Re: Apache and mod_ssl - refusing connections on https?
I figured it out people, I just needed to start httpd with -DSSL. SO I was being dumb. --- Glyn Astill <[EMAIL PROTECTED]> wrote: > Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file: > > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > > Listen 443 > Listen my.ip.ad.dr:443 > > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl.crl > > SSLPassPhraseDialog builtin > > SSLSessionCache dbm:/var/run/ssl_scache > SSLSessionCacheTimeout 300 > > SSLMutex file:/var/run/ssl_mutex > > > > DocumentRoot "/usr/pkg/share/httpd/htdocs" > ServerName www.mydomain.net:443 > ServerAdmin [EMAIL PROTECTED] > ErrorLog /var/log/httpd/error_log > TransferLog /var/log/httpd/access_log > > SSLEngine on > > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt > SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem > > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog /var/log/httpd/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > > > Any ideas? > > --- "Omar W. Hannet" <[EMAIL PROTECTED]> wrote: > > > SSLEngine On? > > > > Glyn Astill wrote: > > > Hi people, > > > > > > I'm new to this list, so hello. > > > > > > I've been trying to get https working with apache 2.0.59 on > > NetBSD > > > 3.99 today, and it's > > > beginning to make my face ache. > > > > > > Basically when I try to view a page via https I get connection > > > refused. Apache is compiled with mod_ssl.c, I have openssl > > installed. > > > > > > This is what I've done so far: > > > > > > 1) Copied the example openssl cfg from examples to > > > /etc/openssl/openssl.cnf > > > > > > 2)Generated my server key, then pem file then the csr and crt. > > > > > > 3)Then coppied them all into ssl.key (server.pem, server.key), > > > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my > > > ssl.conf expects them. > > > > > > 4) Made sure ssl.conf is pointing to these files properly and > is > > > listening on port 443 (Listen :443) > > > > > > 5) Made sure ssl.conf is included in httpd.conf properly > > > > > > 6) check that mod_ssl.c is compiled in with https -l > > > > > > 7) checked my apache access and error logs - nothing ! > > > > > > And still nothing, it can't be listening on 443. > > > > > > If I do the following: > > > > > > #openssl s_client -connect localhost:443 -state -debug > > > > > > I get: > > > > > > connect: Connection refused > > > connect:errno=61 > > > I've even tried copying all my virtual hosts and changing :80 > to > > > :443, still nothing. > > > > > > This is really the first time I've ever touched ssl, so I'm > > hoping > > > I'm missing something really dumb. I've basically just got the > > > standard ssl.conf example modified ever so slightly so that > > things > > > point in the right place. > > > > > > ? > > > > > > Any ideas? > > > > > > > > > Cheers > > > Glyn > > > > > > > > > > ___ > > > > > Yahoo! Mail is the world's favourite email. Don't settle for > > less, sign up for > > > your free account today > > > http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html > > > > > > > > __ > > > Apache Interface to OpenSSL (mod_ssl) > > www.modssl.org > > > User Support Mailing List > > modssl-users@modssl.org > > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > -- > > Omar W. Hannet > > http://www.allez-oop.net/ > > > __ > > Apache Interface to OpenSSL (mod_ssl) > > www.modssl.org > > User Support Mailing List > > modssl-users@modssl.org > > Automated List Manager > > [EMAIL PROTECTED] > > > > > > ___ > Yahoo! Answers - Got a question? Someone out there knows the > answer. Try it > now. > http://uk.answers.yahoo.com/ > __ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager > [EMAIL PROTECTED] > ___ Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html __
Re: Apache and mod_ssl - refusing connections on https?
