Apache and mod_ssl (extra info)
So I tried something kind of new. I completely removed the directory with the non-functioning apache install. I went back to the source, did a make clean, a new configure using the same parameters as before: ./configure --prefix=/opt/apache3 --enable-auth-dbm=shared --enable-expires=shared --enable-headers=shared --enable-rewrite=shared --enable-mime-magic=shared --enable-info=shared --enable-status=shared --enable-userdir=shared --enable-http --enable-so --enable-ssl=static --with-ssl=/opt/openssl098d --with-perl=/opt/perl58 --with-ndbm --enable-ldap=shared --enable-auth_ldap=shared --with-ldap=/usr/local/OpenLDAP.2.3 Had SHLIB_PATH set to "/opt/openssl098d/lib:/usr/local/OpenLDAP.2.3/lib" as well as CPPFLAGS and LDFLAGS set with -I and -L flags for those two non-standard directories. This is all the same as what I had done before. After the make, make install, I went in to the installed directory and made as minimal changes as I could. I changed Listen port in the main httpd.conf to 8040 and the Listen port (as well as the VirtualHost port) in ssl.conf to 8045 so it wouldn't step on the toes of the production apache process. I then changed the User and Group directives in httpd.conf to the webadmin user which the other apache process runs as. Launched this just about plain jane apache using apachectl startssl. Connecting via http to 8040, everything looks fine. Connecting via https to port 8045 shows the behavior of child processing hanging in a waiting state. Am I wrong in thinking this is a permissions issue? Or perhaps something is funky with the fact that the SSL libraries are in a strange spot? I've tried adding the library path to envvars in apache3/bin and having PassEnv SHLIB_PATH in the httpd.conf. However, the WORKING installation is linked to these exact same libraries and although there's a PassEnv command in it's httpd.conf, nothing was added to envvars. If it *is* a permissions issue, what does mod_ssl need permission to get to in order to function properly? I notice that the ssl_scache.dir and ssl_scache.pag files are created in the logs directory, (though the .dir file is 0 bytes) both owned by webadmin, so that user can at least CREATE files in that directory.
Apache and mod_ssl
I have a feeling that I'm missing something elementary here. I have an install of apache 2.0.55 with mod_ssl enabled on a HP-UX system in /opt/apache2. This one runs fine. I recompiled another copy of apache (same version) into /opt/apache2a (for testing purposes) to add mod_ldap support and that one worked as well. Then I tried recreating apache2a in apache2 by doing a recompile using a prefix of apache2 and then doing an install after backing everything up and moving the old apache install out of the way. However, this one DOESN'T work. If I launch it WITHOUT SSL turned on (i.e, no SSLEngine on) directive, everything works great. But as soon as I turn on SSL in a VirtualHost, then strange things happen. A client will connect to the test port via SSL, the SSL negotiation appears to work just fine (tested using openssl s_client), but when you attempt to do a GET, the request is sent, but a reply never shows up. Nothing appears in the access_log, and child processes begin to spawn with each request. I can pull up the server-status url and everytime I hit refresh, one child process goes to "W" and another one is spawned. Clicking repeatedly will continue this process until there are a ton of processes, all stuck at "Waiting" with 0/0/0 under the Acc columntDo it enough, the server's load average starts to climb. I've checked and double checked every permission I can possible find. The User and Group directives are both set to "webadmin" which is the same in all configurations. The permissions of the sub-directories in both directories match between the two. I have this feeling that it's simple with the directory permissions and/or structure but I just can't seem to locate it. Anyone have any ideas on what else I might need to look at? Aaron Aaron Smith[EMAIL PROTECTED] System Administrator (269) 337-7496 Kalamazoo College
Re: Apache and mod_ssl - refusing connections on https?
I figured it out people, I just needed to start httpd with -DSSL. SO I was being dumb. --- Glyn Astill <[EMAIL PROTECTED]> wrote: > Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file: > > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > > Listen 443 > Listen my.ip.ad.dr:443 > > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl.crl > > SSLPassPhraseDialog builtin > > SSLSessionCache dbm:/var/run/ssl_scache > SSLSessionCacheTimeout 300 > > SSLMutex file:/var/run/ssl_mutex > > > > DocumentRoot "/usr/pkg/share/httpd/htdocs" > ServerName www.mydomain.net:443 > ServerAdmin [EMAIL PROTECTED] > ErrorLog /var/log/httpd/error_log > TransferLog /var/log/httpd/access_log > > SSLEngine on > > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt > SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem > > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog /var/log/httpd/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > > > Any ideas? > > --- "Omar W. Hannet" <[EMAIL PROTECTED]> wrote: > > > SSLEngine On? > > > > Glyn Astill wrote: > > > Hi people, > > > > > > I'm new to this list, so hello. > > > > > > I've been trying to get https working with apache 2.0.59 on > > NetBSD > > > 3.99 today, and it's > > > beginning to make my face ache. > > > > > > Basically when I try to view a page via https I get connection > > > refused. Apache is compiled with mod_ssl.c, I have openssl > > installed. > > > > > > This is what I've done so far: > > > > > > 1) Copied the example openssl cfg from examples to > > > /etc/openssl/openssl.cnf > > > > > > 2)Generated my server key, then pem file then the csr and crt. > > > > > > 3)Then coppied them all into ssl.key (server.pem, server.key), > > > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my > > > ssl.conf expects them. > > > > > > 4) Made sure ssl.conf is pointing to these files properly and > is > > > listening on port 443 (Listen :443) > > > > > > 5) Made sure ssl.conf is included in httpd.conf properly > > > > > > 6) check that mod_ssl.c is compiled in with https -l > > > > > > 7) checked my apache access and error logs - nothing ! > > > > > > And still nothing, it can't be listening on 443. > > > > > > If I do the following: > > > > > > #openssl s_client -connect localhost:443 -state -debug > > > > > > I get: > > > > > > connect: Connection refused > > > connect:errno=61 > > > I've even tried copying all my virtual hosts and changing :80 > to > > > :443, still nothing. > > > > > > This is really the first time I've ever touched ssl, so I'm > > hoping > > > I'm missing something really dumb. I've basically just got the > > > standard ssl.conf example modified ever so slightly so that > > things > > > point in the right place. > > > > > > ? > > > > > > Any ideas? > > > > > > > > > Cheers > > > Glyn > > > > > > > > > > ___ > > > > > Yahoo! Mail is the world's favourite email. Don't settle for > > less, sign up for > > > your free account today > > > http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html > > > > > > > > __ > > > Apache Interface to OpenSSL (mod_ssl) > > www.modssl.org > > > User Support Mailing List > > modssl-users@modssl.org > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > -- > > Omar W. Hannet > > http://www.allez-oop.net/ > > > __ > > Apache Interface to OpenSSL (mod_ssl) > > www.modssl.org > > User Support Mailing List > > modssl-users@modssl.org > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > ___ > Yahoo! Answers - Got a question? Someone out there knows the > answer. Try it > now. > http://uk.answers.yahoo.com/ > __ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager > [EMAIL PROTECTED] > ___ Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html __
Re: Apache and mod_ssl - refusing connections on https?
Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file: SSLRandomSeed startup builtin SSLRandomSeed connect builtin Listen 443 Listen my.ip.ad.dr:443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex DocumentRoot "/usr/pkg/share/httpd/htdocs" ServerName www.mydomain.net:443 ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Any ideas? --- "Omar W. Hannet" <[EMAIL PROTECTED]> wrote: > SSLEngine On? > > Glyn Astill wrote: > > Hi people, > > > > I'm new to this list, so hello. > > > > I've been trying to get https working with apache 2.0.59 on > NetBSD > > 3.99 today, and it's > > beginning to make my face ache. > > > > Basically when I try to view a page via https I get connection > > refused. Apache is compiled with mod_ssl.c, I have openssl > installed. > > > > This is what I've done so far: > > > > 1) Copied the example openssl cfg from examples to > > /etc/openssl/openssl.cnf > > > > 2)Generated my server key, then pem file then the csr and crt. > > > > 3)Then coppied them all into ssl.key (server.pem, server.key), > > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my > > ssl.conf expects them. > > > > 4) Made sure ssl.conf is pointing to these files properly and is > > listening on port 443 (Listen :443) > > > > 5) Made sure ssl.conf is included in httpd.conf properly > > > > 6) check that mod_ssl.c is compiled in with https -l > > > > 7) checked my apache access and error logs - nothing ! > > > > And still nothing, it can't be listening on 443. > > > > If I do the following: > > > > #openssl s_client -connect localhost:443 -state -debug > > > > I get: > > > > connect: Connection refused > > connect:errno=61 > > I've even tried copying all my virtual hosts and changing :80 to > > :443, still nothing. > > > > This is really the first time I've ever touched ssl, so I'm > hoping > > I'm missing something really dumb. I've basically just got the > > standard ssl.conf example modified ever so slightly so that > things > > point in the right place. > > > > ? > > > > Any ideas? > > > > > > Cheers > > Glyn > > > > > > ___ > > > Yahoo! Mail is the world's favourite email. Don't settle for > less, sign up for > > your free account today > http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html > > > > __ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > modssl-users@modssl.org > > Automated List Manager > [EMAIL PROTECTED] > > > -- > Omar W. Hannet > http://www.allez-oop.net/ > __ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager > [EMAIL PROTECTED] > ___ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl - refusing connections on https?
SSLEngine On? Glyn Astill wrote: Hi people, I'm new to this list, so hello. I've been trying to get https working with apache 2.0.59 on NetBSD 3.99 today, and it's beginning to make my face ache. Basically when I try to view a page via https I get connection refused. Apache is compiled with mod_ssl.c, I have openssl installed. This is what I've done so far: 1) Copied the example openssl cfg from examples to /etc/openssl/openssl.cnf 2)Generated my server key, then pem file then the csr and crt. 3)Then coppied them all into ssl.key (server.pem, server.key), ssl.csr (server.csr) and ssl.crt (server.crt). This is where my ssl.conf expects them. 4) Made sure ssl.conf is pointing to these files properly and is listening on port 443 (Listen :443) 5) Made sure ssl.conf is included in httpd.conf properly 6) check that mod_ssl.c is compiled in with https -l 7) checked my apache access and error logs - nothing ! And still nothing, it can't be listening on 443. If I do the following: #openssl s_client -connect localhost:443 -state -debug I get: connect: Connection refused connect:errno=61 I've even tried copying all my virtual hosts and changing :80 to :443, still nothing. This is really the first time I've ever touched ssl, so I'm hoping I'm missing something really dumb. I've basically just got the standard ssl.conf example modified ever so slightly so that things point in the right place. ? Any ideas? Cheers Glyn ___ Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] -- Omar W. Hannet http://www.allez-oop.net/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Apache and mod_ssl - refusing connections on https?
