Re: SSL error message
I am away until the 1st of October 2003. I will get back to you as soon as i can when I return. If the matter is urgent and concerns OASIS, MUBSWEB or MUBS Online then please contact one of the other members of the OLSU team. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL error message
Hello, > How can i show for users some my own error page (for example, "Please insert > your ID card!")? Does the modssl have such a custom error message functionality? Also, How can the server know whether the ID card is inserted or not? The error message below only shows that the server does not recieve the client certificate that was expected. > Apache SSL error.log is: > [Thu Sep 11 12:23:37 2003] [error] OpenSSL: error:140890C7:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate > [Hint: No CAs known to server for verification?] > [Thu Sep 11 12:23:37 2003] [error] mod_ssl: SSL handshake failed (server > erki_laptop/laev:443, client 172.100.60.2) (OpenSSL library error follows) The solution would be to have your application check whether the ID card is inserted and make sure your certficate there before you send the SSL message. -Kiyoshi Kiyoshi Watanabe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL error message
Hi! My users are using ID card for authentification. If the ID card is missing or password is wrong, users gets default msie errorpage "The page cannot be displayed". I have declared all error messages in Apache conf file (errordocs a.s.o) but it did not help. How can i show for users some my own error page (for example, "Please insert your ID card!")? Apache SSL error.log is: [Thu Sep 11 12:23:37 2003] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?] [Thu Sep 11 12:23:37 2003] [error] mod_ssl: SSL handshake failed (server erki_laptop/laev:443, client 172.100.60.2) (OpenSSL library error follows) I'm using WinXP, OpenSA, Apache 1.3.7, OpenSSL 0.9.6b, Tomcat 4.1. Tnx, Erki __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL Error
Hi, I am facing this error when I start apache. I have followed all the required steps. Can anyone help. [Mon Nov 11 10:57:44 2002] [error] mod_ssl: Init: Failed to generate temporary 5 12 bit RSA private key Atanu. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL error
Hi, I am running apache 2.0.40 + SSL + mod_proxy I have many error when i benchmark my server with stress tools (silkperformer): [Tue Sep 17 19:36:03 2002] [error] SSL Library Error: 336151568 error:14094410:lib(20):func(148):reason(1040) [Tue Sep 17 19:36:03 2002] [error] SSL error on reading data If someone have an idea, best regards, Estrade Matthieu Etudiant: Wanadoo t'offre le Pack eXtense Haut Débit soit 150,92 euros d'économies ! Et pour 1 euro de plus, reçois le CD-ROM du jeu Dark Age of Camelot + 1 mois de jeu en réseau offert ! Clique ici : http://www.ifrance.com/_reloc/mail.etudiant __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Newbies : Apache - mod-ssl error
The most common mistake on windows is that people forget to copy ssleay32.dll and libeay32.dll to WINNT\System32... it returns exactly that error... did you copy them? >>Hi, >> >>I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in >>windows2000. >>I think i've succeeded to install everything. >> >>Now for Apache, i can run it without SSL. >>But, if i try to add LoadModule ssl_module modules/mod_ssl.so >>and run it ... it returns error : >>Syntax error on line 192 of d:/apache/conf/httpd.conf: >>Cannot load /apache/modules/mod_ssl.so into server: (126) The specified >>module could not be found: >> >>i'm sure i've put the mod_ssl.so in the modules directory with others >>Apache modules. >>I've tried to used the full directory LoadModule ssl_module >>D:/Apache/modules/mod_ssl.so >>but, still get the same error. >>Syntax error on line 192 of d:/apache/conf/httpd.conf: >>Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified >>module could not be found: >> >>Does anyone knows what's wrong? Any suggestion will be accepted. >> >>Thanks in advance, >>Andy. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Newbies : Apache - mod-ssl error
