Re: Apache and mod_ssl - refusing connections on https?

[Glyn Astill]

I figured it out people, I just needed to start httpd with -DSSL.

SO I was being dumb.

--- Glyn Astill <[EMAIL PROTECTED]> wrote:

> Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file:
> 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> 
> Listen 443
> Listen my.ip.ad.dr:443
> 
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl.crl
> 
> SSLPassPhraseDialog  builtin
> 
> SSLSessionCache dbm:/var/run/ssl_scache
> SSLSessionCacheTimeout  300
> 
> SSLMutex  file:/var/run/ssl_mutex
> 
> 
> 
> DocumentRoot "/usr/pkg/share/httpd/htdocs"
> ServerName www.mydomain.net:443
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
> 
> SSLEngine on
> 
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
> SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem
> 
> 
> SSLOptions +StdEnvVars
> 
> 
> SSLOptions +StdEnvVars
> 
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>  nokeepalive ssl-unclean-shutdown \
>  downgrade-1.0 force-response-1.0
> CustomLog /var/log/httpd/ssl_request_log \
>   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> 
>   
> 
> 
> 
> Any ideas?
> 
> --- "Omar W. Hannet" <[EMAIL PROTECTED]> wrote:
> 
> > SSLEngine On?
> > 
> > Glyn Astill wrote:
> > > Hi people,
> > > 
> > > I'm new to this list, so hello.
> > > 
> > > I've been trying to get https working with apache 2.0.59 on
> > NetBSD
> > > 3.99 today, and it's
> > > beginning to make my face ache.
> > > 
> > > Basically when I try to view a page via https I get connection
> > > refused. Apache is compiled with mod_ssl.c, I have openssl
> > installed.
> > > 
> > > This is what I've done so far:
> > > 
> > > 1) Copied the example openssl cfg from examples to
> > > /etc/openssl/openssl.cnf
> > > 
> > > 2)Generated my server key, then pem file then the csr and crt. 
> > > 
> > > 3)Then coppied them all into ssl.key (server.pem, server.key),
> > > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
> > > ssl.conf expects them.
> > > 
> > > 4) Made sure ssl.conf is pointing to these files properly and
> is
> > > listening on port 443 (Listen :443)
> > > 
> > > 5) Made sure ssl.conf is included in httpd.conf properly
> > > 
> > > 6) check that mod_ssl.c is compiled in with https -l
> > > 
> > > 7) checked my apache access and error logs - nothing !
> > > 
> > >  And still nothing, it can't be listening on 443.
> > > 
> > > If I do the following:
> > > 
> > > #openssl s_client -connect localhost:443 -state -debug
> > > 
> > > I get:
> > > 
> > > connect: Connection refused
> > > connect:errno=61
> > > I've even tried copying all my virtual hosts and changing :80
> to
> > > :443, still nothing.
> > > 
> > > This is really the first time I've ever touched ssl, so I'm
> > hoping
> > > I'm missing something really dumb. I've basically just got the
> > > standard ssl.conf example modified ever so slightly so that
> > things
> > > point in the right place.
> > > 
> > > ?
> > > 
> > > Any ideas?
> > > 
> > > 
> > > Cheers
> > > Glyn
> > > 
> > > 
> > >  
> ___
> > 
> > > Yahoo! Mail is the world's favourite email. Don't settle for
> > less, sign up for
> > > your free account today
> >
>
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
> > 
> > >
> >
>
__
> > > Apache Interface to OpenSSL (mod_ssl)  
> > www.modssl.org
> > > User Support Mailing List 
> > modssl-users@modssl.org
> > > Automated List Manager   
> > [EMAIL PROTECTED]
> > 
> > 
> > -- 
> > Omar W. Hannet
> > http://www.allez-oop.net/
> >
>
__
> > Apache Interface to OpenSSL (mod_ssl)  
> > www.modssl.org
> > User Support Mailing List 
> > modssl-users@modssl.org
> > Automated List Manager   
> > [EMAIL PROTECTED]
> > 
> 
> 
> 
>   ___
> Yahoo! Answers - Got a question? Someone out there knows the
> answer. Try it
> now.
> http://uk.answers.yahoo.com/ 
>
__
> Apache Interface to OpenSSL (mod_ssl)  
> www.modssl.org
> User Support Mailing List 
> modssl-users@modssl.org
> Automated List Manager   
> [EMAIL PROTECTED]
> 



  ___ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today 
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
__

Re: Apache and mod_ssl - refusing connections on https?