Hi people, I'm new to this list, so hello. I've been trying to get https working with apache 2.0.59 on NetBSD 3.99 today, and it's beginning to make my face ache. Basically when I try to view a page via https I get connection refused. Apache is compiled with mod_ssl.c, I have openssl installed. This is what I've done so far: 1) Copied the example openssl cfg from examples to /etc/openssl/openssl.cnf 2)Generated my server key, then pem file then the csr and crt. 3)Then coppied them all into ssl.key (server.pem, server.key), ssl.csr (server.csr) and ssl.crt (server.crt). This is where my ssl.conf expects them. 4) Made sure ssl.conf is pointing to these files properly and is listening on port 443 (Listen :443) 5) Made sure ssl.conf is included in httpd.conf properly 6) check that mod_ssl.c is compiled in with https -l 7) checked my apache access and error logs - nothing ! And still nothing, it can't be listening on 443. If I do the following: #openssl s_client -connect localhost:443 -state -debug I get: connect: Connection refused connect:errno=61 I've even tried copying all my virtual hosts and changing :80 to :443, still nothing. This is really the first time I've ever touched ssl, so I'm hoping I'm missing something really dumb. I've basically just got the standard ssl.conf example modified ever so slightly so that things point in the right place. ? Any ideas? Cheers Glyn ___ Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
apache and mod_ssl sending close_notify and getting XMLHTTP on IE out of sync
Hello all In my environment a reverse proxy using apache (and mod_ssl) secures the frontend server. Server is Apache 1.3.35 with mod_ssl 2.8.26, openssl 0.9.8a The problem arises when using OWA and checking names in the mail being sent. IE uses XMLHTTP to make asynchronious lookups of the username to the backend resulting in a POST through the SSL channel. Before the problem arises, mod_ssl sends an SSL alert (close_notify) to the browser and closes the connection. When the users checks the names in OWA now, the XMLHTTP still tries to send through the previously closed SSL channel, to no avail of course. Is there a possibility to stop mod_ssl from closing the SSL channel or can anybody point me into the right direction. Best regards, Pascal. PS: I have traces if needed (snoop and ssldump) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache and MOD_SSL
On Mon, Dec 27, 2004 at 11:06:21PM -0500, leandro asnaghi-nicastro wrote: > $ openssl s_client -connect def.con.ca:443 > CONNECTED(0003) > 24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:475: > That's usually what happens if the server is responding in HTTP instead of HTTPS. You could try adding -state -debug to the openssl s_client command to get more info. Also check your error log on the server, it should have something about invalid method. If def.con.ca is in fact the host with the problem, then I get the following with -debug: [SNIP] - 3c 21 44 4f 43 54 59 Further reading online: add SSLEngine on within the Virtual Host > setting (I'm guessing they meant in mod_ssl.conf?) and that is done. It has to go inside the VirtualHost block for the port 443 vhost. You also need a few other settings there pointing to the certificates. You could try posting the ssl related part of that vhost. > [EMAIL PROTECTED]:/etc/apache# netstat -tln | grep 443 > tcp0 0 0.0.0.0:443 0.0.0.0:* > LISTEN > > Okay, so I'm not that off. > Certainly there is something listening on port 443 - the s_client error would have been different if there was nothing on that port. > Obviously I am doing something wrong, albeit I am at a loss as to > what excatly I screwed up. Can someone kindly kick me in the right > direction? > It still looks like you don't have SSLEngine on in the right place. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Apache and MOD_SSL
Hello everyone. I apologize for disturbing with this request, but I am a little stumped. I have Linux Slackware 2.4 on a Duron 700 with 150 MB of ram or so. I wanted access to SquirrelMail and I wanted to be able to do so with https, so that I was secure when doing it outside of the local network. Despite generating the keys (password free) and signing them, configuring to what I believed to be correct (obviously not) conf files for mod_ssl and httpd, I get the following error: $ openssl s_client -connect def.con.ca:443 CONNECTED(0003) 24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475: I did some searching online and reading around someone suggested that I'd add the following to httpd.conf: LoadModule ssl_module libexec/libssl.so AddModule mod_ssl.c There is no need: [EMAIL PROTECTED]:/etc/apache# apachectl configtest [Mon Dec 27 22:08:58 2004] [warn] module ssl_module is already loaded, skipping [Mon Dec 27 22:08:58 2004] [warn] module mod_ssl.c is already added, skipping Further reading online: add SSLEngine on within the Virtual Host setting (I'm guessing they meant in mod_ssl.conf?) and that is done. As well it was suggested that there may be a lack of directory. That's present as well. Checking the status: [EMAIL PROTECTED]:/etc/apache# netstat -tln | grep 443 tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN Okay, so I'm not that off. Obviously I am doing something wrong, albeit I am at a loss as to what excatly I screwed up. Can someone kindly kick me in the right direction? leandro -- leandro asnaghi-nicastro - editor in chief - [EMAIL PROTECTED] capital of nasty electronic magazine - http://con.ca/ irc.con.ca #con / icq uin 889318 / msn [EMAIL PROTECTED] "more annoying than any other leading brand" __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
apache and mod_ssl
hi guys! i have following question: i installed an apache webserver with mod_ssl. on this server serveral projekts are available, what i want is, that only one directory (projekt) is accessible via https/ssl (only https/ssl) for all users (also internet) and the rest of the site should ONLY be acccessible via http. is that possible? i played around with my httpd.conf, but i didn't get it. thx steve
Re: Two certificates in apache and mod_ssl
Are you using IP Based virtual hosting? I don't think you can have multiple certificates on a since IP on the same port. On Fri, 2002-06-21 at 10:34, Kirchner Stefan wrote: > Hello, > > I defined two virtual hosts in apache + mod_ssl with two different server > certificates. > I tried to access the https connection and I got for both virtual hosts the > certificate of the first virtual host. > > How do I have to configure it to get the right certificate of each virtual > host. > > Or is it not possible? Or how? > > Stefan > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] -- Sean M. Alderman ITRACK Systems Analyst PACE/NCI - NASA Glenn Research Center (216) 433-2795 Calling a windowed operating system "Windows" is like naming an automobile "Wheels." __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Two certificates in apache and mod_ssl
