HTTPS
Hi, I would like to use HTTPS on another port than 443... How can I do it? Alexandre Dias[EMAIL PROTECTED]==Programmeur-Analyste - Enter-Net inc.(450) 652-7189 #11(514) 990-1683 #11ICQ# 66771914
HTTPS
I need to accept requests HTTPS in apache. So I tried install /usr/port/www/apache13-mod_ssl. It said that require the OpenSSL. So I tried install /usr/ports/security/openssl. But it said that the OpenSSL is already installed in base system. The version of my system is FreeBSD 4.1. During the instalation, I don't installed the crypto collection. Maybe this is the cause of my problem, but I don't know right. What I do to install apache13-mod_sll to do apache accept https requests? Thank you Paulo --- Paulo Ricardo Trainini Consultor Tel.: (51) 338.7284 - [EMAIL PROTECTED] FORTNET - Soluções para Redes de Computadores __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https
hi all... i tried http-users list without success... i recently upgraded httpd from 1.3.x to 2.0.54. compiled httpd with mod_ssl. OpenSSL 0.9.7e... i remember that when building 1.3.x with mod_ssl the certificate was done at the time of compilation of the server. now with 2.0.54 i'm trying the instruction on: http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#realcert i did follow this a few times and that didn't work. then i did this a few times: http://www.samspublishing.com/articles/article.asp?p=30115&seqNum=4&rl=1 it didn't work either.. in both cases the message i get is that the connection is refused... the only difference between the old 1.3.x apache build on the machine and the new 2.0.54 is these two lines below in the ssl conf section. when i start the new one i get a message that ca-bundle.crt is missing - and it is. on the old machine it came with the apache src. there isn't such file here now. i could copy it but maybe that's not a great idea, is it? SSLCACertificatePath /usr/local/httpd/conf/ssl.crt SSLCACertificateFile /usr/local/httpd/conf/ssl.crt/ca-bundle.crt i need this issue resolved relatively soon because that's the only thing stopping this machine to go in production... thanks a lot... -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
https to https proxy with client certificates
Due to various bugs in iis server , i'm trying to protect an existing application by putting apache as a proxy . before: client --extranet firewalliis port 443 (www.clientapp.com) after : this schema works fine for moment: www.clientapp.com points now to apache server . The client connects in ssl to apache. Apache server is configured this way: (from httpd.conf) --- RewriteEngine on RewriteRule^/index.html http://extranet:4598/formulaire.html [P] RewriteRule^/(.+) http://extranet:4598/$1 [P] --- The firewall allows only apache to connect to iis server . The session between apache and iis is not encrypted. client 1--->firewall--2-->apache (mod_ssl , mod_proxy mod_rewrite) <--3-- | | | 4 | | iis (extranet:4598) I want now to use X509 certificates to access the application on iis server . i tried to change the rewrite rules on apache : --- RewriteEngine on RewriteRule^/index.html https://extranet:4599/formulaire.html [P] RewriteRule ^/(.+) https://extranet:4599/$1 [P] ------- The https to https stuff in mod_proxy does not seem to work properly . I'm using apache 1.3.9 with mod_ssl 2.4.1-1.3.9 . Questions: 1.Is there a patch allowing this kind of proxy ? 2. Does anyone tried this before ? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Testing https
Hello everybody, What methods would you folks recommend for testing https once modssl is installed? Thanks in advance, Diana __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS
You can't. The HTTPS protocol is special, and really needs to use port 443. Mike At 10:45 AM 7/11/2000 -0400, you wrote: Hi, I would like to use HTTPS on another port than 443... How can I do it? Alexandre Dias [EMAIL PROTECTED] == Programmeur-Analyste - Enter-Net inc. (450) 652-7189 #11 (514) 990-1683 #11 ICQ# 66771914 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS
RTFM pas la peine de poluer pour des questions dans le genre Lis tout simplement la doc Bon aller une piste quand même, tu va dans le fichier httpd.conf, et tu regardes où 443 est écris, et si tu remplace par un autre port, oh miracle Sorry for responding in French, I guess the first line should get you to the meaning of the lines that follow. - Original Message - From: Alexandre Dias To: [EMAIL PROTECTED] Sent: Tuesday, July 11, 2000 4:45 PM Subject: HTTPS Hi, I would like to use HTTPS on another port than 443... How can I do it? Alexandre Dias[EMAIL PROTECTED]==Programmeur-Analyste - Enter-Net inc.(450) 652-7189 #11(514) 990-1683 #11ICQ# 66771914