Yes, I have SSLEngine On in ssl.conf, here's my ssl.conf file: SSLRandomSeed startup builtin SSLRandomSeed connect builtin Listen 443 Listen my.ip.ad.dr:443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex DocumentRoot "/usr/pkg/share/httpd/htdocs" ServerName www.mydomain.net:443 ServerAdmin [EMAIL PROTECTED] ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/pkg/etc/httpd/ssl.crt/server.crt SSLCertificateKeyFile /usr/pkg/etc/httpd/ssl.key/server.pem SSLOptions +StdEnvVars SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Any ideas? --- "Omar W. Hannet" <[EMAIL PROTECTED]> wrote: > SSLEngine On? > > Glyn Astill wrote: > > Hi people, > > > > I'm new to this list, so hello. > > > > I've been trying to get https working with apache 2.0.59 on > NetBSD > > 3.99 today, and it's > > beginning to make my face ache. > > > > Basically when I try to view a page via https I get connection > > refused. Apache is compiled with mod_ssl.c, I have openssl > installed. > > > > This is what I've done so far: > > > > 1) Copied the example openssl cfg from examples to > > /etc/openssl/openssl.cnf > > > > 2)Generated my server key, then pem file then the csr and crt. > > > > 3)Then coppied them all into ssl.key (server.pem, server.key), > > ssl.csr (server.csr) and ssl.crt (server.crt). This is where my > > ssl.conf expects them. > > > > 4) Made sure ssl.conf is pointing to these files properly and is > > listening on port 443 (Listen :443) > > > > 5) Made sure ssl.conf is included in httpd.conf properly > > > > 6) check that mod_ssl.c is compiled in with https -l > > > > 7) checked my apache access and error logs - nothing ! > > > > And still nothing, it can't be listening on 443. > > > > If I do the following: > > > > #openssl s_client -connect localhost:443 -state -debug > > > > I get: > > > > connect: Connection refused > > connect:errno=61 > > I've even tried copying all my virtual hosts and changing :80 to > > :443, still nothing. > > > > This is really the first time I've ever touched ssl, so I'm > hoping > > I'm missing something really dumb. I've basically just got the > > standard ssl.conf example modified ever so slightly so that > things > > point in the right place. > > > > ? > > > > Any ideas? > > > > > > Cheers > > Glyn > > > > > > ___ > > > Yahoo! Mail is the world's favourite email. Don't settle for > less, sign up for > > your free account today > http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html > > > > __ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > modssl-users@modssl.org > > Automated List Manager > [EMAIL PROTECTED] > > > -- > Omar W. Hannet > http://www.allez-oop.net/ > __ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager > [EMAIL PROTECTED] > ___ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl - refusing connections on https?
SSLEngine On? Glyn Astill wrote: Hi people, I'm new to this list, so hello. I've been trying to get https working with apache 2.0.59 on NetBSD 3.99 today, and it's beginning to make my face ache. Basically when I try to view a page via https I get connection refused. Apache is compiled with mod_ssl.c, I have openssl installed. This is what I've done so far: 1) Copied the example openssl cfg from examples to /etc/openssl/openssl.cnf 2)Generated my server key, then pem file then the csr and crt. 3)Then coppied them all into ssl.key (server.pem, server.key), ssl.csr (server.csr) and ssl.crt (server.crt). This is where my ssl.conf expects them. 4) Made sure ssl.conf is pointing to these files properly and is listening on port 443 (Listen :443) 5) Made sure ssl.conf is included in httpd.conf properly 6) check that mod_ssl.c is compiled in with https -l 7) checked my apache access and error logs - nothing ! And still nothing, it can't be listening on 443. If I do the following: #openssl s_client -connect localhost:443 -state -debug I get: connect: Connection refused connect:errno=61 I've even tried copying all my virtual hosts and changing :80 to :443, still nothing. This is really the first time I've ever touched ssl, so I'm hoping I'm missing something really dumb. I've basically just got the standard ssl.conf example modified ever so slightly so that things point in the right place. ? Any ideas? Cheers Glyn ___ Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for your free account today http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] -- Omar W. Hannet http://www.allez-oop.net/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Apache and MOD_SSL