[Glyn Astill]

Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file:

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


Listen 443
Listen my.ip.ad.dr:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl

SSLPassPhraseDialog  builtin

SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex



DocumentRoot "/usr/pkg/share/httpd/htdocs"
ServerName www.mydomain.net:443
ServerAdmin [EMAIL PROTECTED]
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  



Any ideas?

--- "Omar W. Hannet" <[EMAIL PROTECTED]> wrote:

> SSLEngine On?
> 
> Glyn Astill wrote:
> > Hi people,
> > 
> > I'm new to this list, so hello.
> > 
> > I've been trying to get https working with apache 2.0.59 on
> NetBSD
> > 3.99 today, and it's
> > beginning to make my face ache.
> > 
> > Basically when I try to view a page via https I get connection
> > refused. Apache is compiled with mod_ssl.c, I have openssl
> installed.
> > 
> > This is what I've done so far:
> > 
> > 1) Copied the example openssl cfg from examples to
> > /etc/openssl/openssl.cnf
> > 
> > 2)Generated my server key, then pem file then the csr and crt. 
> > 
> > 3)Then coppied them all into ssl.key (server.pem, server.key),
> > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
> > ssl.conf expects them.
> > 
> > 4) Made sure ssl.conf is pointing to these files properly and is
> > listening on port 443 (Listen :443)
> > 
> > 5) Made sure ssl.conf is included in httpd.conf properly
> > 
> > 6) check that mod_ssl.c is compiled in with https -l
> > 
> > 7) checked my apache access and error logs - nothing !
> > 
> >  And still nothing, it can't be listening on 443.
> > 
> > If I do the following:
> > 
> > #openssl s_client -connect localhost:443 -state -debug
> > 
> > I get:
> > 
> > connect: Connection refused
> > connect:errno=61
> > I've even tried copying all my virtual hosts and changing :80 to
> > :443, still nothing.
> > 
> > This is really the first time I've ever touched ssl, so I'm
> hoping
> > I'm missing something really dumb. I've basically just got the
> > standard ssl.conf example modified ever so slightly so that
> things
> > point in the right place.
> > 
> > ?
> > 
> > Any ideas?
> > 
> > 
> > Cheers
> > Glyn
> > 
> > 
> >   ___
> 
> > Yahoo! Mail is the world's favourite email. Don't settle for
> less, sign up for
> > your free account today
>
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
> 
> >
>
__
> > Apache Interface to OpenSSL (mod_ssl)  
> www.modssl.org
> > User Support Mailing List 
> modssl-users@modssl.org
> > Automated List Manager   
> [EMAIL PROTECTED]
> 
> 
> -- 
> Omar W. Hannet
> http://www.allez-oop.net/
>
__
> Apache Interface to OpenSSL (mod_ssl)  
> www.modssl.org
> User Support Mailing List 
> modssl-users@modssl.org
> Automated List Manager   
> [EMAIL PROTECTED]
> 



  ___
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/ 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Apache and mod_ssl - refusing connections on https?

[Omar W. Hannet]

SSLEngine On?

Glyn Astill wrote:

Hi people,

I'm new to this list, so hello.

I've been trying to get https working with apache 2.0.59 on NetBSD
3.99 today, and it's
beginning to make my face ache.

Basically when I try to view a page via https I get connection
refused. Apache is compiled with mod_ssl.c, I have openssl installed.

This is what I've done so far:

1) Copied the example openssl cfg from examples to
/etc/openssl/openssl.cnf

2)Generated my server key, then pem file then the csr and crt. 


3)Then coppied them all into ssl.key (server.pem, server.key),
ssl.csr (server.csr) and ssl.crt (server.crt). This is where my
ssl.conf expects them.

4) Made sure ssl.conf is pointing to these files properly and is
listening on port 443 (Listen :443)

5) Made sure ssl.conf is included in httpd.conf properly

6) check that mod_ssl.c is compiled in with https -l

7) checked my apache access and error logs - nothing !