not sure how it is on winblows machines, but, on unix/linux systems the modules are found under libexec in the installed apache tree, it maybe looking for your module in the wrong place? Thanks, Ron DuFresne On Wed, 26 Jun 2002, Andy Soedibjo wrote: > Hi, > > I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in > windows2000. > I think i've succeeded to install everything. > > Now for Apache, i can run it without SSL. > But, if i try to add LoadModule ssl_module modules/mod_ssl.so > and run it ... it returns error : > Syntax error on line 192 of d:/apache/conf/httpd.conf: > Cannot load /apache/modules/mod_ssl.so into server: (126) The specified > module could not be found: > > i'm sure i've put the mod_ssl.so in the modules directory with others > Apache modules. > I've tried to used the full directory LoadModule ssl_module > D:/Apache/modules/mod_ssl.so > but, still get the same error. > Syntax error on line 192 of d:/apache/conf/httpd.conf: > Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified > module could not be found: > > Does anyone knows what's wrong? Any suggestion will be accepted. > > Thanks in advance, > Andy. > > -- ~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Newbies : Apache - mod-ssl error
Hi, I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in windows2000. I think i've succeeded to install everything. Now for Apache, i can run it without SSL. But, if i try to add LoadModule ssl_module modules/mod_ssl.so and run it ... it returns error : Syntax error on line 192 of d:/apache/conf/httpd.conf: Cannot load /apache/modules/mod_ssl.so into server: (126) The specified module could not be found: i'm sure i've put the mod_ssl.so in the modules directory with others Apache modules. I've tried to used the full directory LoadModule ssl_module D:/Apache/modules/mod_ssl.so but, still get the same error. Syntax error on line 192 of d:/apache/conf/httpd.conf: Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified module could not be found: Does anyone knows what's wrong? Any suggestion will be accepted. Thanks in advance, Andy.
Newbies : Apache - mod-ssl error
Hi, I tried to install Apache1.3.26 - mod-ssl2.8.9-1.3.26 - OpenSSL0.9.6d in windows2000. I think i've succeeded to install everything. Now for Apache, i can run it without SSL. But, if i try to add LoadModule ssl_module modules/mod_ssl.so and run it ... it returns error : Syntax error on line 192 of d:/apache/conf/httpd.conf: Cannot load /apache/modules/mod_ssl.so into server: (126) The specified module could not be found: i'm sure i've put the mod_ssl.so in the modules directory with others Apache modules. I've tried to used the full directory LoadModule ssl_module D:/Apache/modules/mod_ssl.so but, still get the same error. Syntax error on line 192 of d:/apache/conf/httpd.conf: Cannot load d:/apache/modules/mod_ssl.so into server: (126) The specified module could not be found: Does anyone knows what's wrong? Any suggestion will be accepted. Thanks in advance, Andy.
Second Repost: Possible bug - 2.7.1 and MacOS NS 7.4 SSL error?
Hi, this is my third post on this problem. Have an error using NS communicator 4.74 (128bit US) for Macintosh. We do need the NS MacOS to work. Windows work fine all browsers as do MS IE 5.0 for MacOS. Is this a bug or a misconfiguration? The stop button is NOT used regardless of what the log say. Following from the ssl_engine_log... [27/Oct/2000 12:56:27 32679] [info] Seeding PRNG with 1160 bytes of entropy [27/Oct/2000 12:56:30 32679] [error] SSL handshake failed (server front242.ei.sigma.se:443, client 10.13.1.115) (OpenSSL library error follows) [27/Oct/2000 12:56:30 32679] [error] OpenSSL: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 [27/Oct/2000 12:56:30 32679] [error] OpenSSL: error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed [27/Oct/2000 12:56:30 32679] [error] OpenSSL: error:1408B076:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt [27/Oct/2000 12:57:09 32678] [info] Connection to child 2 established (server front242.ei.sigma.se:443, client 10.13.1.115) [27/Oct/2000 12:57:09 32678] [info] Seeding PRNG with 1160 bytes of entropy [27/Oct/2000 12:57:09 32678] [error] SSL handshake interrupted by system [Hint:Stop button pressed in browser?!] (System error follows) [27/Oct/2000 12:57:09 32678] [error] System: Connection reset by peer (errno: 104) ... Config: RedHat 6.2 Apache/1.3.14 (Unix) PHP/4.0.3pl1 mod_perl/1.24_01 mod_ssl/2.7.1 OpenSSL/0.9.3a with a self signed cert. Have tried with OpenSSL 0.9.6 and back to 0.9.3a. Greatful for any input on how to proceed. Maybe Apache/mod_ssl is only aimed at Windows browsers or is some vital information missing so that this post does not make sense? Which additional info is then required? Thanks Hans -- _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Hans Lohmander -- Sigma Exallon Information AB Research & Development Talkto:+46 (0)40 665 91 65 Faxto:+46 (0)40 24 99 50 Mobile# +46 (0)703-79 09 51 mailto:[EMAIL PROTECTED] http://www.ei.sigma.se/ ICQ# 9319123 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Repost: Possible bug - 2.7.1 and MacOS NS 7.4 SSL error?
