil Ehrens <[EMAIL PROTECTED]>| Fun stuff: The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org California Institute of Technology| http://www.trenchman.com 1200 East California Blvd.| http://www.tokyotosho.com Pasadena, CA 91125 USA| My gpg public key: Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: cant start ssl on apache2
On Fri, 27 Apr 2007, javier rojas wrote: 2007/4/27, Phil Ehrens <[EMAIL PROTECTED]>: Are you calling apachectl using the full path to the apachectl that knows where THOSE conf files are? /usr/local/apache2/bin/apachectl restart to see if apachectl was reading the correct httpd.conf and it didn't start the server I don't know if this will help... I have an installation on linux (2.4.18) wherein apache is installed in /usr/local/apachessl2/, and if I issue the 'apachectl restart' command it will *not* start SSL. Instead, I must execute 'apachectl startssl'. You can see if you have this situation: just examine the apachessl script (using less, vi, or your favorite editor) and search for 'startssl'. In my script, it looks like it just boils down to a '-DSSL' being passed to the invocation of httpd. You may also want to invoke the httpd executable by-hand to see if it issues anything on STDERR, and also check the error logfile that you have specified in your .conf file. If Apache is getting that far, it will almost certainly give you some good feedback. Finally (or perhaps first), you may want to invoke 'apachectl -t' to have it check your config file for syntax errors. It will not only tell you if you've mistyped something, but in some cases it'll tell you that you've left something out or specified conflicting configuration options. -dpmott __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: cant start ssl on apache2
And when you run /usr/local/apache2/bin/httpd -V Does everything look okay? m, this is what i was looking for. /usr/local/apache2/bin/httpd -V Server version: Apache/2.0.49 Server built: Apr 23 2007 10:41:23 Server's Module Magic Number: 20020903:7 Architecture: 64-bit Server compiled with -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT="/usr/local/apache2" -D SUEXEC_BIN="/usr/local/apache2/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" i think it was not compiled with ssl support:( -- Ciao, Javier linux counter #393724 GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: cant start ssl on apache2
2007/4/27, David P. Mott <[EMAIL PROTECTED]>: On Fri, 27 Apr 2007, javier rojas wrote: > 2007/4/27, Phil Ehrens <[EMAIL PROTECTED]>: >> Are you calling apachectl using the full path to the apachectl >> that knows where THOSE conf files are? >> > > /usr/local/apache2/bin/apachectl restart > > to see if apachectl was reading the correct httpd.conf and it didn't > start the server I don't know if this will help... I have an installation on linux (2.4.18) wherein apache is installed in /usr/local/apachessl2/, and if I issue the 'apachectl restart' command it will *not* start SSL. Instead, I must execute 'apachectl startssl'. You can see if you have this situation: just examine the apachessl script (using less, vi, or your favorite editor) and search for 'startssl'. In my script, it looks like it just boils down to a '-DSSL' being passed to the invocation of httpd. You may also want to invoke the httpd executable by-hand to see if it issues anything on STDERR, and also check the error logfile that you have specified in your .conf file. If Apache is getting that far, it will almost certainly give you some good feedback. Finally (or perhaps first), you may want to invoke 'apachectl -t' to have it check your config file for syntax errors. It will not only tell you if you've mistyped something, but in some cases it'll tell you that you've left something out or specified conflicting configuration options. hello :) if u comment the lines in your ssl.conf file, everytime you start your server it will automatically start support for ssl, so there's no need for apachectl startssl the problem is that in the log folder in apache2, theres no log file for ssl, so i think apache is not starting ssl support /usr/local/apache2/bin/apachectl -t Syntax OK i didnt know this one, its very useful, thanks a lot!!!...:) -- Ciao, Javier linux counter #393724 GPG Key Fingerprint = 46B76CFEDB0161089D9ECB22FEFDE7EBA8C2007E __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: cant start ssl on apache2
javier rojas wrote: > >And when you run > > > > /usr/local/apache2/bin/httpd -V > > > >Does everything look okay? > > m, this is what i was looking for. > > /usr/local/apache2/bin/httpd -V > Server version: Apache/2.0.49 > Server built: Apr 23 2007 10:41:23 > Server's Module Magic Number: 20020903:7 > Architecture: 64-bit > Server compiled with > -D APACHE_MPM_DIR="server/mpm/prefork" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_PROC_PTHREAD_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D HTTPD_ROOT="/usr/local/apache2" > -D SUEXEC_BIN="/usr/local/apache2/bin/suexec" > -D DEFAULT_PIDLOG="logs/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_LOCKFILE="logs/accept.lock" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > i think it was not compiled with ssl support:( It won't tell you that from -V. Is there a file named: /usr/local/apache2/modules/mod_ssl.so Phil -- Phil Ehrens <[EMAIL PROTECTED]>| Fun stuff: The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org California Institute of Technology| http://www.trenchman.com 1200 East California Blvd.| http://www.tokyotosho.com Pasadena, CA 91125 USA| My gpg public key: Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.x : Terminate SSL Session from own module ?
I am trying to terminate a two-way SSL session after a user successfully logs off. I need to terminate the SSL session on the server because the client application is in a kiosk and the user cannot close the browser or clear the SSL cache. In Serge's response below he refers to 'my own module'. Is he modifying the mod_ssl module and deploying that or can I directly make calls to the mod_ssl module in a custom c module? Sorry I am not familiar with c modules but am familiar with perl modules and have written authn and authz handlers. I appreciate any help you can provide. Andy Hale Serge Hauser wrote: Tue, 24 Oct 2006 06:53:50 -0700 Hi all, i try to terminate a session in my own module by setting the creation time and flushing the cache, unfortunately by the next request from the same client i get the same session again. (actually it seems to take it from the cache (ignoring the openssl sessioncache attributes). is there any way i can force mod_ssl to explicitly invalidate a session so it will get deleted from the cache aswell ? the code is use is basically: r->connection->keepalive = -1; ssl_sess = SSL_get_session(ssl); ssl_ctx = SSL_get_SSL_CTX(ssl); SSL_CTX_remove_session(ssl_ctx, ssl_sess); SSL_SESSION_set_time(ssl_sess, 0); SSL_CTX_flush_sessions(ssl_ctx, time(0)); ssl_sess->not_resumable = 1; anyone has a hint for me what i am doing wrong or what i additionally need to do to get rid of the session ? thanks Serge Andy Hale Modis IT DEERS/Defense Manpower Data Center Phone: (831) 583-2500 Ext. 4719 Email: [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