On Mon, Dec 27, 2004 at 11:06:21PM -0500, leandro asnaghi-nicastro wrote: > $ openssl s_client -connect def.con.ca:443 > CONNECTED(0003) > 24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:475: > That's usually what happens if the server is responding in HTTP instead of HTTPS. You could try adding -state -debug to the openssl s_client command to get more info. Also check your error log on the server, it should have something about invalid method. If def.con.ca is in fact the host with the problem, then I get the following with -debug: [SNIP] - 3c 21 44 4f 43 54 59 Further reading online: add SSLEngine on within the Virtual Host > setting (I'm guessing they meant in mod_ssl.conf?) and that is done. It has to go inside the VirtualHost block for the port 443 vhost. You also need a few other settings there pointing to the certificates. You could try posting the ssl related part of that vhost. > [EMAIL PROTECTED]:/etc/apache# netstat -tln | grep 443 > tcp0 0 0.0.0.0:443 0.0.0.0:* > LISTEN > > Okay, so I'm not that off. > Certainly there is something listening on port 443 - the s_client error would have been different if there was nothing on that port. > Obviously I am doing something wrong, albeit I am at a loss as to > what excatly I screwed up. Can someone kindly kick me in the right > direction? > It still looks like you don't have SSLEngine on in the right place. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
On Thu, 2002-02-07 at 16:02, bhawna sinha wrote: > Also in the error log it says "invalid > method in request". that means you're talking SSL to a normal http server. in other words, port 443 is not listening for ssl connections. -- [EMAIL PROTECTED] || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing." signature.asc Description: This is a digitally signed message part
RE: apache and mod_ssl
You neet to point your browser to https://www.yourdomain.foo or http://www.yourdomain.foo:443. Unless you are testing from the local http server, you will need to update your DNS with the new domain name(s). You also need to tell Apache to listen on port 443 in the httpd.conf file. If you are using virtual hosts, you will need to add other things in the httpd.conf file like (this config is for name-based v-hosts): NameVirtualHost *:80 NameVirtualHost *:443 Listen 80 Listen 443 SSLEngine on SSLCACertificatePath /usr/local/apache/conf/certs/ SSLCACertificateFile /usr/local/apache/conf/certs/ca.crt SSLCertificateChainFile /usr/local/apache/conf/certs/ca.crt SSLCertificateFile /usr/local/apache/conf/certs/server.crt SSLCertificateKeyFile /usr/local/apache/conf/certs/server.key DocumentRoot /usr/local/apache/htdocs ServerName www.yourdomain.foo [or www.sub.yourdomain.foo] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of bhawna sinha Sent: Thursday, February 07, 2002 4:02 PM To: [EMAIL PROTECTED] Subject: apache and mod_ssl I have installed apache web server software and the Apache interface to OpenSSL(mod_ssl) in order to have a secure server. I have changed the configuration file httpd.conf and ssl is enabled on port 443. But the problem is whenever I try the url https://localhost:443, it says cannot connect to server. It seems that it is not able to connect to port 443. Also in the error log it says "invalid method in request". I am attaching the conf file: ---***- LoadModule ssl_module modules/mod_ssl.so ServerAdmin [EMAIL PROTECTED] ServerName 127.0.0.1 SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/ssl.log SSLLogLevel info SSLEngine on SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key #SSLVerifyClient require #SSLVerifyDepth 1 #SSLCACertificatePath conf/ssl #SSLCACertificateFile conf/ssl/my-server.cert I would appreciate if anyone could give me a solution Thanks Bhawna __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
Hi bhawna! On 7 Feb 02 at 16:02 you wrote: > problem is whenever I try the url > https://localhost:443, it says cannot connect to > server. Have you tried just https://localhost ? It should work without specifying the port, but it also should work when you do specify the port. Do you have 'Listen 443' somewhere in your config file? You should. -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * Make yourself at home! Clean my kitchen. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache and Mod_SSL