Hi, please help me out on this one. Have an OpenSSL error using NS communicator 4.74 for Macintosh. We do need the NS MacOS to work. All other browsers seem ok. Is this a bug or a misconfiguration? Following from the ssl_engine_log... [27/Oct/2000 12:56:27 32679] [info] Seeding PRNG with 1160 bytes of entropy [27/Oct/2000 12:56:30 32679] [error] SSL handshake failed (server front242.ei.sigma.se:443, client 10.13.1.115) (OpenSSL library error follows) [27/Oct/2000 12:56:30 32679] [error] OpenSSL: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02 [27/Oct/2000 12:56:30 32679] [error] OpenSSL: error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed [27/Oct/2000 12:56:30 32679] [error] OpenSSL: error:1408B076:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt [27/Oct/2000 12:57:09 32678] [info] Connection to child 2 established (server front242.ei.sigma.se:443, client 10.13.1.115) [27/Oct/2000 12:57:09 32678] [info] Seeding PRNG with 1160 bytes of entropy [27/Oct/2000 12:57:09 32678] [error] SSL handshake interrupted by system [Hint:Stop button pressed in browser?!] (System error follows) [27/Oct/2000 12:57:09 32678] [error] System: Connection reset by peer (errno: 104) ... Config: Apache/1.3.14 (Unix) PHP/4.0.3pl1 mod_perl/1.24_01 mod_ssl/2.7.1 OpenSSL/0.9.3a with a self signed cert. Have tried with OpenSSL 0.9.6 and back to 0.9.3a. Greatful for any input on how to proceed. Thanks Hans -- _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Hans Lohmander -- Sigma Exallon Information AB Research & Development Talkto:+46 (0)40 665 91 65 Faxto:+46 (0)40 24 99 50 Mobile# +46 (0)703-79 09 51 mailto:[EMAIL PROTECTED] http://www.ei.sigma.se/ ICQ# 9319123 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: MSIE 4.5 SSL Error
We have fixed the problem with the addition of the SSLvl3 line from the FAQ that reverts the connection to Lvl 2. And run into a new error later in the buying process in MSIE 4.5 and before. "Identity Certificate uses an Unknown Signature Algorythm" and MSIE 3.00 doesn't connect at all. Any ideas on further server changes to fix this new one? Thanks DW David Waldron wrote: > I have been researching the problem for several days and have > run into the limits of my knowledge on Apache and ssl. > > We have updated our software to: > > Apache 1.3.14 > mod_ssl 2.7.0-1.3.14 > openssl 0.9.5a > > and have modified the config file with: > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > and > > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > As stated in the FAQ and several messages. > > We have a verisign certificate on https://www.darkstardesign.com and > reference it to another domain name(crazycardboarddecor.com) for use in > the shopping cart by the url > https://www.darkstardesign.com/kraftables/cgi-bin/comcart20/comcartp.pl > This setup works perfectly for secure cart connections in IE 5 and > Netscape. When we access in MSIE 4.5 and before, we get the error > "Security Failure. The Server Reply is Invalid" > > The error log on darkstardesign.com is: > [Sat Oct 14 11:01:28 2000] [error] mod_ssl: SSL handshake interrupted by > > system [Hint: Stop button pressed in browser?!] (System error follows) > [Sat Oct 14 11:01:28 2000] [error] System: Connection reset by peer > (errno: 104) > > The error log on crazycardboarddecor.com is(for the same event): > [Sat Oct 14 14:52:52 2000] [error] [client 24.6.58.31] File does not > exist: /home/kraftables/public_html/html/none > [Sat Oct 