 And still nothing, it can't be listening on 443.

If I do the following:

#openssl s_client -connect localhost:443 -state -debug

I get:

connect: Connection refused
connect:errno=61
I've even tried copying all my virtual hosts and changing :80 to
:443, still nothing.

This is really the first time I've ever touched ssl, so I'm hoping
I'm missing something really dumb. I've basically just got the
standard ssl.conf example modified ever so slightly so that things
point in the right place.

?

Any ideas?


Cheers
Glyn


  ___ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
__

Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]



--
Omar W. Hannet
http://www.allez-oop.net/
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Apache and MOD_SSL

[Mads Toftum]

On Mon, Dec 27, 2004 at 11:06:21PM -0500, leandro asnaghi-nicastro wrote:
> $ openssl s_client -connect def.con.ca:443 
> CONNECTED(0003) 
> 24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:475: 
> 
That's usually what happens if the server is responding in HTTP instead
of HTTPS. You could try adding -state -debug to the openssl s_client
command to get more info. Also check your error log on the server, it
should have something about invalid method.
If def.con.ca is in fact the host with the problem, then I get the
following with -debug:

[SNIP]
 - 3c 21 44 4f 43 54 59   Further reading online: add SSLEngine on within the Virtual Host 
> setting (I'm guessing they meant in mod_ssl.conf?) and that is done.  

It has to go inside the VirtualHost block for the port 443 vhost. You
also need a few other settings there pointing to the certificates. You
could try posting the ssl related part of that vhost.

> [EMAIL PROTECTED]:/etc/apache# netstat -tln | grep 443 
> tcp0  0 0.0.0.0:443 0.0.0.0:*  
> LISTEN  
> 
> Okay, so I'm not that off.
> 
Certainly there is something listening on port 443 - the s_client error
would have been different if there was nothing on that port.

> Obviously I am doing something wrong, albeit I am at a loss as to 
> what excatly I screwed up.  Can someone kindly kick me in the right 
> direction?
> 
It still looks like you don't have SSLEngine on in the right place.

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: apache and mod_ssl

[jon schatz]

On Thu, 2002-02-07 at 16:02, bhawna sinha wrote:
> Also in the error log it says "invalid
> method in request".

that means you're talking SSL to a normal http server. in other words,
port 443 is not listening for ssl connections.

-- 
[EMAIL PROTECTED] || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing." 



signature.asc
Description: This is a digitally signed message part

RE: apache and mod_ssl

[Kent Freeman]

You neet to point your browser to https://www.yourdomain.foo or
http://www.yourdomain.foo:443.

Unless you are testing from the local http server, you will need to update
your DNS with the new domain name(s).

You also need to tell Apache to listen on port 443 in the httpd.conf file.

If you are using virtual hosts, you will need to add other things in the
httpd.conf file like
(this config is for name-based v-hosts):

NameVirtualHost *:80
NameVirtualHost *:443


Listen 80
Listen 443



SSLEngine   on
SSLCACertificatePath /usr/local/apache/conf/certs/
SSLCACertificateFile /usr/local/apache/conf/certs/ca.crt
SSLCertificateChainFile /usr/local/apache/conf/certs/ca.crt
SSLCertificateFile /usr/local/apache/conf/certs/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/certs/server.key
DocumentRoot /usr/local/apache/htdocs
ServerName www.yourdomain.foo [or www.sub.yourdomain.foo]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of bhawna sinha
Sent: Thursday, February 07, 2002 4:02 PM
To: [EMAIL PROTECTED]
Subject: apache and mod_ssl


I have installed apache web server software and the
Apache interface to OpenSSL(mod_ssl) in order to have
a secure server. I have changed the configuration file
httpd.conf and ssl is enabled on port 443. But the
problem is whenever I try the url
https://localhost:443, it says cannot connect to
server. It seems that it is not able to connect to
port 443. Also in the error log it says "invalid
method in request".
I am attaching the conf file:

---***-
LoadModule ssl_module modules/mod_ssl.so



ServerAdmin [EMAIL PROTECTED]
ServerName 127.0.0.1



SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none
SSLLog logs/ssl.log
SSLLogLevel info

SSLEngine on
SSLCertificateFile conf/ssl/my-server.cert
SSLCertificateKeyFile conf/ssl/my-server.key

#SSLVerifyClient require
#SSLVerifyDepth 1
#SSLCACertificatePath conf/ssl
#SSLCACertificateFile conf/ssl/my-server.cert


I would appreciate if anyone could give me a solution

Thanks
Bhawna


__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: apache and mod_ssl

[Toomas Aas]

Hi bhawna!