Re: HTTPS
On Wed, Jul 12, 2000 at 12:05:16AM -0700, Mike King wrote: > You can't. The HTTPS protocol is special, and really needs to use port > 443. Please do not post in html! What you're saying is NOT true - HTTPS could be on whichever port you want it on - https://xxx.yyy.zz:12345/ will work just fine. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS
On Tue, Jul 11, 2000 at 10:45:16AM -0400, Alexandre Dias wrote: > Hi, > > I would like to use HTTPS on another port than 443... > > How can I do it? > Replace the 443's in the httpd.conf with whatever port number you want. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS
> - Original Message - > From: Alexandre Dias > To: [EMAIL PROTECTED] > Sent: Tuesday, July 11, 2000 4:45 PM > Subject: HTTPS > I would like to use HTTPS on another port than 443... > How can I do it? *sigh* RTFM is good advice, but I know that sometimes one wonders where in the manual to look. The standard configuration looks something like this: Listen 80 Listen 443 This assumes that 80 (the HTTP default) is your standard port, and 443 (the HTTPS default) is your standard SSL port. If, however, you don't have root permissions (as an example), you can do this: Listen 8080 Listen 8443 This is a common practice, and will work fine (as long as you keep everything lined up -- make sure your Port and Listen commands for the standard http access are in fact watching 8080, and that any virtual host you want on the secure port knows it should be watching 8443 -- cross-port the commands, and I kinda doubt it will work. =o) *Read The Manual*, but for a quick reference check the http.conf file. Paul __ Do You Yahoo!? Get Yahoo! Mail Free email you can access from anywhere! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS
just listen to a diferent port... instead Listen 443 Listen 3000 for using ssl on a non secure port. remember to change que virtual host definition to reflect your port change. On Tue, 11 Jul 2000, you wrote: > > Hi, > > I would like to use HTTPS on another port than 443... > > How can I do it? > > Alexandre Dias > [EMAIL PROTECTED] > == > Programmeur-Analyste - Enter-Net inc. > (450) 652-7189 #11 > (514) 990-1683 #11 > ICQ# 66771914 > Content-Type: text/html; name="unnamed" Content-Transfer-Encoding: quoted-printable Content-Description: -- Luis E Limon [EMAIL PROTECTED] Senior SoftWare Developer __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS
Hi Alexandre. Now you now how to use a different port number for HTTPS - changing Listen directive. However, remember if you change the default HTTPS port number (443) then all of clients will need to specify the NEW port number on the URL for your site. For example: 1) Using Standard HTTPS port number https://www.mysecuresite.com/ 2) Using non-Standard HTTPS port number, for example, 8443: https://www.mysecuresite.com:8443/ To avoid this problem, you can configure two versions of the same site, one using http and one using https. So the client will access the http version on the default port number (80) and this version will redirect the Client Request to the https site. Bye, Danilo. >From: "Alexandre Dias" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: <[EMAIL PROTECTED]> >Subject: HTTPS >Date: Tue, 11 Jul 2000 10:45:16 -0400 > >Hi, > >I would like to use HTTPS on another port than 443... > >How can I do it? > >Alexandre Dias >[EMAIL PROTECTED] >== >Programmeur-Analyste - Enter-Net inc. >(450) 652-7189 #11 >(514) 990-1683 #11 >ICQ# 66771914 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTPS-Error
I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 running on Caldera OpenLinux 2.3. I configured my Apache to listen only to Port 443. I am able to start Apache, but when I type: https://myserver.domain.com , the whole thing just hangs; when I look in the error.log I get following: [] [error] [client 192.168.3.42] Invalid method in request + It also tells me, that it could not bind to Port 443 (Adress already in use: make_sock: could not bind to port 443) When I try to start with apachectl startssl, I am told that the command was not found Sounds all very strange to me, can anybody help me? Thanx in advance Elke Elke Hiendl Beraterin für System- und Netzwerkmanagement iteratec Gesellschaft für iterative Softwaretechnologien mbH Inselkammerstraße 4 82008 München-Unterhaching Telefon +49 89 61 45 51 - 35 Fax +49 89 61 45 51 - 10 wwwhttp://www.iteratec.de mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https => http