Try adding the following directive to your definition: SSLCertificateFile /path/to/file SSLCertificateKeyFile /path/to/file Also make sure that the above directives are not configured for the main server. That's it. Brian Vaughan -Original Message- From: Kirchner Stefan [mailto:[EMAIL PROTECTED]] Sent: Friday, June 21, 2002 10:34 AM To: '[EMAIL PROTECTED]' Subject: Two certificates in apache and mod_ssl Hello, I defined two virtual hosts in apache + mod_ssl with two different server certificates. I tried to access the https connection and I got for both virtual hosts the certificate of the first virtual host. How do I have to configure it to get the right certificate of each virtual host. Or is it not possible? Or how? Stefan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Two certificates in apache and mod_ssl
Hello, I defined two virtual hosts in apache + mod_ssl with two different server certificates. I tried to access the https connection and I got for both virtual hosts the certificate of the first virtual host. How do I have to configure it to get the right certificate of each virtual host. Or is it not possible? Or how? Stefan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
On Thu, 2002-02-07 at 16:02, bhawna sinha wrote: > Also in the error log it says "invalid > method in request". that means you're talking SSL to a normal http server. in other words, port 443 is not listening for ssl connections. -- [EMAIL PROTECTED] || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing." signature.asc Description: This is a digitally signed message part
RE: apache and mod_ssl
You neet to point your browser to https://www.yourdomain.foo or http://www.yourdomain.foo:443. Unless you are testing from the local http server, you will need to update your DNS with the new domain name(s). You also need to tell Apache to listen on port 443 in the httpd.conf file. If you are using virtual hosts, you will need to add other things in the httpd.conf file like (this config is for name-based v-hosts): NameVirtualHost *:80 NameVirtualHost *:443 Listen 80 Listen 443 SSLEngine on SSLCACertificatePath /usr/local/apache/conf/certs/ SSLCACertificateFile /usr/local/apache/conf/certs/ca.crt SSLCertificateChainFile /usr/local/apache/conf/certs/ca.crt SSLCertificateFile /usr/local/apache/conf/certs/server.crt SSLCertificateKeyFile /usr/local/apache/conf/certs/server.key DocumentRoot /usr/local/apache/htdocs ServerName www.yourdomain.foo [or www.sub.yourdomain.foo] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of bhawna sinha Sent: Thursday, February 07, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: apache and mod_ssl I have installed apache web server software and the Apache interface to OpenSSL(mod_ssl) in order to have a secure server. I have changed the configuration file httpd.conf and ssl is enabled on port 443. But the problem is whenever I try the url https://localhost:443, it says cannot connect to server. It seems that it is not able to connect to port 443. Also in the error log it says "invalid method in request". I am attaching the conf file: ---***- LoadModule ssl_module modules/mod_ssl.so ServerAdmin [EMAIL PROTECTED] ServerName 127.0.0.1 SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/ssl.log SSLLogLevel info SSLEngine on SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key #SSLVerifyClient require #SSLVerifyDepth 1 #SSLCACertificatePath conf/ssl #SSLCACertificateFile conf/ssl/my-server.cert I would appreciate if anyone could give me a solution Thanks Bhawna __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
Hi bhawna! On 7 Feb 02 at 16:02 you wrote: > problem is whenever I try the url > https://localhost:443, it says cannot connect to > server. Have you tried just https://localhost ? It should work without specifying the port, but it also should work when you do specify the port. Do you have 'Listen 443' somewhere in your config file? You should. -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * Make yourself at home! Clean my kitchen. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apache and mod_ssl
I have installed apache web server software and the Apache interface to OpenSSL(mod_ssl) in order to have a secure server. I have changed the configuration file httpd.conf and ssl is enabled on port 443. But the problem is whenever I try the url https://localhost:443, it says cannot connect to server. It seems that it is not able to connect to port 443. Also in the error log it says "invalid method in request". I am attaching the conf file: ---***- LoadModule ssl_module modules/mod_ssl.so ServerAdmin [EMAIL PROTECTED] ServerName 127.0.0.1 SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/ssl.log SSLLogLevel info SSLEngine on SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key #SSLVerifyClient require #SSLVerifyDepth 1 #SSLCACertificatePath conf/ssl #SSLCACertificateFile conf/ssl/my-server.cert I would appreciate if anyone could give me a solution Thanks Bhawna __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache and Mod_SSL
You can use cygwin and it comes with openssl compiled. Regards, Lin Geng -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eduardo Fresno Sent: Wednesday, January 23, 2002 5:54 AM To: [EMAIL PROTECTED] Subject: Apache and Mod_SSL Hi, I was wondering if you could help me on this issue. I'm trying to make Apache a secure server by adding SSL performance. There may exist two main ways to do it: 1) Mod_SSL 2) Apache-SSL I've tried out the first option, but during the process, I've been asked for the 'nmake' compiler. I don't have this compiler and I don't want to pay for it, as I think it is provided with Visual C++ ($$$). So I was wondering if there exist another way to make it. ?? If not, I'm thinking about using Apache-SSL instead of Mod_SSL, in spite of the fact that most people may prefer Mod_SSL. Is it worth using Apache-SSL instead of Mod_SSL? I mean, are there big differences between both two options? Which one is the best? Thanks in advance, -- Edd. ___ Do You Yahoo!? Yahoo! Messenger Comunicación instantánea gratis con tu gente. http://messenger.yahoo.es __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