14 14:52:52 2000] [error] [client 24.6.58.31] File does not > exist: /home/kraftables/public_html/404.html > > Does anyone have any quick advice on where to procede from here? > > Thanks, > David W > > end - begin:vcard n:Waldron;David tel;cell:615-414-0195 tel;fax:615-885-0120 tel;work:615-883-3399 x-mozilla-html:TRUE url:http://www.darkstardesign.com org:Darkstar Design, Inc.;E-Commerce Division adr:;;PO Box 8261;Hermitage;TN;37076;USA version:2.1 email;internet:[EMAIL PROTECTED] title:Vice-President fn:David Waldron end:vcard
MSIE 4.5 SSL Error
I have been researching the problem for several days and have run into the limits of my knowledge on Apache and ssl. We have updated our software to: Apache 1.3.14 mod_ssl 2.7.0-1.3.14 openssl 0.9.5a and have modified the config file with: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 and SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP As stated in the FAQ and several messages. We have a verisign certificate on https://www.darkstardesign.com and reference it to another domain name(crazycardboarddecor.com) for use in the shopping cart by the url https://www.darkstardesign.com/kraftables/cgi-bin/comcart20/comcartp.pl This setup works perfectly for secure cart connections in IE 5 and Netscape. When we access in MSIE 4.5 and before, we get the error "Security Failure. The Server Reply is Invalid" The error log on darkstardesign.com is: [Sat Oct 14 11:01:28 2000] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Sat Oct 14 11:01:28 2000] [error] System: Connection reset by peer (errno: 104) The error log on crazycardboarddecor.com is(for the same event): [Sat Oct 14 14:52:52 2000] [error] [client 24.6.58.31] File does not exist: /home/kraftables/public_html/html/none [Sat Oct 14 14:52:52 2000] [error] [client 24.6.58.31] File does not exist: /home/kraftables/public_html/404.html Does anyone have any quick advice on where to procede from here? Thanks, David W end begin:vcard n:Waldron;David tel;cell:615-414-0195 tel;fax:615-885-0120 tel;work:615-883-3399 x-mozilla-html:TRUE url:http://www.darkstardesign.com org:Darkstar Design, Inc.;E-Commerce Division adr:;;PO Box 8261;Hermitage;TN;37076;USA version:2.1 email;internet:[EMAIL PROTECTED] title:Vice-President fn:David Waldron end:vcard
SSL error
Hi! Is this what the hint says? Hint: Stop button pressed in browser?!] (System error follows) [Thu Sep 28 08:45:34 2000] [error] System: Connection reset by peer (errno: 104) [Thu Sep 28 08:50:36 2000] [error] mod_ssl: SSL handshake timed out (client xxx.xxx.xxx.xxx, server www.bogus.com:443) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
apache_1.3.12 SSL error
I've just installed apache_1.3.12 and when I start apache ssl I get the following error :/# /etc/apache1/bin/apachectl startssl Syntax error on line 1024 of /etc/apache1/conf/httpd.conf: Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration /etc/apache1/bin/apachectl startssl: httpd could not be started This is an extract from my httpd.conf as generated, can someone see what is wrong?? ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First either `none' # or `dbm:/path/to/file' for the mechanism to use and # second the expiring timeout (in seconds). #SSLSessionCachenone #SSLSessionCache shm:/etc/apache1/logs/ssl_scache(512000) SSLSessionCache dbm:/etc/apache1/logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:/etc/apache1/logs/ssl_mutex # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # Logging: # The home of the dedicated SSL protocol logfile. Errors are # additionally duplicated in the general error log file. Put # this somewhere where it cannot be used for symlink attacks on # a real server (i.e. somewhere where only root can write). # Log levels are (ascending order: higher ones include lower ones): # none, error, warn, info, trace, debug. SSLLog /etc/apache1/logs/ssl_engine_log SSLLogLevel info ## ## SSL Virtual Host Context ## # General setup for the virtual host DocumentRoot "/etc/apache1/htdocs" ServerName computer.domain.name ServerAdmin [EMAIL PROTECTED] ErrorLog /etc/apache1/logs/error_log TransferLog /etc/apache1/logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL Any help would be greatly appreciated Thanks in advance Bill * The Mind is like a parachute; it works much better when it's open. * __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL Error
--- DAGNICOURT Sebastien - NTR <[EMAIL PROTECTED]> wrote: > Okay, i forgot some parameters in httpd.conf. > Thanks for the documentation. > > > > -Message d'origine- > > De: Mads Toftum [SMTP:[EMAIL PROTECTED]] > > Date: mercredi 28 juin 2000 10:07 > > ? [EMAIL PROTECTED] > > Objet: Re: SSL Error > > > > On Wed, Jun 28, 2000 at 10:00:29AM +0200, > DAGNICOURT Sebastien - NTR > > wrote: > > > Okay, but i start it by > /mypathtoapache/bin/apache startssl. I see httpd > > > -DSSL runnig and i put the AddModule mod_ssl.c > in httpd.conf. > > > Did I forget something? > > > > > Are you running on a config file made by mod_ssl > or is it your own? > > Because it needs a lot more than just the > AddModule and -DSSL. > > If you don't mind reading diffs, then take a look > at > > > http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.sslcfg/sslcfg > > .patch?rev=1.172&hideattic=1&sortbydate=0 > > it will give you an idea about what mod_ssl needs > to add to httpd.conf. > > > > vh > > > > Mads Toftum > > -- > > `Darn it, who spiked my coffee with water?!' - > lwall > > > > > __ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] _ ¾ßÈÄ! ¸ÞÀÏ ID·Î ¸¶ÀÌ ¾ßÈÄ!¸¦ ²Ù¸çº¸¼¼¿ä. Áõ±Ç, ´º½ºÅ¬¸®ÇÎ, ÀÏÁ¤°ü¸®, ºÏ¸¶Å©... ³»°Ô ÇÊ¿äÇÑ °Íµé¸¸ °ñ¶ó ¸ÅÀÏ ÀÚµ¿À¸·Î ¾÷µ¥ÀÌÆ®! http://kr.my.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL Error
Okay, i forgot some parameters in httpd.conf. Thanks for the documentation. > -Message d'origine- > De: Mads Toftum [SMTP:[EMAIL PROTECTED]] > Date: mercredi 28 juin 2000 10:07 > À:[EMAIL PROTECTED] > Objet: Re: SSL Error > > On Wed, Jun 28, 2000 at 10:00:29AM +0200, DAGNICOURT Sebastien - NTR > wrote: > > Okay, but i start it by /mypathtoapache/bin/apache startssl. I see httpd > > -DSSL runnig and i put the AddModule mod_ssl.c in httpd.conf. > > Did I forget something? > > > Are you running on a config file made by mod_ssl or is it your own? > Because it needs a lot more than just the AddModule and -DSSL. > If you don't mind reading diffs, then take a look at > http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.sslcfg/sslcfg > .patch?rev=1.172&hideattic=1&sortbydate=0 > it will give you an idea about what mod_ssl needs to add to httpd.conf. > > vh > > Mads Toftum > -- > `Darn it, who spiked my coffee with water?!' - lwall > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL Error