I have a problem that when an application (Turbine) accessed via https refers to its own URL that http://...:443 is used instead of https://... whereby the error that http is being spoken to an https port is given. configurartion = NT 4.0 sp5, apache 1.3.14 + openssl0.9.6 + modssl SNAP 20001016 + tomcat I have already changed the setting UseCanonicalName On to UseCanonicalName off without success Any help as to why this happens? Should I be using some form of rewrite? Thanx in advance. /colin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
http/https
hi is it possible to configure apache such as: if the client has a certificate enter page X and if client has no certificate enter page Y?? Miguel FOntes - Email Enviado utilizando o serviço MegaMail __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTPS fails
Here is what I got from the log. For some hours, I could access the encrypted site but after that it gave an error message of connection timeout. This applies to both IE and Netscape. Any suggestion as to where and what gone wrong? [24/Feb/2001 14:48:17 17944] [info] Init: Seeding PRNG with 136 bytes of entropy [24/Feb/2001 14:48:17 17944] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [24/Feb/2001 14:48:17 17944] [info] Init: Configuring temporary DH parameters (512/1024 bits) [24/Feb/2001 14:48:17 17944] [info] Init: Initializing (virtual) servers for SSL [24/Feb/2001 14:48:17 17944] [info] Init: Configuring server www.esake.co.jp:443 for SSL protocol [24/Feb/2001 14:48:17 17944] [trace] Init: (www.esake.co.jp:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [24/Feb/2001 14:48:17 17944] [trace] Init: (www.esake.co.jp:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [24/Feb/2001 14:48:17 17944] [trace] Init: (www.esake.co.jp:443) Configuring RSA server certificate [24/Feb/2001 14:48:17 17944] [trace] Init: (www.esake.co.jp:443) Configuring RSA server private key [24/Feb/2001 14:48:42 17945] [info] Connection to child 0 established (server www.esake.co.jp:443, client 211.16.175.138) Thanks & regards, Natalie __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https proxy
Hi I have set up apache 1.3.4 to be a proxy server for http and ftp requests, which works fine. I would now like to use it as well as a https proxy, but I'm not quite sure which directives to set for this to be working. What I'd like to achieve is the following: - The proxy server listens on port 7344 for both http and ftp requests - For https, it should as well listen on the same port - I don't need any other functionality apart from proxy for this server Is this possible with mod_ssl and if, how? Bye Tim -- == Tim Tassonis Consultant [EMAIL PROTECTED] Trivadis AG Electronic Commerce Sägereistrasse 24 CH-8152 Glattbrugg Tel.: +41- 1-808 70 20 Fax : +41- 1-808 70 21 Mobile: +41-79-229 36 17 http://www.trivadis.com == __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
HTTPS headaches
I'm running Apache 1.3.6 on Solaris 2.6 with the latest mod_ssl and OpenSSL. When I run Apache with the "apachectl startssl" command, the default page becomes visible over my intranet at http://hercules:443, where "hercules" is the name of the localhost webserver box. However, I get a "cannot find server" error message from my browser if I try to connect with https://hercules:443. Additionally, the "httpd -S" command does not show any virtual hosts configured. If anyone has any experience with this kind of problem, your help would be highly appreciated. Robert Barr Eikon Software South Africa __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
HTTP & HTTPS
Hi. I'm having some trouble setting up both HTTP and HTTPS on the same server (I want to run both through the same Apache using Apaches virtual hosting). Could somebody please help me out on this? I seem to only get one of these working. Either it's HTTPS or HTTP, but never both of them. Regards, Kenneth Mutka __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTPS Proxy
What Ho, In the notes of 2.6.2 it mentions that HTTPS proxying is now available. How do I implement this is it the same as an insecure proxy or are there new commands like SSLProxy on? I have rebuilt apache with --enable-rule=SSL_EXPERIMENTAL --enable-module=proxy and started with a fresh httpd.file but he proxy information is commented out and I see no other proxy directive. Have I missed something? there is nothing in the FAQ. Regards Bob Weeks __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https client
does someone have some C/C++ example how to GET / POST over HTTPS in Unix ? thank you __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Auto HTTPS
Hi, I have a site with SSL. I want that if a user came in
http://www/mydomain.com/michel via automatic the user is redirect to
https://www/mydomain.com/michel
I have see manual, but I'm a newbie in regular expression.