We do need 2 Virtual Host-Directives for HTTP & HTTPS (as we talked about this in this list before). So it's simpler to just to use: Redirect / https://%(HTTP_HOST)/ This needs the mod_alias which is compiled in by default. GreetingX, Alex --- ___cliff rayman___ <[EMAIL PROTECTED]> schrieb: > if u have compiled in mod_rewrite, i believe the > code below will do what you want. i have not tested > it here however. check out the following documentation. > > http://httpd.apache.org/docs/mod/mod_rewrite.html > http://httpd.apache.org/docs/misc/rewriteguide.html > > - snip > RewriteEngineon > RewriteCond %{HTTPS} !=on > RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] > - snip > > Janakiraman Mohanaraman wrote: > > > Hi: > > > > I am using mod_ssl and openssl in Linux platform for the first time. I was > > unable to locate documentation regarding the following and am not sure if > > this is do-able or not. > > > > I was trying to setup a directory on my server in such a way that all URL > > calls to that directory use SSL. Even if the URL entered in the browser is > > http://..., I would like to change that to https://...:443 automatically. > > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag > > for the directory to require SSL to access this directory. However, I was > > able to access this directory in http. I am using Apache 1.3.20, mod_ssl > > 2.8.4, openssl-0.9.6b in Linux 7.1 platform. > > > > I am looking for resolving 2 issues: > > a) Apache / mod_ssl Configuration to ensure that calls to a specific > > directory (say, /usr/apache/test/ssl) always use SSL; > > b) If user tries to access this directory in using http, automatically > > change that to https. > > > > Can someone shed light on whether this is do-able and if so how? > > > > -- > ___cliff [EMAIL PROTECTED]http://www.genwax.com/ > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
Janakiraman Mohanaraman wrote: > At 04:48 PM 8/22/2001 -0700, you wrote: > >if u have compiled in mod_rewrite, i believe the > >code below will do what you want. i have not tested > >it here however. check out the following documentation. > > > >http://httpd.apache.org/docs/mod/mod_rewrite.html > >http://httpd.apache.org/docs/misc/rewriteguide.html > > > >- snip > >RewriteEngineon > >RewriteCond %{HTTPS} !=on > >RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] in particular for the directories /tst/ssl and /tst/ssl2 RewriteEngineon RewriteCond %{HTTPS} !=on RewriteRule ^/test/ssl/(.+) https://%(HTTP_HOST)/tst/ssl/$1 [R,L] RewriteCond %{HTTPS} !=on RewriteRule ^/test/ssl2/(.+) https://%(HTTP_HOST)/tst/ssl2/$1 [R,L] i wanted to make sure this was clear. > > >- snip > > > >Janakiraman Mohanaraman wrote: > > > > > > > I was trying to setup a directory on my server in such a way that all URL > > > calls to that directory use SSL. Even if the URL entered in the browser is > > > http://..., I would like to change that to https://...:443 automatically. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
Thanks for your prompt response! MJ. At 04:48 PM 8/22/2001 -0700, you wrote: >if u have compiled in mod_rewrite, i believe the >code below will do what you want. i have not tested >it here however. check out the following documentation. > >http://httpd.apache.org/docs/mod/mod_rewrite.html >http://httpd.apache.org/docs/misc/rewriteguide.html > >- snip >RewriteEngineon >RewriteCond %{HTTPS} !=on >RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] >- snip > >Janakiraman Mohanaraman wrote: > > > Hi: > > > > I am using mod_ssl and openssl in Linux platform for the first time. I was > > unable to locate documentation regarding the following and am not sure if > > this is do-able or not. > > > > I was trying to setup a directory on my server in such a way that all URL > > calls to that directory use SSL. Even if the URL entered in the browser is > > http://..., I would like to change that to https://...:443 automatically. > > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag > > for the directory to require SSL to access this directory. However, I was > > able to access this directory in http. I am using Apache 1.3.20, mod_ssl > > 2.8.4, openssl-0.9.6b in Linux 7.1 platform. > > > > I am looking for resolving 2 issues: > > a) Apache / mod_ssl Configuration to ensure that calls to a specific > > directory (say, /usr/apache/test/ssl) always use SSL; > > b) If user tries to access this directory in using http, automatically > > change that to https. > > > > Can someone shed light on whether this is do-able and if so how? > > > >-- >___cliff [EMAIL PROTECTED]http://www.genwax.com/ > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] * Janakiraman Mohanaraman (MJ) Mgr, Software Development Enterprise Management Business Unit Cisco Systems Inc, 170, W.Tasman Dr. San Jose, CA - 95134. (408) 527-7730 * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
if u have compiled in mod_rewrite, i believe the code below will do what you want. i have not tested it here however. check out the following documentation. http://httpd.apache.org/docs/mod/mod_rewrite.html http://httpd.apache.org/docs/misc/rewriteguide.html - snip RewriteEngineon RewriteCond %{HTTPS} !=on RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] - snip Janakiraman Mohanaraman wrote: > Hi: > > I am using mod_ssl and openssl in Linux platform for the first time. I was > unable to locate documentation regarding the following and am not sure if > this is do-able or not. > > I was trying to setup a directory on my server in such a way that all URL > calls to that directory use SSL. Even if the URL entered in the browser is > http://..., I would like to change that to https://...:443 automatically. > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag > for the directory to require SSL to access this directory. However, I was > able to access this directory in http. I am using Apache 1.3.20, mod_ssl > 2.8.4, openssl-0.9.6b in Linux 7.1 platform. > > I am looking for resolving 2 issues: > a) Apache / mod_ssl Configuration to ensure that calls to a specific > directory (say, /usr/apache/test/ssl) always use SSL; > b) If user tries to access this directory in using http, automatically > change that to https. > > Can someone shed light on whether this is do-able and if so how? > -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache and mod_ssl