Ok, it works fine. Thanks. > -Message d'origine- > De: Paul McGarry [SMTP:[EMAIL PROTECTED]] > Date: mercredi 28 juin 2000 10:16 > À:[EMAIL PROTECTED] > Objet: Re: SSL Error > > DAGNICOURT Sebastien - NTR wrote: > > > Okay, but i start it by /mypathtoapache/bin/apache startssl. I see httpd > > -DSSL runnig and i put the AddModule mod_ssl.c in httpd.conf. > > Did I forget something? > > The other configuration directives to use SSL for the (virtual) server? > == > SSLEngine on > SSLCertificateFile /mypathtoapache/conf/ssl.crt/server.crt > SSLCertificateKeyFile /mypathtoapache/conf/ssl.key/server.key > == > would be a good start if it isn't already there. I'm no expert, but > perhaps that is what you are missing. > > -- > Paul McGarrymailto:[EMAIL PROTECTED] > Systems Integrator http://www.opentec.com.au > Opentec Pty Ltd http://www.iebusiness.com.au > 6 Lyon Park RoadPhone: (02) 9878 1744 > North Ryde NSW 2113 Fax: (02) 9878 1755 > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL Error
On Wed, Jun 28, 2000 at 10:00:29AM +0200, DAGNICOURT Sebastien - NTR wrote: > Okay, but i start it by /mypathtoapache/bin/apache startssl. I see httpd > -DSSL runnig and i put the AddModule mod_ssl.c in httpd.conf. > Did I forget something? > Are you running on a config file made by mod_ssl or is it your own? Because it needs a lot more than just the AddModule and -DSSL. If you don't mind reading diffs, then take a look at http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.sslcfg/sslcfg.patch?rev=1.172&hideattic=1&sortbydate=0 it will give you an idea about what mod_ssl needs to add to httpd.conf. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL Error
DAGNICOURT Sebastien - NTR wrote: > Okay, but i start it by /mypathtoapache/bin/apache startssl. I see httpd > -DSSL runnig and i put the AddModule mod_ssl.c in httpd.conf. > Did I forget something? The other configuration directives to use SSL for the (virtual) server? == SSLEngine on SSLCertificateFile /mypathtoapache/conf/ssl.crt/server.crt SSLCertificateKeyFile /mypathtoapache/conf/ssl.key/server.key == would be a good start if it isn't already there. I'm no expert, but perhaps that is what you are missing. -- Paul McGarrymailto:[EMAIL PROTECTED] Systems Integrator http://www.opentec.com.au Opentec Pty Ltd http://www.iebusiness.com.au 6 Lyon Park RoadPhone: (02) 9878 1744 North Ryde NSW 2113 Fax: (02) 9878 1755 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL Error
Okay, but i start it by /mypathtoapache/bin/apache startssl. I see httpd -DSSL runnig and i put the AddModule mod_ssl.c in httpd.conf. Did I forget something? > -Message d'origine- > De: Mads Toftum [SMTP:[EMAIL PROTECTED]] > Date: mercredi 28 juin 2000 09:47 > À:[EMAIL PROTECTED] > Objet: Re: SSL Error > > On Wed, Jun 28, 2000 at 08:59:30AM +0200, DAGNICOURT Sebastien - NTR > wrote: > > Hello, > > I install mod_ssl-2.6.4-1.3.12 with apache_1.3.12 and openssl-0.9.4. > > This doesn't work and i get this error message when i try openssl: > > > > ./openssl s_client -connect websdsec:8443 -state -debug > > CONNECTED(0003) > > SSL_connect:before/connect initialization > > write to 081092C8 [08109320] (109 bytes => 109 (0x6D)) > > - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .kB... > . > > 0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 > > > 0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 > > > 0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 > ...@ > > 0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 f6 c2 28 > ...( > > 0050 - 92 f3 10 ad a7 7e bb f5-03 18 74 9a f4 28 a4 f5 > .~t..(.. > > 0060 - 8b ff 1a f8 0d 92 2d 32-62 16 a5 a4 01..