In httpd.conf I have:
Order allow,deny
Allow from all
RewriteEngineon
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{SERVER_NAME}/ [R,L]
#RewriteRule * https://%{SERVER_NAME}/$1
out of every
Tnx in advance
both them (Windows and M. Lewinski) suck a lot and both them are
are giving Bill some trouble.
--
Michel Morelli [EMAIL PROTECTED]
ICQ UIN: 58351764 PR of PhpItalia.com
http://www.ziobudda.net http://faq.ziobudda.net
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
http + https
Title: http + https I’m trying to configure my server to use SSL just for requests to a specific directory. I’ve read the manuals, installed mod_ssl + certificate and all seemed to be working fine, HTTP access to the server at large goes ahead and http accesses to the ‘secured’ directory are refused as desired. However when a file know to be stored within the secured directory is requested a page not found error is displayed and the following written to ssl_engine_log, (ssl_request_log remains empty); [20/Sep/2002 15:33:26 68075] [error] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [20/Sep/2002 15:33:26 68075] [error] System: Broken pipe (errno: 32) I’m using the following lines in my httpd.conf to try and achieve the desired affect; SSLVerifyClient none SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 1 When I put the above lines in the ssl virtual host directive nothing appears to happen, http accesses to the directory are granted, though when I move it to http accesses to the directory are refused as desired, which confuses me. Can anyone help as I’m real stuck with this one. BTW- as yet the CommonName used by my certificate is not applied to my server, I’m accessing the machine via its IP and acknowledging the warning dialogue my browser displays… I’m assuming this is not the cause of my trouble?
Re: https
There has been some discussion about that here lately. RS Engelschall said he would include a script that would produce a ca-bunde.crt from the Mozilla certdata.txt file in version 2.8.23 of mod_ssl which should be available now. kind regards /Daniel - Original Message - From: "kalin mintchev" <[EMAIL PROTECTED]> To: Sent: Wednesday, July 13, 2005 10:51 AM Subject: https > hi all... > > i tried http-users list without success... > > i recently upgraded httpd from 1.3.x to 2.0.54. compiled httpd with mod_ssl. > OpenSSL 0.9.7e... > i remember that when building 1.3.x with mod_ssl the certificate was done > at the time of compilation of the server. now with 2.0.54 i'm trying the > instruction on: > http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#realcert > > i did follow this a few times and that didn't work. then i did this a few > times: > http://www.samspublishing.com/articles/article.asp?p=30115&seqNum=4&rl=1 > > it didn't work either.. in both cases the message i get is that the > connection is refused... > > the only difference between the old 1.3.x apache build on the machine and > the new 2.0.54 is these two lines below in the ssl conf section. > when i start the new one i get a message that ca-bundle.crt is missing - > and it is. on the old machine it came with the apache src. there isn't > such file here now. i could copy it but maybe that's not a great idea, is it? > > SSLCACertificatePath /usr/local/httpd/conf/ssl.crt > SSLCACertificateFile /usr/local/httpd/conf/ssl.crt/ca-bundle.crt > > i need this issue resolved relatively soon because that's the only thing > stopping this machine to go in production... > > thanks a lot... > > > -- > > > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
HTTPS virtualhosts
Hi everyone,
For starters, I'm not sure if I should be posting here or to Apache, but
they sort of steered me here, so I thought I'd start here at least -- if
not, please let me know. :-)
Anyway, I'm having issues with getting SSL and virtualhosts working with
Apache. Now, before you point me at the FAQ, it's not the obvious question.
What I'm trying to do is get multiple HTTPS hosts working on the same IP --
but using a wildcard SSL certificate.
My config is doing using mod_perl configuration, and I've copied it below.
Essentially, the idea is that I have a directory tree that looks like
/srv/www///[content|secure_content]// . That
way, I can just make a new directory/subdomain/etc., reload the apache
config, and it's all done and listening for me. And, since you can only have
one SSL cert per IP, I just have /srv/www//server.crt and server.key --
and that's the certificate used for that IP (so any HTTPS vhost created for
that IP will use that certificate). You may think that's a bit weird, but
there's a few circumstances that I want to use that - for example, wildcard
certificates I can have many vhosts per IP (within the same domain), and
also other times when I don't care if it cert mismatches, I just want an SSL
connection.