Hi: I am using mod_ssl and openssl in Linux platform for the first time. I was unable to locate documentation regarding the following and am not sure if this is do-able or not. I was trying to setup a directory on my server in such a way that all URL calls to that directory use SSL. Even if the URL entered in the browser is http://..., I would like to change that to https://...:443 automatically. The documentation in mod-ssl indicated that I use the SSLRequireSSL flag for the directory to require SSL to access this directory. However, I was able to access this directory in http. I am using Apache 1.3.20, mod_ssl 2.8.4, openssl-0.9.6b in Linux 7.1 platform. I am looking for resolving 2 issues: a) Apache / mod_ssl Configuration to ensure that calls to a specific directory (say, /usr/apache/test/ssl) always use SSL; b) If user tries to access this directory in using http, automatically change that to https. Can someone shed light on whether this is do-able and if so how? Thanks in advance for your help, MJ. * Janakiraman Mohanaraman (MJ) Mgr, Software Development Enterprise Management Business Unit Cisco Systems Inc, 170, W.Tasman Dr. San Jose, CA - 95134. (408) 527-7730 * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Fine-tuning Apache and mod_ssl
>I usually use 1MB as well on my servers. > >But if it takes forever to load a page even while the server is not under >load, I doubt that this is the problem. Check the setting >"HostnameLookups", it should be Off. I have noticed a pretty strange phenomenon that sounds similar to what you are experiencing. I am using Netscape Communicator 4.5 on a Windows NT 4 system, just FYI. On occasion, when I attempt to load secure pages hosted by my Red Hat/Apache server, it takes a very long time for them to load. I discovered a trick, though. I keep another browser window open to a simple web page out there. When I notice the big SSL lag occurring, I Alt-tab over to the other window and hit Refresh. The SSL page in the primary window immediately begins to load also, as if there was some sort of TCP/IP lockup that got cleared by my refreshing the other browser window. The other browser window need not even be pointed to a secure page nor does it have to be pointed to my own server. This trick even works when I switch to my Netscape mail reader and tell it to get the mail. Right away, the SSL page begins to load. Weird. Vik Nokhoudian __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Fine-tuning Apache and mod_ssl
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Mads Toftum > > On Tue, Jul 10, 2001 at 07:20:41PM +0800, Thum Chee Weng, Ronnie wrote: > > what would be a good figure to start using shm ? > > Default figure is 512000. > > > That depends on your OS and how busy your site is - check the > output of make test > when you build mm. I usually default mine to 1MB on solaris. I usually use 1MB as well on my servers. But if it takes forever to load a page even while the server is not under load, I doubt that this is the problem. Check the setting "HostnameLookups", it should be Off. -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Fine-tuning Apache and mod_ssl
On Tue, Jul 10, 2001 at 07:20:41PM +0800, Thum Chee Weng, Ronnie wrote: > what would be a good figure to start using shm ? > Default figure is 512000. > That depends on your OS and how busy your site is - check the output of make test when you build mm. I usually default mine to 1MB on solaris. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Fine-tuning Apache and mod_ssl
what would be a good figure to start using shm ? Default figure is 512000. I've 2GB RAM on my web server - ronnie - -Original Message- From: Mads Toftum [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 10, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Re: Fine-tuning Apache and mod_ssl On Tue, Jul 10, 2001 at 06:00:22PM +0800, Thum Chee Weng, Ronnie wrote: > Currently, running Apache 1.3.12 + mod_ssl 2.6.3. > > I'm currently looking for ways to fine-tune our e-commerce site to handle SSL >transaction. Everytime a SSL connection is made, it takes ages to load the page. Ie. >loading the shopping cart in secure mode. > > Is there any tweaks under httpd.conf which is worth editing ? All my settings are >default when Apache and mod_ssl is installed. > Any help will be very much appreciated. > Using a shared memory cache for session caching could speed up things quite a lot. See http://www.modssl.org/docs/2.8/ssl_reference.html#ToC5 vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This email had been checked by Asiatravelmart.com's Virus Scanner. Please email any questions to [EMAIL PROTECTED] ------------ Title: RE: Fine-tuning Apache and mod_ssl what would be a good figure to start using shm ? Default figure is 512000. I've 2GB RAM on my web server - ronnie - -Original Message- From: Mads Toftum [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 10, 2001 6:46 PM To: [EMAIL PROTECTED] Subject: Re: Fine-tuning Apache and mod_ssl On Tue, Jul 10, 2001 at 06:00:22PM +0800, Thum Chee Weng, Ronnie wrote: > Currently, running Apache 1.3.12 + mod_ssl 2.6.3. > > I'm currently looking for ways to fine-tune our e-commerce site to handle SSL transaction. Everytime a SSL connection is made, it takes ages to load the page. Ie. loading the shopping cart in secure mode. > > Is there any tweaks under httpd.conf which is worth editing ? All my settings are default when Apache and mod_ssl is installed. > Any help will be very much appreciated. > Using a shared memory cache for session caching could speed up things quite a lot. See http://www.modssl.org/docs/2.8/ssl_reference.html#ToC5 vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Fine-tuning Apache and mod_ssl
On Tue, Jul 10, 2001 at 06:00:22PM +0800, Thum Chee Weng, Ronnie wrote: > Currently, running Apache 1.3.12 + mod_ssl 2.6.3. > > I'm currently looking for ways to fine-tune our e-commerce site to handle SSL >transaction. Everytime a SSL connection is made, it takes ages to load the page. Ie. >loading the shopping cart in secure mode. > > Is there any tweaks under httpd.conf which is worth editing ? All my settings are >default when Apache and mod_ssl is installed. > Any help will be very much appreciated. > Using a shared memory cache for session caching could speed up things quite a lot. See http://www.modssl.org/docs/2.8/ssl_reference.html#ToC5 vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Fine-tuning Apache and mod_ssl
Currently, running Apache 1.3.12 + mod_ssl 2.6.3. I'm currently looking for ways to fine-tune our e-commerce site to handle SSL transaction. Everytime a SSL connection is made, it takes ages to load the page. Ie. loading the shopping cart in secure mode. Is there any tweaks under httpd.conf which is worth editing ? All my settings are default when Apache and mod_ssl is installed. Any help will be very much appreciated. - ronnie - This email had been checked by Asiatravelmart.com's Virus Scanner. Please email any questions to [EMAIL PROTECTED] Title: Fine-tuning Apache and mod_ssl Currently, running Apache 1.3.12 + mod_ssl 2.6.3. I'm currently looking for ways to fine-tune our e-commerce site to handle SSL transaction. Everytime a SSL connection is made, it takes ages to load the page. Ie. loading the shopping cart in secure mode. Is there any tweaks under httpd.conf which is worth editing ? All my settings are default when Apache and mod_ssl is installed. Any help will be very much appreciated. - ronnie -
