StdEnvVars lost with suEXEC mechanism
Hello, I have settled a virtualhost to work with the suEXEC mechanism. ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/sympa ServerName sympa.archi.fr #User sympa #Group listserv UserDir disabled ScriptAlias /wws /export/home/sympa/bin/wwsympa.fcgi ErrorLog /export/home0/apache/gamsau/logs/sympa443.error_log TransferLog /export/home0/apache/gamsau/logs/sympa443.access_log DirectoryIndex wws SSLOptions +StdEnvVars SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/sympa.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/sympa.key SSLCACertificatePath /usr/local/apache/conf/ssl.crt/ SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.crt SSLVerifyClient optional SSLVerifyDepth 5 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" If I disable the suEXEC mechanism, the secure connexion is established but I can not access to the writable directories belonging to sympa (normally enabled by the suEXEC mechanism). If I enable the suEXEC mechanism, my email read in my local certificat is not transmitted to the server, so I can't access to the secure pages. are suExec and SSL compatible? Thanks for any suggestion. -- Anne DURAND GAMSAU - MAP UMR CNRS-MCC n° 694 "Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage" Ecole d'Architecture de Marseille 184 av de Luminy 13288 Marseille Cedex 09 tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71 mel : [EMAIL PROTECTED] http : www.map.archi.fr Ce message est signé. Vous pouvez télécharger le certificat de l'autorité de certification archi.fr à l'adresse http://www.archi.fr/certif/archi.pem Signature cryptographique S/MIME
Lost environment variables
Hello, The definition of the virtualhost in the httpd.conf file is shown at the bottom. When opening the URL https://sympa.archi.fr/printenv, the system seems to load my personal certificat (the page is locked) but I get only the regular http variables : What should I do get also the SSL variables? Thanks in advance for any suggestion. DOCUMENT_ROOT="/export/home/sympa" GATEWAY_INTERFACE="CGI/1.1" HTTP_ACCEPT="image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*" HTTP_ACCEPT_CHARSET="iso-8859-1,*,utf-8" HTTP_ACCEPT_ENCODING="gzip" HTTP_ACCEPT_LANGUAGE="fr-FR,en" HTTP_CONNECTION="Keep-Alive" HTTP_COOKIE="SITESERVER=ID=f24d0dd80cc13ec1e3c09b6dfe149b20; I_Am_Not_An_Email_Sniffer=Let_Me_In" HTTP_HOST="sympa.archi.fr" HTTP_PRAGMA="no-cache" HTTP_USER_AGENT="Mozilla/4.75 [fr] (WinNT; U)" PATH="/usr/local/bin:/usr/bin:/bin" QUERY_STRING="" REMOTE_ADDR="193.50.232.53" REMOTE_PORT="2515" REQUEST_METHOD="GET" REQUEST_URI="/printenv" SCRIPT_FILENAME="/export/home/sympa/bin/printenv" SCRIPT_NAME="/printenv" SERVER_ADDR="193.50.232.12" SERVER_ADMIN="[EMAIL PROTECTED]" SERVER_NAME="sympa.archi.fr" SERVER_PORT="443" SERVER_PROTOCOL="HTTP/1.0" SERVER_SOFTWARE="Apache/1.3.14 (Unix) PHP/3.0.16 mod_ssl/2.7.1 OpenSSL/0.9.6" TZ="MET" SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 500 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /usr/local/apache/logs/ssl_engine_log SSLLogLevel debug ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/sympa ServerName sympa.archi.fr User sympa Group listserv UserDir disabled ScriptAlias /printenv /export/home/sympa/bin/printenv ErrorLog /export/home0/apache/gamsau/logs/sympa443.error_log TransferLog /export/home0/apache/gamsau/logs/sympa443.access_log SSLOptions +StdEnvVars +ExportCertData AllowOverride All Options ExecCGI Order allow,deny Allow from all SSLOptions +StdEnvVars SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/sympa.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/sympa.key SSLCACertificatePath /usr/local/apache/conf/ssl.crt/ SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.crt SSLVerifyClient optional SSLVerifyDepth 10 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" -- Anne DURAND GAMSAU - MAP UMR CNRS-MCC n° 694 "Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage" Ecole d'Architecture de Marseille 184 av de Luminy 13288 Marseille Cedex 09 tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71 mel : [EMAIL PROTECTED] http : www.map.archi.fr Ce message est signé. Vous pouvez télécharger le certificat de l'autorité de certification archi.fr à l'adresse http://www.archi.fr/certif/archi.pem Signature cryptographique S/MIME
virtualhost name does NOT match server name
Hello on solaris 2.6 Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library: OpenSSL/0.9.6 On our server corbu.gamsau.archi.fr I want to secure a virtual host sympa.archi.fr on two ways : the standard way on port 80 with cookies and the SSL way on port 443 httpd.conf Port 80 SSLDisable ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/sympa ServerName sympa.archi.fr ... Port 443 ServerAdmin [EMAIL PROTECTED] DocumentRoot /export/home/sympa ServerName sympa.archi.fr User sympa Group listserv UserDir disabled ScriptAlias /wws /export/home/sympa/bin/wwsympa.fcgi ErrorLog /export/home0/apache/gamsau/logs/wwsympa443_error TransferLog /export/home0/apache/gamsau/logs/wwsympa443_access DirectoryIndex wws SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLVerifyClient 0 SSLVerifyDepth 10 ... [02/Dec/2000 15:59:45 04465] [info] Init: Initializing (virtual) servers for SSL [02/Dec/2000 15:59:45 04465] [info] Init: Configuring server 127.0.0.1:443 forSSL protocol [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Configuring RSA server certificate [02/Dec/2000 15:59:45 04465] [warn] Init: (127.0.0.1:443) RSA server certificate CommonName (CN) `sympa.archi.fr' does NOT match server name!? [02/Dec/2000 15:59:45 04465] [trace] Init: (127.0.0.1:443) Configuring RSA server private key [02/Dec/2000 15:59:45 04465] [warn] Init: (sympa.archi.fr:443) You configured HTTP(80) on the standard HTTPS(443) port! Any advice for generating the certificate or for the httpd.conf file? Thanks in advance -- Anne DURAND GAMSAU - MAP UMR CNRS-MCC n° 694 "Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage" Ecole d'Architecture de Marseille 184 av de Luminy 13288 Marseille Cedex 09 tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71 mel : [EMAIL PROTECTED] http : www.map.archi.fr __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl: Init: Failed to generate temporary 512 bit RSA private key
Hello, Here is my configuration : Solaris 2.6, Apache 1.3.14, openSSL 0.96, modSSL 2.7.1 What I did : cd modSSL ./configure --with-ssl=../../openssl-0.9.6 --with-apache=../../../apache/apache_1.3.14 --prefix=/usr/local/apache cd ../../../apache/apache_1.3.14 make make certificate make install When I run /usr/local/apache/bin/httpd -d /export/home0/apache/gamsau to test my normal web server with this new version, I get the error " mod_ssl: Init: Failed to generate temporary 512 bit RSA private key" Thanks for any help -- Anne DURAND GAMSAU - MAP UMR CNRS-MCC n° 694 "Modèles et simulations pour l'Architecture, l'urbanisme et le Paysage" Ecole d'Architecture de Marseille 184 av de Luminy 13288 Marseille Cedex 09 tel : 04 91 82 71 62/70 - fax : 04 91 82 71 71 mel : [EMAIL PROTECTED] http : www.map.archi.fr __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]