Apache starts, SSL site unavailable
Hi, I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled. When I start apache, everything appears to work except the SSL site. There's some sort of warning about the cache. mod_ssl.c is listed as a compiled in module, and there's an: Include conf/ssl.conf in the httpd.conf Any suggestions would be greatly appreciated. Thanks, -Jon Here's the error log for the startup: [Tue Jun 21 14:01:33 2005] [warn] Init: Session Cache is not configured [hint: S SLSessionCache] [Tue Jun 21 14:01:33 2005] [notice] Apache/2.0.54 (Unix) mod_ssl/ 2.0.54 OpenSSL/ 0.9.7g configured -- resuming normal operations Here's the ssl.conf (minus comments): SSLRandomSeed startup builtin SSLRandomSeed connect builtin IfDefine SSL Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex VirtualHost 208.226.79.1:443 ServerName secure.securesite.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /www/docs/secsite Directory /www/docs/secsite Options FollowSymLinks ExecCGI Includes AllowOverride None /Directory SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW: +SSLv2:+EXP ErrorLog logs/secure.securesite.com-error_log CustomLog logs/secure.securesite.com-access_log common SSLCertificateFile /usr/local/apache/conf/ssl.crt/ secure.securesite.com.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/ secure.securesite.com.key /VirtualHost /IfDefine __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache starts, SSL site unavailable
On Tue, 21 Jun 2005, Jon August wrote: Hi, I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled. When I start apache, everything appears to work except the SSL site. There's some sort of warning about the cache. mod_ssl.c is listed as a compiled in module, and there's an: Include conf/ssl.conf in the httpd.conf Any suggestions would be greatly appreciated. Are you starting httpd with the -D SSL command line argument? If not, then the entire block of configuration directives inside the IfDefine SSL container in your config file will be ignored. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache starts, SSL site unavailable
Can I just remove the IfDefine tags? or is that not recommended? On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote: On Tue, 21 Jun 2005, Jon August wrote: Hi, I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled. When I start apache, everything appears to work except the SSL site. There's some sort of warning about the cache. mod_ssl.c is listed as a compiled in module, and there's an: Include conf/ssl.conf in the httpd.conf Any suggestions would be greatly appreciated. Are you starting httpd with the -D SSL command line argument? If not, then the entire block of configuration directives inside the IfDefine SSL container in your config file will be ignored. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache starts, SSL site unavailable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 21 Jun 2005, Jon August wrote: Can I just remove the IfDefine tags? or is that not recommended? You could though the gain might not be there, why not just run the server in the proper mode? Thanks, Ron DuFresne On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote: On Tue, 21 Jun 2005, Jon August wrote: Hi, I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled. When I start apache, everything appears to work except the SSL site. There's some sort of warning about the cache. mod_ssl.c is listed as a compiled in module, and there's an: Include conf/ssl.conf in the httpd.conf Any suggestions would be greatly appreciated. Are you starting httpd with the -D SSL command line argument? If not, then the entire block of configuration directives inside the IfDefine SSL container in your config file will be ignored. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] - -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 ...We waste time looking for the perfect lover instead of creating the perfect love. -Tom Robbins Still Life With Woodpecker -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCuG+7st+vzJSwZikRAkQTAJ90dOrQfPiSAUfkUmBC86FHoF4q3ACcDWRp AhbKUmB4KKzSvs0cwU66e1Y= =KtmY -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache starts, SSL site unavailable
On Tue, 21 Jun 2005, Jon August wrote: Can I just remove the IfDefine tags? or is that not recommended? Yes, feel free. My understanding is that the only reason it's in there in the first place is to try to make it clear that SSL isn't something you can have work directly out of the box... you have to go and generate yourself a private key and certificate request and so forth. Unfortunately it has the side-effect of getting in the way sometimes, so it's a lesser-of-two-evils situation I suppose. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]