Anyway, the HTTP stuff is working great, and the config *appears* to check
out OK:
[ [EMAIL PROTECTED]:~ ] # apache2 -S
VirtualHost configuration:
1.2.3.4:80 is a NameVirtualHost
default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
port 80 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:5)
port 80 namevhost sallaway.org (mod_perl:121)
port 80 namevhost www.sallaway.org (mod_perl:177)
1.2.3.4:443is a NameVirtualHost
default server www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
port 443 namevhost www.non.existant.host.com
(/etc/apache2/sites-enabled/allsites-1-custom:8)
port 443 namevhost sallaway.org (mod_perl:1)
port 443 namevhost www.sallaway.org (mod_perl:78)
Syntax OK
however when I try to reload the config file, it complains and whinges
a lot about SSL conflicts (error.log):
[warn] Init: SSL server IP/port conflict: bob.sallaway.org:443 (mod_perl:12)
vs. www.sallaway.org:443 (mod_perl:78)
[warn] Init: SSL server IP/port conflict: sallaway.org:443 (mod_perl:1) vs.
www.sallaway.org:443 (mod_perl:78)
[warn] Init: You should not use name-based virtual hosts in conjunction with
SSL!!
I was sort of hoping "hmmm, they're just warnings, maybe it will be OK", but
it appears not -- when I load the page, it gives me a "Connection
Interrupted" or "Action Cancelled" (pick your browser) and I get this in the
error.log:
[error] [client 192.168.0.4] Invalid method in request \x80L\x01\x03
Does anyone have any ideas what I can do to fix it at all, or why it's
happening?
Thanks for your help.
Cheers,
Michael
relevant apache config:
NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443
ServerName www.non.existant.host.com
ServerName www.non.existant.host.com
my $www_path = "/srv/www";
my @ip_array;
my $ip_number;
my @subdomain_array;
my $subdomain_name;
my $subdomain_address;
my $domain_name;
for $ip (<$www_path/*>) {
@ip_array = split /\//, "$ip";
$ip_number = $ip_array[-1];
for $domain (<$ip/*>) {
for $http_subdomain (<$domain/content/*>) {
@subdomain_array = split /\//, "$http_subdomain";
$subdomain_name = $subdomain_array[-1];
$subdomain_address = $subdomain_name . ".";
$domain_name = $subdomain_array[-3];
$subdomain_address = "" if $subdomain_name eq "_";
push @{ $VirtualHost{"$ip_number:80"} },
{
ServerName => "${subdomain_address}${domain_name}",
DocumentRoot => "${domain}/content/${subdomain_name}",
ServerSignature => "On",
ErrorLog => "$domain/logs/error.log",
CustomLog => ["$domain/logs/access.log", "virtual"],
LogLevel => "warn",
};
};
next if ! -e "$ip/server.crt";
next if ! -e "$ip/server.key";
for $https_subdomain (<$domain/secure_content/*>) {
@subdomain_array = split /\//, "$https_subdomain";
$subdomain_name = $subdomain_array[-1];
$subdomain_address = $subdomain_name . ".";
$domain_name = $subdomain_array[-3];
$subdomain_address = "" if $subdomain_name eq "_";
push @{ $VirtualHost{"$ip_number:443"} },
{
ServerName => "${subdomain_address}${domain_name}",
Documen
Re: https to https proxy with client certificates
Alexander Boiler <[EMAIL PROTECTED]> writes: > I want now to use X509 certificates to access the application on iis > server . Without access to the client's private key, there is no way the the apache+mod_ssl based proxy, or any proxy, can make a connection to the other server as though it were the end user. Or do you mean you want the apache+mod_ssl based proxy to present its own certificate to the other server? This is possible but AFAIK is not something mod_ssl currently supports. -Tom -- Tom Vaughan __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Testing https
configure it to a different port and fire it up. it should run fine in conjunction with your production server. On Mon, 10 Jul 2000, Diana Moreland wrote: > Date: Mon, 10 Jul 2000 09:32:11 -0400 > From: Diana Moreland <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Testing https > > Hello everybody, > > What methods would you folks recommend for testing https once modssl is > installed? > > Thanks in advance, > Diana > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > -phil. IUPUI UITS System Programmer [EMAIL PROTECTED] Pushing an elephant up the stairs ET 012.42 (317)274-5513 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https manual test
hello again, from modssl's FAQ page, i tried to do the https test manually by typing openssl s_client -connect localhost:443 -state -debug but what i got after i "entered" it is: connect: Connection refused connect:errno=111 i have been trying to make my virtually hosted site secured but i keep on getting a "cannot find server" when accessing it. its working when i dont have an ssl configuration. if i do a "httpd -S" on an ssl'ed conf, i get the message below. 203.177.26.5:443 is a NameVirtualHost default server www.myvirtualsite.ph (/var/lib/apache/conf/httpd.conf:1187) port 443 namevhost www.myvirtualsite.ph (/var/lib/apache/conf/httpd.conf:1187) do hope you could give me insights on what the errors mean. thanks a lot. raymond __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS-Error