Re: apache and mod_ssl
On Fri, Jun 02, 2000 at 07:29:14PM -0500, Dave wrote: > >I have been trying for the past couple of days to get apache and > ssl(http://www.modssl.org and http://www.apache-ssl.org) to work. I have > >tried them both. Netscape hangs when I try to connect to > https://localhost but works without security at http://localhost:443. This looks strange - almost as if you have somehow turned off the SSLEngine for your port 443 vhost. > Apache alone >without ssl works great. I used the default httpd.conf file that came > with ssl and changing only path names and have made all the certificates >and keys. Could you try setting SSLLogLevel to debug and then check the logfile for any hints about what is wrong. You may want to make sure that you've gone through a build procedure more or less like http://www.modssl.org/example/ vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Help: reverse proxy, apache and mod_ssl
Hello, Using the latest versions of apache and mod_ssl I have been trying to configure (with no luck) a reverse proxy that will pass SSL to the backend server. Is this possible with mod_ssl? The mod_ssl announcement says: Support for HTTPS proxy via EAPI hooks in mod_proxy How? Does anyone have an example configuration? Any assistance will be greatly appreciated. Cya John. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache and mod_ssl on WinNT-platform
I have been using Apache/modssl on NT for the past year without too many problems. Configuration is pretty much the same. I did find a few bugs which I fixed myself and posted to this list. I think all my fixes have been propagated into the current release. I obtained my release from the opensa.org site, which appears to have disappeared from the web. Their distribution had Apache/mod_ssl/openssl in MSVC workspace/project form, which I prefer to the makefile scheme you get from standard downloads. This is a personal preference however. The above being said, our NT/Apache usage is for developers to have their own servers while developing JSPs, and our production usage is on Solaris. However, I don't believe there are any security holes in the NT implementation that are not also present in Unix. Our biggest issue in moving from NT to Unix is that NT paths case-insensitive, so that we do not detect case errors in URLs during development. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Hiendl Elke > Sent: Wednesday, September 13, 2000 3:59 AM > To: [EMAIL PROTECTED] > Subject: Apache and mod_ssl on WinNT-platform > > > > Hi, > > thrown in a running project, I found following: > Apache 1.3.12 with mod_ssl 2.6.2. and OpenSSL 0.9.5 running on NT > 4.0(SP 5). > Although knowing well Apache on Linux, the same on a NT-platform is > completely new for me. > So, is there anybody who has experience with this kind of stuff? Do I have > to be aware of anything important (i.e. security holes, known > bugs..) in the > config-file. I would be grateful for any advice or technical tip. > Thanks in advance > > Elke > > > > > Elke Hiendl > Beraterin für System- und Netzwerkmanagement > iteratec > Gesellschaft für iterative Softwaretechnologien mbH > Inselkammerstraße 4 > 82008 München-Unterhaching > > Telefon +49 89 61 45 51 - 35 > Fax +49 89 61 45 51 - 10 > wwwhttp://www.iteratec.de > mailto:[EMAIL PROTECTED] > > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl on WinNT-platform
My advice would have to be - move to *nix if you possibly can ;-) I've been developing a site where everything is SSL encrypted so we have heavy mod_ssl use. Initially we used NT, using Apache 1.3.12, mod_ssl 2.6.4 and OpenSSL 0.9.4 in a pre-bulit binary form. I had so many problems with unexplained Access Violation errors that I moved to Linux. This solved all the issues as well as giving me a 100% performance increase on the same hardware ! The problem I think is that Ralf does not support NT so support is very limited on the list. Although I did get an offer to review backtraces if I posted them I didn't take up the offer as I was running out of time and felt a move to Linux would be more prudent. I was lucky in that I am running the project so could make such changes. If you are not so lucky you will just have hope that the latest versions of mod_ssl are more stable on NT or that compiling them from sources on your specific NT build will be more successful. Good luck ! HTH, Simon Wilcox. (Embedded image moved to file: pic26786.pcx) (Embedded image moved to file: pic03688.pcx) Please respond to [EMAIL PROTECTED] From Hiendl Elke <[EMAIL PROTECTED]> Date 13 September 2000 To [EMAIL PROTECTED]Time 07:58 Copy to (bcc: Simon Wilcox/BASE/WilliamsLea) Bcc Simon Wilcox/BASE/WilliamsLea Fax to Subject Apache and mod_ssl on WinNT-platform Hi, thrown in a running project, I found following: Apache 1.3.12 with mod_ssl 2.6.2. and OpenSSL 0.9.5 running on NT 4.0(SP 5). Although knowing well Apache on Linux, the same on a NT-platform is completely new for me. So, is there anybody who has experience with this kind of stuff? Do I have to be aware of anything important (i.e. security holes, known bugs..) in the config-file. I would be grateful for any advice or technical tip. Thanks in advance Elke Elke Hiendl Beraterin für System- und Netzwerkmanagement iteratec Gesellschaft für iterative Softwaretechnologien mbH Inselkammerstraße 4 82008 München-Unterhaching Telefon +49 89 61 45 51 - 35 Fax +49 89 61 45 51 - 10 wwwhttp://www.iteratec.de mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ This email contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or reply on this email. pic26786.pcx pic03688.pcx
Apache and mod_ssl on WinNT-platform
Hi, thrown in a running project, I found following: Apache 1.3.12 with mod_ssl 2.6.2. and OpenSSL 0.9.5 running on NT 4.0(SP 5). Although knowing well Apache on Linux, the same on a NT-platform is completely new for me. So, is there anybody who has experience with this kind of stuff? Do I have to be aware of anything important (i.e. security holes, known bugs..) in the config-file. I would be grateful for any advice or technical tip. Thanks in advance Elke Elke Hiendl Beraterin für System- und Netzwerkmanagement iteratec Gesellschaft für iterative Softwaretechnologien mbH Inselkammerstraße 4 82008 München-Unterhaching Telefon +49 89 61 45 51 - 35 Fax +49 89 61 45 51 - 10 wwwhttp://www.iteratec.de mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problem with Apache and Mod_ssl (reply to Re: Can't retrieve my web pages, please help!!)