On  7 Feb 02 at 16:02 you wrote:

> problem is whenever I try the url
> https://localhost:443, it says cannot connect to
> server.

Have you tried just https://localhost ? It should work without 
specifying the port, but it also should work when you do specify 
the port.

Do you have 'Listen 443' somewhere in your config file? You should.
--
Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/
* Make yourself at home! Clean my kitchen.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Apache and Mod_SSL

[lin geng]

You can use cygwin and it comes with openssl compiled.

Regards,

Lin Geng



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eduardo Fresno
Sent: Wednesday, January 23, 2002 5:54 AM
To: [EMAIL PROTECTED]
Subject: Apache and Mod_SSL


Hi,

I was wondering if you could help me on this issue.

I'm trying to make Apache a secure server by adding
SSL performance. There may exist two main ways to do
it:
1) Mod_SSL
2) Apache-SSL

I've tried out the first option, but during the
process, I've been asked for the 'nmake' compiler. I
don't have this compiler and I don't want to pay for
it, as I think it is provided with Visual C++ ($$$).

So I was wondering if there exist another way to make
it. ??

If not, I'm thinking about using Apache-SSL instead of
Mod_SSL, in spite of the fact that most people may
prefer Mod_SSL.

Is it worth using Apache-SSL instead of Mod_SSL?
I mean, are there big differences between both two
options? Which one is the best?


Thanks in advance,

--
Edd.

___
Do You Yahoo!?
Yahoo! Messenger
Comunicación instantánea gratis con tu gente.
http://messenger.yahoo.es
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache and mod_ssl

[Alex Pircher]

We do need 2 Virtual Host-Directives for HTTP & HTTPS (as we talked about this in
this list before). So it's simpler to just to use: Redirect / https://%(HTTP_HOST)/

This needs the mod_alias which is compiled in by default.

GreetingX,
 Alex

 --- ___cliff rayman___ <[EMAIL PROTECTED]> schrieb:
> if u have compiled in mod_rewrite, i believe the
> code below will do what you want.  i have not tested
> it here however.  check out the following documentation.
> 
> http://httpd.apache.org/docs/mod/mod_rewrite.html
> http://httpd.apache.org/docs/misc/rewriteguide.html
> 
> - snip 
> RewriteEngineon
> RewriteCond  %{HTTPS} !=on
> RewriteRule ^(.+)  https://%(HTTP_HOST)$1 [R,L]
> - snip 
> 
> Janakiraman Mohanaraman wrote:
> 
> > Hi:
> >
> > I am using mod_ssl and openssl in Linux platform for the first time. I was
> > unable to locate documentation regarding the following and am not sure if
> > this is do-able or not.
> >
> > I was trying to setup a directory on my server in such a way that all URL
> > calls to that directory use SSL. Even if the URL entered in the browser is
> > http://..., I would like to change that to https://...:443 automatically.
> > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag
> > for the directory to require SSL to access this directory. However, I was
> > able to access this directory in http. I am using Apache 1.3.20, mod_ssl
> > 2.8.4, openssl-0.9.6b in Linux 7.1 platform.
> >
> > I am looking for resolving 2 issues:
> > a) Apache / mod_ssl Configuration to ensure that calls to a specific
> > directory (say, /usr/apache/test/ssl) always use SSL;
> > b) If user tries to access this directory in using http, automatically
> > change that to https.
> >
> > Can someone shed light on whether this is do-able and if so how?
> >
> 
> --
> ___cliff [EMAIL PROTECTED]http://www.genwax.com/
> 
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED] 