Hiendl Elke wrote: > > I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 running on > Caldera OpenLinux 2.3. I configured my Apache to listen only to Port 443. I > am able to start Apache, but when I type: https://myserver.domain.com , the > whole thing just hangs; when I look in the error.log I get following: > > [] [error] [client 192.168.3.42] Invalid method in request + > > It also tells me, that it could not bind to Port 443 (Adress already in use: > make_sock: could not bind to port 443) http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 tells you how to manually check your HTTPS server. This will tell you if something is listening to 443. > When I try to start with apachectl startssl, I am told that the command was > not found > Sounds all very strange to me, can anybody help me? It sounds to me that your PATH doesn't include apachectl. whereis apachectl should help. What happens if you point your web browser at https://localhost/ ? Adam. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: HTTPS-Error
when I type whereis apachectl it prompts me "apachectl:"; when I point to https://localhost, it also hangs. So what to do now? > -Ursprüngliche Nachricht- > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > Gesendet am: Mittwoch, 18. Oktober 2000 10:18 > An: [EMAIL PROTECTED] > Betreff: Re: HTTPS-Error > > Hiendl Elke wrote: > > > > I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 > running on > > Caldera OpenLinux 2.3. I configured my Apache to listen > only to Port 443. I > > am able to start Apache, but when I type: > https://myserver.domain.com , the > > whole thing just hangs; when I look in the error.log I get > following: > > > > [] [error] [client 192.168.3.42] Invalid method in request + > > > > It also tells me, that it could not bind to Port 443 > (Adress already in use: > > make_sock: could not bind to port 443) > http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 tells > you how to manually check your HTTPS server. This will > tell you if something is listening to 443. > > > When I try to start with apachectl startssl, I am told that > the command was > > not found > > Sounds all very strange to me, can anybody help me? > It sounds to me that your PATH doesn't include > apachectl. > > whereis apachectl > > should help. What happens if you point your web > browser at https://localhost/ ? > > Adam. > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: https => http
Colin Chalmers wrote: > > I have a problem that when an application (Turbine) accessed via https > refers to its own URL that http://...:443 is used instead of > https://... whereby the error that http is being spoken to an https port > is given. This "Turbine" application is wrong. Any access to port 443 (which expects to see an ssl connection) must start with https:// Check the configuration of the "Turbine" application to see if there's a way to fix it, or contact the programmer/vender and complain. -Bill __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
http vs. https
Hi all, Now I successfully installed mod_ssl, and configure the httpd.conf as: Listen 80 Listen 443 SSLEngine on SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key And I can access the web server by both http and https. Both http://myhost/ and https://myhost/ are OK. My question is, how can restrict a directory/file to be only accessed by https, and others by http? i.e. https://myhost/cgi-bin/test.pl http://myhost/ Wayne Comnetix Computer Systems Inc. 2872 Bristol Circle #100 Oakville, Ontario L6H 6G4 Tel: (905) 829-9988 ext 242 Fax: (905) 829-1944 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTP and HTTPS
Hi, i had apache 1.3.19 + mod_ssl-2.8.2 + openssl-0.9.6a installed with no error. i can start up Apache by running apachectl startssl and there is no error in error_log file either. But, i cannot connect to server via https with Netscape Navigator 4.7. It only can do http. Please help ! There must be something important that i missed. Thanks, Mengpei Hu __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https - port problem
Hi everybody,
Configuration:
Windows NT 4.0, SP6a
Opensa 0.20
Apache 1.3.12
OpenSSL 0.9.5
I have create 2 Virtual Host on my Apache Server, these 2 Host are working
with SSL.
On host is on port 443 and the other on port 444.
All work perfectly when i try to load each site on different browser, but
when i try to go from one to the other with the same browser (instance), i
get this "doctor watson" error:
"The application, , generated an application error The error occurred on
5/29/2001 @ 9: 0:52.750 The exception generated was c005 at address
009d8760 ()"
If somebody can help...
I join the virtual host config in http.conf.