-2b > > SSL_connect:SSLv2/v3 write client hello A > > read from 081092C8 [0810E880] (7 bytes => 7 (0x7)) > > - 3c 21 44 4f 43 54 59 > SSL_connect:error in SSLv2/v3 read server hello A > > 15679:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > > protocol:s23_clnt.c:450: > > > > > > What could be the problem? > > You're connecting to a server running in plain http mode - if you look > at the dump, then you see ' seeing > this if there was an https server in the other end. > > vh > > Mads Toftum > -- > `Darn it, who spiked my coffee with water?!' - lwall > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL Error
On Wed, Jun 28, 2000 at 08:59:30AM +0200, DAGNICOURT Sebastien - NTR wrote: > Hello, > I install mod_ssl-2.6.4-1.3.12 with apache_1.3.12 and openssl-0.9.4. > This doesn't work and i get this error message when i try openssl: > > ./openssl s_client -connect websdsec:8443 -state -debug > CONNECTED(0003) > SSL_connect:before/connect initialization > write to 081092C8 [08109320] (109 bytes => 109 (0x6D)) > - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .kB... . > 0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 > 0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 > 0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 ...@ > 0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 f6 c2 28 ...( > 0050 - 92 f3 10 ad a7 7e bb f5-03 18 74 9a f4 28 a4 f5 .~t..(.. > 0060 - 8b ff 1a f8 0d 92 2d 32-62 16 a5 a4 01..-2b > SSL_connect:SSLv2/v3 write client hello A > read from 081092C8 [0810E880] (7 bytes => 7 (0x7)) > - 3c 21 44 4f 43 54 59 SSL_connect:error in SSLv2/v3 read server hello A > 15679:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:450: > > > What could be the problem? You're connecting to a server running in plain http mode - if you look at the dump, then you see '
SSL Error
Hello, I install mod_ssl-2.6.4-1.3.12 with apache_1.3.12 and openssl-0.9.4. This doesn't work and i get this error message when i try openssl: ./openssl s_client -connect websdsec:8443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 081092C8 [08109320] (109 bytes => 109 (0x6D)) - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .kB... . 0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 ...@ 0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 f6 c2 28 ...( 0050 - 92 f3 10 ad a7 7e bb f5-03 18 74 9a f4 28 a4 f5 .~t..(.. 0060 - 8b ff 1a f8 0d 92 2d 32-62 16 a5 a4 01..-2b SSL_connect:SSLv2/v3 write client hello A read from 081092C8 [0810E880] (7 bytes => 7 (0x7)) - 3c 21 44 4f 43 54 59
Secure Reverse Proxy - SSL Error - Please Help
Hi there.
I'm attempting to setup a reverse proxy using OpenBSD-2.7, OpenSSL-0.9.5a,
mod_ssl-2.6.4_1.3.12, and Apache-1.3.12.
Up to this point, I've gotten the reverse proxy setup and it runs correctly
for retrieving port 80 based materials. But I cannot get Apache to launch
with SSL support.
Here is the error that I am getting from apache-rproxy.elog:
[Mon Jun 19 05:26:09 2000] [error] mod_ssl: Init:
(openliness-qa.mydomain.com:443) Unable to configure RSA server private key
(OpenSSL library error follows)
[Mon Jun 19 05:26:09 2000] [error] OpenSSL: error:0B080074::lib(11)
:func(128) :reason(116)
Can anyone help me? I have the cert for openliness-qa on the rproxy server.
Do I actually need the key as well or is the proxy becoming transparent
after the certificate has been passed from the Proxy to the client? If I'm
really curious why http will work, but attempting to start https is failing.
Here is my httpd.conf file.