__
Do You Yahoo!?
Gesendet von Yahoo! Mail - http://mail.yahoo.de
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache and mod_ssl

[___cliff rayman___]

Janakiraman Mohanaraman wrote:

> At 04:48 PM 8/22/2001 -0700, you wrote:
> >if u have compiled in mod_rewrite, i believe the
> >code below will do what you want.  i have not tested
> >it here however.  check out the following documentation.
> >
> >http://httpd.apache.org/docs/mod/mod_rewrite.html
> >http://httpd.apache.org/docs/misc/rewriteguide.html
> >
> >- snip 
> >RewriteEngineon
> >RewriteCond  %{HTTPS} !=on
> >RewriteRule ^(.+)  https://%(HTTP_HOST)$1 [R,L]

in particular for the directories /tst/ssl and /tst/ssl2
RewriteEngineon
RewriteCond  %{HTTPS} !=on
RewriteRule ^/test/ssl/(.+)  https://%(HTTP_HOST)/tst/ssl/$1 [R,L]
RewriteCond  %{HTTPS} !=on
RewriteRule ^/test/ssl2/(.+)  https://%(HTTP_HOST)/tst/ssl2/$1 [R,L]

i wanted to make sure this was clear.

>
> >- snip 
> >
> >Janakiraman Mohanaraman wrote:
> >
>  >
> > > I was trying to setup a directory on my server in such a way that all URL
> > > calls to that directory use SSL. Even if the URL entered in the browser is
> > > http://..., I would like to change that to https://...:443 automatically.

--
___cliff [EMAIL PROTECTED]http://www.genwax.com/


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache and mod_ssl

[Janakiraman Mohanaraman]

Thanks for your prompt response!
MJ.

At 04:48 PM 8/22/2001 -0700, you wrote:
>if u have compiled in mod_rewrite, i believe the
>code below will do what you want.  i have not tested
>it here however.  check out the following documentation.
>
>http://httpd.apache.org/docs/mod/mod_rewrite.html
>http://httpd.apache.org/docs/misc/rewriteguide.html
>
>- snip 
>RewriteEngineon
>RewriteCond  %{HTTPS} !=on
>RewriteRule ^(.+)  https://%(HTTP_HOST)$1 [R,L]
>- snip 
>
>Janakiraman Mohanaraman wrote:
>
> > Hi:
> >
> > I am using mod_ssl and openssl in Linux platform for the first time. I was
> > unable to locate documentation regarding the following and am not sure if
> > this is do-able or not.
> >
> > I was trying to setup a directory on my server in such a way that all URL
> > calls to that directory use SSL. Even if the URL entered in the browser is
> > http://..., I would like to change that to https://...:443 automatically.
> > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag
> > for the directory to require SSL to access this directory. However, I was
> > able to access this directory in http. I am using Apache 1.3.20, mod_ssl
> > 2.8.4, openssl-0.9.6b in Linux 7.1 platform.
> >
> > I am looking for resolving 2 issues:
> > a) Apache / mod_ssl Configuration to ensure that calls to a specific
> > directory (say, /usr/apache/test/ssl) always use SSL;
> > b) If user tries to access this directory in using http, automatically
> > change that to https.
> >
> > Can someone shed light on whether this is do-able and if so how?
> >
>
>--
>___cliff [EMAIL PROTECTED]http://www.genwax.com/
>
>
>__
>Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
>User Support Mailing List  [EMAIL PROTECTED]
>Automated List Manager[EMAIL PROTECTED]

*
Janakiraman Mohanaraman (MJ)
Mgr, Software Development
Enterprise Management Business Unit
Cisco Systems Inc,  
170, W.Tasman Dr.   
San Jose, CA - 95134.   (408) 527-7730
*

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache and mod_ssl

[___cliff rayman___]

if u have compiled in mod_rewrite, i believe the
code below will do what you want.  i have not tested
it here however.  check out the following documentation.

http://httpd.apache.org/docs/mod/mod_rewrite.html
http://httpd.apache.org/docs/misc/rewriteguide.html

- snip 
RewriteEngineon
RewriteCond  %{HTTPS} !=on
RewriteRule ^(.+)  https://%(HTTP_HOST)$1 [R,L]
- snip 