Best Regards
DocumentRoot "d:/programs/apachegroup/apache/htdocs/server1"
ServerName localhost
ServerAdmin webmaster@localhost
ErrorLog logs/ssl/error.log
TransferLog logs/ssl/access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
"d:/programs/apachegroup/apache/conf/ssl.crt/server1.crt"
SSLCertificateKeyFile
"d:/programs/apachegroup/apache/conf/ssl.key/server1.key"
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
\"%r\" %b"
DocumentRoot "d:/programs/apachegroup/apache/htdocs/webxml/server2"
ServerName localhost
ServerAdmin webmaster@localhost
ErrorLog logs/ssl/error.log
TransferLog logs/ssl/access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
"d:/programs/apachegroup/apache/conf/ssl.crt/server2.crt"
SSLCertificateKeyFile
"d:/programs/apachegroup/apache/conf/ssl.key/server2.key"
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
\"%r\" %b"
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
(HTTPS): Busy, retry...
Hello et al, I am having a hard time getting SSL running on Mac OS X 10.0.4 (Darwin 1.3.7), Apache 1.3.20, OpenSSL 0.9.6b, mod_ssl-2.8.4-1.3.20, egd 0.8, and it seems as if I am almost there, but I cannot figure out what is wrong. Everything configured, built, installed and executed (with no errors), however when I try to connect to https://127.0.0.1, I get the message: https://127.0.0.1/ (HTTPS): Busy, retry: Temporarily unable to connect: Connection refused (http://127.0.0.1/ works fine, BTW) I have made a certificate using "make certificate", then "make install". I used default values for the certificate except I entered 127.0.0.1 for the FQDN (I just want a test certificate, I did not choose a pass phrase). I then copied the ssl.key and ssl.crt to my /etc/httpd directory and have added the following four lines to my httpd.conf file: SSLRandomSeed startup egd:/tmp/entropy 1024 SSLRandomSeed connect egd:/tmp/entropy 1024 SSLCertificateKeyFile /etc/httpd/ssl.key/server.key SSLCertificateFile /etc/httpd/ssl.crt/server.crt Is there a directive missing or something I am not aware of? A FQDN thing? Or a permissions thing possibly? I have exhaustedly gone over the SSL FAQ, and searched the web for help to no avail. I greatly appreciate any light shed on this matter. Kindly, Jeshua Lacock Cartographer/Owner http://SierraMaps.com Phone: (760) 935-4481 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ProxyPass to https
Hi, I've small clarification related ProxyPass , ProxyPassReverse directives in the Apache_1.3.19 with mod_ssl2.8.3 . Is it possible to Proxypass to the https server ? ie Is the following directives are correct ? ProxyPass /test https:///test1 ProxyPassReverse /test https:///test1 Here the remotewebserver is SSL enabled server. Thanks & Regards Ravi __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
directing http --> https
"Farooq Khan" writes: > I have installed apache with mod_ssl. Briefly, I want all http requests to a >particular > VirtualHost to be redirected to https for the same VirtualHost. Do I use >mod_rewrite to do > this? > > > > I have set up 4 VirtualHosts in the order: > > > > > > All https://d.com requests work fine. I want all http://d.com to be redirected to > https://d.com but they are defaulting to http://a.com. > The trouble is you haven't defined anything for requests on port 80 with ServerName = "d.com" so apache just serves the first port 80 VH it finds - in this case a.com. The solution is to create a small VH for d.com:80 and fill it with just a Redirect to the https site, e.g. ServerName d.com Redirect / https://d.com/ This will bounce any request to d.com to the top of the https site. If you want to be more specific so that http://d.com/foo/bar.html --> https://d.com/foo/bar.html then use something like: RedirectMatch (.*) https://d.com$1 Read the docs for these directives for more details. You can do a lot with redirects and you only need to use rewrites if things get really complicated. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https without certificate
Hi I was wondering if it may be possible to configure modssl to do crypto with no certificate. I know that it should be possible because certificates are just a way to authenticate the server, not to establish the crypto. -- Mathieu Arnold __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTPS documents caching