I have the same problem, running http on port 80 for the normal page and want to run SSL on 443 for 1 subdomain. Check with curl if https works, it did: it gave the page I setup as a test. But with IE 5.0 (maybe thats wrong!) it failes. I have attached my httpd.conf, maybe you see what I am doing wrong ? I want to setup ssl for IMP webmail on webmail.bootsman.net Rest will be normal http. Hope someone can help me out. Ronald Bootsman Email [EMAIL PROTECTED] ICQ #61849337 * httpd.conf ... ... Port 80 Listen xxx.xxx.xx.xxx NameVirtualHost xxx.xxx.xx.xxx SSLEngine off ServerAdmin [EMAIL PROTECTED] DocumentRoot /usr/local/www/public_html ServerName www.domain.com ErrorLog /var/log/domain.com-error.log CustomLog /var/log/domain.com-access_log common # # # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl # General setup for the virtual host DocumentRoot "/path/to/imp" ServerName webmail.domain.com ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/domain.com-error-ssl.log TransferLog /var/log/domain.com-transfer-ssl.log SSLEngine on etc etc __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Problems Starting up Apache and mod_ssl
On Mon, Jul 10, 2000 at 10:23:50PM -0600, george wrote: [SNIP] > # /usr/local/apache/bin/apachectl configtest > Syntax OK > # /usr/local/apache/bin/apachectl startssl > Syntax error on line 1032 of /usr/local/apache/conf/httpd.conf > Invalid command 'SSLEnable', perhaps mis-spelled or defined by a module > not included in the server configuration > /usr/local/apache/bin/apachectl startssl: httpd could not be started. > > > > I then uncommented the line "SSLEngine on" on the line above the one in > question (line 1032), and re-issued the commands above. > It looks like you haven't enabled mod_ssl. Do a: /path/to/apache/bin/httpd -l Does it list mod_ssl.c? Or do you get only http_core.c and mod_so.c - then you need to check for that mod_ssl is loaded (AddModule and LoadModule) vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problems Starting up Apache and mod_ssl
Hello, I recently installed the following: Apache 1.3.12 mod_ssl-2.6.5-1.3.12 openssl-0.9.5a mod_php-4.0.1pl2 The specs of my computer are: Best Linux 2000 R2 Pentium 166 48 MB RAM 10 GB HD # /usr/local/apache/bin/apachectl configtest Syntax OK # /usr/local/apache/bin/apachectl startssl Syntax error on line 1032 of /usr/local/apache/conf/httpd.conf Invalid command 'SSLEnable', perhaps mis-spelled or defined by a module not included in the server configuration /usr/local/apache/bin/apachectl startssl: httpd could not be started. I then uncommented the line "SSLEngine on" on the line above the one in question (line 1032), and re-issued the commands above. # /usr/local/apache/bin/apachectl configtest Syntax OK # /usr/local/apache/bin/apachectl startssl Syntax error on line 1031 of /usr/local/apache/conf/httpd.conf Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration Has anyone experienced a problem like this? or Does anyone know what is causing this problem? If anyone wants it, I can send a copy of my httpd.conf. Thanks, George --- [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
Dave wrote: > Netscape hangs when I try to connect to > https://localhost but works without security at http://localhost:443. You really need to tell us more about your setup: - What operating system? - How did you install mod_ssl and with which Apache? By the way, let's keep it simple: Forget about Apache-ssl for now. We need to be sure that we are talking mod_ssl and not Apache-ssl (they are to different products). -- Greetings from Troels Arvin, Copenhagen, Denmark __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
After I sent the message, I turned on the computer (even though I did this before) and for some odd reason, it worked. Thanks for the help! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
On Fri, Jun 02, 2000 at 07:29:14PM -0500, Dave wrote: > >I have been trying for the past couple of days to get apache and > ssl(http://www.modssl.org and http://www.apache-ssl.org) to work. I have > >tried them both. Netscape hangs when I try to connect to > https://localhost but works without security at http://localhost:443. This looks strange - almost as if you have somehow turned off the SSLEngine for your port 443 vhost. > Apache alone >without ssl works great. I used the default httpd.conf file that came > with ssl and changing only path names and have made all the certificates >and keys. Could you try setting SSLLogLevel to debug and then check the logfile for any hints about what is wrong. You may want to make sure that you've gone through a build procedure more or less like http://www.modssl.org/example/ vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apache and mod_ssl
I have been trying for the past couple of days to get apache and ssl(http://www.modssl.org and http://www.apache-ssl.org) to work. I have tried them both. Netscape hangs when I try to connect to https://localhost but works without security at http://localhost:443. Apache alone without ssl works great. I used the default httpd.conf file that came with ssl and changing only path names and have made all the certificates and keys. Any sites or help would be greatly appreciated. I would prefer to use mod_ssl but if someone can get the other working with it,great. Files provided on request or message posted. THANKS [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache and mod_ssl as a single package ?
Hi, Is there any future plans to provide mod_ssl as a part of standard Apache distribution (single package ?) so that users don't have to keep up two seperate version for each ? Or possibly after Sep 2000 since some patents are expiring by that time ? Please reply to me at above email since i am not on mailing list. Thanks, Chirag __ Get Your Private, Free Email at http://www.hotmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] Apache and mod_ssl use different date formats (PR#322)
Full_Name: Matt Braithwaite Version: 2.4.1 OS: BSD/OS Submission from: zildjian.hq.alink.net (207.135.64.149) I don't really see any reason for this: [02/Dec/1999 13:37:04] [warn] Init: (fg.alink.net:443) RSA server certificate CommonName (CN) `*' does NOT match server name!? [Thu Dec 2 13:37:04 1999] [notice] Apache/1.3.9 (Unix) mod_ssl/2.4.1 OpenSSL/0.9.3 configured -- resuming normal operations Why not have mod_ssl print dates in the same way as Apache, which also happens to be what Unix users are used to? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]