##
## apache-rproxy.conf -- Apache configuration for Reverse Proxy
Usage
##
# server type
ServerType standalone
Port 80
Listen 443
MinSpareServers 2
StartServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 100
# server operation parameters
KeepAliveon
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Timeout 400
IdentityCheckoff
HostnameLookups on
# paths to runtime files
PidFile /opt/apache/logs/apache-rproxy.pid
LockFile /opt/apache/logs/apache-rproxy.lock
ErrorLog /opt/apache/logs/apache-rproxy.elog
# unused paths
ServerRoot /opt/apache
DocumentRoot /tmp
CacheRoot/tmp
TypesConfig /dev/null
AccessConfig /dev/null
ResourceConfig /dev/null
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLEngine on
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/opt/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/opt/apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /opt/apache/logs/ssl_engine_log
SSLLogLevel info
SSLCertificateFile /opt/apache/conf/ssl.crt/snakeoil-rsa.crt
SSLCertificateKeyFile /opt/apache/conf/ssl.key/snakeoil-rsa.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# speed up and secure processing
Options -FollowSymLinks -SymLinksIfOwnerMatch
AllowOverride None
# the status page for monitoring the reverse proxy
SetHandler server-status
# enable the URL rewriting engine
RewriteEngineon
RewriteLogLevel 2
NameVirtualHost webhome.mydomain.com:80
NameVirtualHost openliness-qa.mydomain.com:443
SSLDisable
ServerName webhome.mydomain.com
CustomLog/opt/apache/logs/apache-rproxy-wh.dlog
"%{%v/%T}t %h -> %{SERVER}e URL: %U"
RewriteLog /opt/apache/logs/apache-rproxy-wh.rwlog
TransferLog /opt/apache/logs/apache-rproxy-wh.tlog
# define a rewriting map with value-lists where
# mod_rewrite randomly chooses a particular value
RewriteMap server
rnd:/opt/apache/conf/apache-rproxy-wh.conf-servers
# make sure the status page is handled locally
# and make sure no one uses our proxy except ourself
RewriteRule^/apache-rproxy-status.* - [L]
RewriteRule^(http|ftp)://.* - [F]
# now choose the possible servers for particular URL types
RewriteRule^/(.*\.(cgi|shtml))$ to://${server:dynamic}/$1
[S=1]
RewriteRule^/(.*)$ to://${server:static}/$1
# and delegate the generated URL by passing it
# through the proxy module
RewriteRule^to://([^/]+)/(.*)http://$1/$2
[E=SERVER:$1,P,L]
# and make really sure all other stuff is forbidden
# when it should survive the above rules...
RewriteRule.*- [F]
# enable the Proxy module without caching
ProxyRequestson
NoCache *
# setup URL reverse mapping for redirect reponses
ProxyPassReverse / http://webhome.mydomain.com/
ServerName openliness-qa.mydomain.com
SSLCertificateFile /opt/apache/conf/ol-cert.pem
CustomLog/opt/apache/logs/apache-rproxy-ol.dlog
"%{%v/%T}t %h
Re: mod-ssl error on server start up
On Mon, Sep 20, 1999, root wrote: > I have recently installed RedHat Secure Web Server 2.0 w/ RedHat > Linux 6.0. It seems to have installed everthing I need for a secure web > server. I have created a certificate and when I connect to the sample > page on the site using 'https' netscape gives me the lock symbol. > The problem is when I add any SSL directives (SSLRequireSSL for > example) to my httpd.conf file and restart the http server I get error > messages that say that either the ssl directives are misspelled (they > seem to be used correctly) or they refer to a module that is not > installed. > How can I verify that mod_ssl is installed properly? Does the lock > symbol on a browser really mean that things are working properly? httpd -l (for non-DSO situation) or check for a $prefix/libexec/libssl.so file (under DSO situation). Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod-ssl error on server start up
I have recently installed RedHat Secure Web Server 2.0 w/ RedHat Linux 6.0. It seems to have installed everthing I need for a secure web server. I have created a certificate and when I connect to the sample page on the site using 'https' netscape gives me the lock symbol. The problem is when I add any SSL directives (SSLRequireSSL for example) to my httpd.conf file and restart the http server I get error messages that say that either the ssl directives are misspelled (they seem to be used correctly) or they refer to a module that is not installed. How can I verify that mod_ssl is installed properly? Does the lock symbol on a browser really mean that things are working properly? thanks, Shaun __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL Error
Hi, I'm gettting this error: [Mon Dec 21 13:00:48 1998] [error] mod_ssl: SSL handshake failed (SSLeay error follows) [Mon Dec 21 13:00:48 1998] [error] SSLeay: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message In browser I get: --- A network error occurred while Netscape was receiving data. (Network Error: I/O error) Try connecting again. --- What's reason? I'm using RedHat 5.1 (updated): Apache/1.3.3 (Unix) PHP/3.0.5 mod_ssl/2.1.3 SSLeay/0.9.0b configured []'s Ricardo A. Guimaraes STI - System Administrator (011) 889-7449 - r. 232 __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