You can use cygwin and it comes with openssl compiled. Regards, Lin Geng -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eduardo Fresno Sent: Wednesday, January 23, 2002 5:54 AM To: [EMAIL PROTECTED] Subject: Apache and Mod_SSL Hi, I was wondering if you could help me on this issue. I'm trying to make Apache a secure server by adding SSL performance. There may exist two main ways to do it: 1) Mod_SSL 2) Apache-SSL I've tried out the first option, but during the process, I've been asked for the 'nmake' compiler. I don't have this compiler and I don't want to pay for it, as I think it is provided with Visual C++ ($$$). So I was wondering if there exist another way to make it. ?? If not, I'm thinking about using Apache-SSL instead of Mod_SSL, in spite of the fact that most people may prefer Mod_SSL. Is it worth using Apache-SSL instead of Mod_SSL? I mean, are there big differences between both two options? Which one is the best? Thanks in advance, -- Edd. ___ Do You Yahoo!? Yahoo! Messenger Comunicación instantánea gratis con tu gente. http://messenger.yahoo.es __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
We do need 2 Virtual Host-Directives for HTTP & HTTPS (as we talked about this in this list before). So it's simpler to just to use: Redirect / https://%(HTTP_HOST)/ This needs the mod_alias which is compiled in by default. GreetingX, Alex --- ___cliff rayman___ <[EMAIL PROTECTED]> schrieb: > if u have compiled in mod_rewrite, i believe the > code below will do what you want. i have not tested > it here however. check out the following documentation. > > http://httpd.apache.org/docs/mod/mod_rewrite.html > http://httpd.apache.org/docs/misc/rewriteguide.html > > - snip > RewriteEngineon > RewriteCond %{HTTPS} !=on > RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] > - snip > > Janakiraman Mohanaraman wrote: > > > Hi: > > > > I am using mod_ssl and openssl in Linux platform for the first time. I was > > unable to locate documentation regarding the following and am not sure if > > this is do-able or not. > > > > I was trying to setup a directory on my server in such a way that all URL > > calls to that directory use SSL. Even if the URL entered in the browser is > > http://..., I would like to change that to https://...:443 automatically. > > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag > > for the directory to require SSL to access this directory. However, I was > > able to access this directory in http. I am using Apache 1.3.20, mod_ssl > > 2.8.4, openssl-0.9.6b in Linux 7.1 platform. > > > > I am looking for resolving 2 issues: > > a) Apache / mod_ssl Configuration to ensure that calls to a specific > > directory (say, /usr/apache/test/ssl) always use SSL; > > b) If user tries to access this directory in using http, automatically > > change that to https. > > > > Can someone shed light on whether this is do-able and if so how? > > > > -- > ___cliff [EMAIL PROTECTED]http://www.genwax.com/ > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
Janakiraman Mohanaraman wrote: > At 04:48 PM 8/22/2001 -0700, you wrote: > >if u have compiled in mod_rewrite, i believe the > >code below will do what you want. i have not tested > >it here however. check out the following documentation. > > > >http://httpd.apache.org/docs/mod/mod_rewrite.html > >http://httpd.apache.org/docs/misc/rewriteguide.html > > > >- snip > >RewriteEngineon > >RewriteCond %{HTTPS} !=on > >RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] in particular for the directories /tst/ssl and /tst/ssl2 RewriteEngineon RewriteCond %{HTTPS} !=on RewriteRule ^/test/ssl/(.+) https://%(HTTP_HOST)/tst/ssl/$1 [R,L] RewriteCond %{HTTPS} !=on RewriteRule ^/test/ssl2/(.+) https://%(HTTP_HOST)/tst/ssl2/$1 [R,L] i wanted to make sure this was clear. > > >- snip > > > >Janakiraman Mohanaraman wrote: > > > > > > > I was trying to setup a directory on my server in such a way that all URL > > > calls to that directory use SSL. Even if the URL entered in the browser is > > > http://..., I would like to change that to https://...:443 automatically. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
Thanks for your prompt response! MJ. At 04:48 PM 8/22/2001 -0700, you wrote: >if u have compiled in mod_rewrite, i believe the >code below will do what you want. i have not tested >it here however. check out the following documentation. > >http://httpd.apache.org/docs/mod/mod_rewrite.html >http://httpd.apache.org/docs/misc/rewriteguide.html > >- snip >RewriteEngineon >RewriteCond %{HTTPS} !