Janakiraman Mohanaraman wrote:

> Hi:
>
> I am using mod_ssl and openssl in Linux platform for the first time. I was
> unable to locate documentation regarding the following and am not sure if
> this is do-able or not.
>
> I was trying to setup a directory on my server in such a way that all URL
> calls to that directory use SSL. Even if the URL entered in the browser is
> http://..., I would like to change that to https://...:443 automatically.
> The documentation in mod-ssl indicated that I use the SSLRequireSSL flag
> for the directory to require SSL to access this directory. However, I was
> able to access this directory in http. I am using Apache 1.3.20, mod_ssl
> 2.8.4, openssl-0.9.6b in Linux 7.1 platform.
>
> I am looking for resolving 2 issues:
> a) Apache / mod_ssl Configuration to ensure that calls to a specific
> directory (say, /usr/apache/test/ssl) always use SSL;
> b) If user tries to access this directory in using http, automatically
> change that to https.
>
> Can someone shed light on whether this is do-able and if so how?
>

--
___cliff [EMAIL PROTECTED]http://www.genwax.com/


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: apache and mod_ssl

[Mads Toftum]

On Fri, Jun 02, 2000 at 07:29:14PM -0500, Dave wrote:
> 
>I have been trying for the past couple of days to get apache and
> ssl(http://www.modssl.org and http://www.apache-ssl.org) to work. I have
> 
>tried them both. Netscape hangs when I try to connect to
> https://localhost but works without security at http://localhost:443.

This looks strange - almost as if you have somehow turned off the SSLEngine
for your port 443 vhost. 

> Apache alone
>without ssl works great. I used the default httpd.conf file that came
> with ssl and changing only path names and have made all the certificates
>and keys.

Could you try setting SSLLogLevel to debug and then check the logfile
for any hints about what is wrong.
You may want to make sure that you've gone through a build procedure
more or less like http://www.modssl.org/example/ 

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Apache and mod_ssl on WinNT-platform

[Kirk Benson]

I have been using Apache/modssl on NT for the past year without too many
problems.  Configuration is pretty much the same.  I did find a few bugs
which I fixed myself and posted to this list. I think all my fixes have been
propagated into the current release.

I obtained my release from the opensa.org site, which appears to have
disappeared from the web.  Their distribution had Apache/mod_ssl/openssl in
MSVC workspace/project form, which I prefer to the makefile scheme you get
from standard downloads.  This is a personal preference however.

The above being said, our NT/Apache usage is for developers to have their
own servers while developing JSPs, and our production usage is on Solaris.
However, I don't believe there are any security holes in the NT
implementation that are not also present in Unix.

Our biggest issue in moving from NT to Unix is that NT paths
case-insensitive, so that  we do not detect case errors in URLs during
development.

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Hiendl Elke
> Sent: Wednesday, September 13, 2000 3:59 AM
> To: [EMAIL PROTECTED]
> Subject: Apache and mod_ssl on WinNT-platform
>
>
>
> Hi,
>
> thrown in a running project, I found following:
> Apache 1.3.12 with mod_ssl 2.6.2. and OpenSSL 0.9.5 running on NT
> 4.0(SP 5).
> Although knowing well Apache on Linux, the same on a NT-platform is
> completely new for me.
> So, is there anybody who has experience with this kind of stuff? Do I have
> to be aware of anything important (i.e. security holes, known
> bugs..) in the
> config-file. I would be grateful for any advice or technical tip.
> Thanks in advance
>
> Elke
>
>
>
>
> Elke Hiendl
> Beraterin für System- und Netzwerkmanagement
> iteratec
> Gesellschaft für iterative Softwaretechnologien mbH
> Inselkammerstraße 4
> 82008 München-Unterhaching
>
> Telefon +49 89  61 45 51 - 35
> Fax  +49 89  61 45 51 - 10
> wwwhttp://www.iteratec.de
> mailto:[EMAIL PROTECTED]
>
>
>
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
>

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache and mod_ssl on WinNT-platform

[Simon_Wilcox]

My advice would have to be - move to *nix if you possibly can ;-)

  I've been developing a site where everything is SSL encrypted so we have
  heavy mod_ssl use.

  Initially we used NT, using Apache 1.3.12, mod_ssl 2.6.4 and OpenSSL 0.9.4
  in a pre-bulit binary form.

  I had so many problems with unexplained Access Violation errors that I
  moved to Linux. This solved all the issues as well as giving me a 100%
  performance increase on the same hardware !

  The problem I think is that Ralf does not support NT so support is very
  limited on the list. Although I did get an offer to review backtraces if I
  posted them I didn't take up the offer as I was running out of time and
  felt a move to Linux would be more prudent.

  I was lucky in that I am running the project so could make such changes.
  If you are not so lucky you will just have hope that the latest versions
  of mod_ssl are more stable on NT or that compiling them from sources on
  your specific NT build will be more successful.

  Good luck !

  HTH,

  Simon Wilcox.




 (Embedded image moved to file: pic26786.pcx) (Embedded image moved
to file: pic03688.pcx)



Please respond to [EMAIL PROTECTED]

  From   Hiendl Elke <[EMAIL PROTECTED]>
Date   13 September 2000
   
   
   To  
[EMAIL PROTECTED]Time  07:58 
   


   Copy to  (bcc: Simon Wilcox/BASE/WilliamsLea)


  Bcc Simon Wilcox/BASE/WilliamsLea


Fax to


   SubjectApache and mod_ssl on WinNT-platform









Hi,

thrown in a running project, I found following:
Apache 1.3.12 with mod_ssl 2.6.2. and OpenSSL 0.9.5 running on NT 4.0(SP 5).
Although knowing well Apache on Linux, the same on a NT-platform is
completely new for me.
So, is there anybody who has experience with this kind of stuff? Do I have
to be aware of anything important (i.e. security holes, known bugs..) in the
config-file. I would be grateful for any advice or technical tip.
Thanks in advance

Elke




Elke Hiendl
Beraterin für System- und Netzwerkmanagement
iteratec
Gesellschaft für iterative Softwaretechnologien mbH
Inselkammerstraße 4
82008 München-Unterhaching

Telefon +49 89  61 45 51 - 35
Fax  +49 89  61 45 51 - 10
wwwhttp://www.iteratec.de
mailto:[EMAIL PROTECTED]



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]











__


   This email contains proprietary information some or all of which may be
   legally privileged.  It is for the intended recipient only. If an addressing
   or transmission error has misdirected this email, please notify the author by
   replying to this email. If you are not the intended recipient you must not
   use, disclose, distribute, copy, print, or reply on this email.

 pic26786.pcx
 pic03688.pcx

Re: apache and mod_ssl

[Troels Arvin]

Dave wrote:
> Netscape hangs when I try to connect to
> https://localhost but works without security at http://localhost:443.

You really need to tell us more about your setup:

- What operating system?
- How did you install mod_ssl and with which Apache?

By the way, let's keep it simple: Forget about Apache-ssl for now. We
need to be sure that we are talking mod_ssl and not Apache-ssl (they are
to different products).

-- 
Greetings from Troels Arvin, Copenhagen, Denmark
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: apache and mod_ssl

[Dave]

After I sent the message, I turned on the computer (even though I did this
before) and for some odd reason, it worked.  Thanks for the help!



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: apache and mod_ssl

[Mads Toftum]

On Fri, Jun 02, 2000 at 07:29:14PM -0500, Dave wrote:
> 
>I have been trying for the past couple of days to get apache and
> ssl(http://www.modssl.org and http://www.apache-ssl.org) to work. I have
> 
>tried them both. Netscape hangs when I try to connect to
> https://localhost but works without security at http://localhost:443.

This looks strange - almost as if you have somehow turned off the SSLEngine
for your port 443 vhost. 

> Apache alone
>without ssl works great. I used the default httpd.conf file that came
> with ssl and changing only path names and have made all the certificates
>and keys.

Could you try setting SSLLogLevel to debug and then check the logfile
for any hints about what is wrong.
You may want to make sure that you've gone through a build procedure
more or less like http://www.modssl.org/example/ 

vh

Mads Toftum
-- 
`Darn it, who spiked my coffee with water?!' - lwall

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]