=on >RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] >- snip > >Janakiraman Mohanaraman wrote: > > > Hi: > > > > I am using mod_ssl and openssl in Linux platform for the first time. I was > > unable to locate documentation regarding the following and am not sure if > > this is do-able or not. > > > > I was trying to setup a directory on my server in such a way that all URL > > calls to that directory use SSL. Even if the URL entered in the browser is > > http://..., I would like to change that to https://...:443 automatically. > > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag > > for the directory to require SSL to access this directory. However, I was > > able to access this directory in http. I am using Apache 1.3.20, mod_ssl > > 2.8.4, openssl-0.9.6b in Linux 7.1 platform. > > > > I am looking for resolving 2 issues: > > a) Apache / mod_ssl Configuration to ensure that calls to a specific > > directory (say, /usr/apache/test/ssl) always use SSL; > > b) If user tries to access this directory in using http, automatically > > change that to https. > > > > Can someone shed light on whether this is do-able and if so how? > > > >-- >___cliff [EMAIL PROTECTED]http://www.genwax.com/ > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager[EMAIL PROTECTED] * Janakiraman Mohanaraman (MJ) Mgr, Software Development Enterprise Management Business Unit Cisco Systems Inc, 170, W.Tasman Dr. San Jose, CA - 95134. (408) 527-7730 * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl
if u have compiled in mod_rewrite, i believe the code below will do what you want. i have not tested it here however. check out the following documentation. http://httpd.apache.org/docs/mod/mod_rewrite.html http://httpd.apache.org/docs/misc/rewriteguide.html - snip RewriteEngineon RewriteCond %{HTTPS} !=on RewriteRule ^(.+) https://%(HTTP_HOST)$1 [R,L] - snip Janakiraman Mohanaraman wrote: > Hi: > > I am using mod_ssl and openssl in Linux platform for the first time. I was > unable to locate documentation regarding the following and am not sure if > this is do-able or not. > > I was trying to setup a directory on my server in such a way that all URL > calls to that directory use SSL. Even if the URL entered in the browser is > http://..., I would like to change that to https://...:443 automatically. > The documentation in mod-ssl indicated that I use the SSLRequireSSL flag > for the directory to require SSL to access this directory. However, I was > able to access this directory in http. I am using Apache 1.3.20, mod_ssl > 2.8.4, openssl-0.9.6b in Linux 7.1 platform. > > I am looking for resolving 2 issues: > a) Apache / mod_ssl Configuration to ensure that calls to a specific > directory (say, /usr/apache/test/ssl) always use SSL; > b) If user tries to access this directory in using http, automatically > change that to https. > > Can someone shed light on whether this is do-able and if so how? > -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
On Fri, Jun 02, 2000 at 07:29:14PM -0500, Dave wrote: > >I have been trying for the past couple of days to get apache and > ssl(http://www.modssl.org and http://www.apache-ssl.org) to work. I have > >tried them both. Netscape hangs when I try to connect to > https://localhost but works without security at http://localhost:443. This looks strange - almost as if you have somehow turned off the SSLEngine for your port 443 vhost. > Apache alone >without ssl works great. I used the default httpd.conf file that came > with ssl and changing only path names and have made all the certificates >and keys. Could you try setting SSLLogLevel to debug and then check the logfile for any hints about what is wrong. You may want to make sure that you've gone through a build procedure more or less like http://www.modssl.org/example/ vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache and mod_ssl on WinNT-platform
I have been using Apache/modssl on NT for the past year without too many problems. Configuration is pretty much the same. I did find a few bugs which I fixed myself and posted to this list. I think all my fixes have been propagated into the current release. I obtained my release from the opensa.org site, which appears to have disappeared from the web. Their distribution had Apache/mod_ssl/openssl in MSVC workspace/project form, which I prefer to the makefile scheme you get from standard downloads. This is a personal preference however. The above being said, our NT/Apache usage is for developers to have their own servers while developing JSPs, and our production usage is on Solaris. However, I don't believe there are any security holes in the NT implementation that are not also present in Unix. Our biggest issue in moving from NT to Unix is that NT paths case-insensitive, so that we do not detect case errors in URLs during development. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Hiendl Elke > Sent: Wednesday, September 13, 2000 3:59 AM > To: [EMAIL PROTECTED] > Subject: Apache and mod_ssl on WinNT-platform > > > > Hi, > > thrown in a running project, I found following: > Apache 1.3.12 with mod_ssl 2.6.2. and OpenSSL 0.9.5 running on NT > 4.0(SP 5). > Although knowing well Apache on Linux, the same on a NT-platform is > completely new for me. > So, is there anybody who has experience with this kind of stuff? Do I have > to be aware of anything important (i.e. security holes, known > bugs..) in the > config-file. I would be grateful for any advice or technical tip. > Thanks in advance > > Elke > > > > > Elke Hiendl > Beraterin für System- und Netzwerkmanagement > iteratec > Gesellschaft für iterative Softwaretechnologien mbH > Inselkammerstraße 4 > 82008 München-Unterhaching > > Telefon +49 89 61 45 51 - 35 > Fax +49 89 61 45 51 - 10 > wwwhttp://www.iteratec.de > mailto:[EMAIL PROTECTED] > > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and mod_ssl on WinNT-platform
My advice would have to be - move to *nix if you possibly can ;-) I've been developing a site where everything is SSL encrypted so we have heavy mod_ssl use. Initially we used NT, using Apache 1.3.12, mod_ssl 2.6.4 and OpenSSL 0.9.4 in a pre-bulit binary form. I had so many problems with unexplained Access Violation errors that I moved to Linux. This solved all the issues as well as giving me a 100% performance increase on the same hardware ! The problem I think is that Ralf does not support NT so support is very limited on the list. Although I did get an offer to review backtraces if I posted them I didn't take up the offer as I was running out of time and felt a move to Linux would be more prudent. I was lucky in that I am running the project so could make such changes. If you are not so lucky you will just have hope that the latest versions of mod_ssl are more stable on NT or that compiling them from sources on your specific NT build will be more successful. Good luck ! HTH, Simon Wilcox. (Embedded image moved to file: pic26786.pcx) (Embedded image moved to file: pic03688.pcx) Please respond to [EMAIL PROTECTED] From Hiendl Elke <[EMAIL PROTECTED]> Date 13 September 2000 To [EMAIL PROTECTED]Time 07:58 Copy to (bcc: Simon Wilcox/BASE/WilliamsLea) Bcc Simon Wilcox/BASE/WilliamsLea Fax to SubjectApache and mod_ssl on WinNT-platform Hi, thrown in a running project, I found following: Apache 1.3.12 with mod_ssl 2.6.2. and OpenSSL 0.9.5 running on NT 4.0(SP 5). Although knowing well Apache on Linux, the same on a NT-platform is completely new for me. So, is there anybody who has experience with this kind of stuff? Do I have to be aware of anything important (i.e. security holes, known bugs..) in the config-file. I would be grateful for any advice or technical tip. Thanks in advance Elke Elke Hiendl Beraterin für System- und Netzwerkmanagement iteratec Gesellschaft für iterative Softwaretechnologien mbH Inselkammerstraße 4 82008 München-Unterhaching Telefon +49 89 61 45 51 - 35 Fax +49 89 61 45 51 - 10 wwwhttp://www.iteratec.de mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ This email contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or reply on this email. pic26786.pcx pic03688.pcx
Re: apache and mod_ssl
Dave wrote: > Netscape hangs when I try to connect to > https://localhost but works without security at http://localhost:443. You really need to tell us more about your setup: - What operating system? - How did you install mod_ssl and with which Apache? By the way, let's keep it simple: Forget about Apache-ssl for now. We need to be sure that we are talking mod_ssl and not Apache-ssl (they are to different products). -- Greetings from Troels Arvin, Copenhagen, Denmark __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
After I sent the message, I turned on the computer (even though I did this before) and for some odd reason, it worked. Thanks for the help! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache and mod_ssl
On Fri, Jun 02, 2000 at 07:29:14PM -0500, Dave wrote: > >I have been trying for the past couple of days to get apache and > ssl(http://www.modssl.org and http://www.apache-ssl.org) to work. I have > >tried them both. Netscape hangs when I try to connect to > https://localhost but works without security at http://localhost:443. This looks strange - almost as if you have somehow turned off the SSLEngine for your port 443 vhost. > Apache alone >without ssl works great. I used the default httpd.conf file that came > with ssl and changing only path names and have made all the certificates >and keys. Could you try setting SSLLogLevel to debug and then check the logfile for any hints about what is wrong. You may want to make sure that you've gone through a build procedure more or less like http://www.modssl.org/example/ vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]