I have a question which concerning certain performance problems we are having with large HTTP/HTTPS documents. When our application (with extensive Java applet code) is run via HTTP, the browser caches all HTTP documents nicely (including HTML, CSS, GIF, JPG, JAR, CAB, XML ...). When the application is run next time, the browser indicates what documents it already has and the server just responds with the '304 Not Modified' message. However, when the application runs under HTTPS, documents of type JAR, CAB, XML (which we call from JavaScript on HTML pages) are not cached on the client at all. It it something that can be changed at the server level? Or is it purely a WWW browser issue (in that case - where to find exact description of the bahavior)? Thank you, Tomas Hulek __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
http and https
Hello, I have the following config: Apache/1.3.23 (Unix) mod_ssl/2.8.7 OpenSSL/0.9.6 I notice that if i enter: https://server/www/index.php it works great. Now if if I enter this http://server/www/index.php I get to the same location and it is not SSL secured So my question is can you turn off access to http? Thanks, Ron -- Pop3Now Personal, Get quick remote access to your email accounts! Sign Up Now! Visit http://www.pop3now.com/personal __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https in Apache1.3
Hello I installed Apache1.3.20 and mod_ssl-2.8.4-1.3.20 and openssl-0.9.6c. I try http://IP address ,and success. But I try https://IP address ,I get error message (cannot indicate). I use #cd openssl-0.9.6c #./config -fPIC #make #cd mod_ssl-2.8.4-1.3.20 #./configure --with-apache=../apache1.3.20 --with-ssl=../openssl-0.9.6c \ --enable-shared=ssl #cd apache_1.3.20 #make #make certificate TYPE=custom input data- #make install #/usr/local/apache/bin/apachectl start #/usr/local/apache/bin/apachectl startssl -enter pass phrase--- (httpd started) Then http:// is OK ,but retry https:// failed. I will thank you very much,if you give me some solutions. Thanks _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: https proxy
On Thu, Feb 04, 1999, Tim Tassonis wrote: > I have set up apache 1.3.4 to be a proxy server for http and ftp > requests, which works fine. I would now like to use it as well as a > https proxy, but I'm not quite sure which directives to set for this to > be working. What I'd like to achieve is the following: > > - The proxy server listens on port 7344 for both http and ftp requests > - For https, it should as well listen on the same port > - I don't need any other functionality apart from proxy for this server > > Is this possible with mod_ssl and if, how? For the plain HTTPS proxy functionality you don't need mod_ssl, because that's done with the standard HTTP CONNECT method. So all you need is mod_proxy. mod_ssl is only needed when you want to establish a _gateway_, for instance a HTTP-to-HTTPS or HTTPS-to-HTTP gateway or even a HTTPS-to-HTTPS gateway which maps URL trees. But what you're asking about seems to be just the plain HTTPS proxy functionality. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: https proxy
You're of course absolutely right. Thanks a lot for the answer. Bye Tim Quoting "Ralf S. Engelschall" <[EMAIL PROTECTED]>: > > For the plain HTTPS proxy functionality you don't need mod_ssl, because > that's > done with the standard HTTP CONNECT method. So all you need is mod_proxy. > mod_ssl is only needed when you want to establish a _gateway_, for instance > a > HTTP-to-HTTPS or HTTPS-to-HTTP gateway or even a HTTPS-to-HTTPS gateway > which > maps URL trees. But what you're asking about seems to be just the plain > HTTPS > proxy functionality. __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Trying the https://....
Ok, i think tt ive installed the mod-ssl correctly. Apache is properly patched, i.e apachectl startssl works (http://www.abc.com is on). "/apache_1.3.4/bin/httpd -l" displays mod_ssl.c. But when i try "https://www.abc.com", browser gives error, something like "unable to connect to server". Do i need to put the following in the httpd.conf file: Port 443 SSLVerifyClient 2 SSLVerifyDepth 10 SSLCertificateKeyFile /www/certs/another-ssl.fictional.co.key SSLCertificateFile /www/certs/another-ssl.fictional.co.cert SSLCACertificateFile /www/certs/another-CA.cert DocumentRoot /www/hosts/another-ssl.fictional.co/docs TransferLog /www/hosts/another-ssl.fictional.co/logs/access.log SSLLogFile /www/hosts/another-ssl.fictional.co/logs/ssl.log ErrorLog /www/hosts/another-ssl.fictional.co/logs/error.log Im trying to run a non-ssl apache server (main server) and a ssl apache server. Do i need to open the port 443 in the firewall if im installing the ssl apache server on the internal network? Will the url be http://www.abc.com:443 then? Also why is the apache ssl server installed in the /usr/local/apache directory when i did "./configure --prefix=/apache/apache_1.3.4"? Fanx again for help. G. -- Gilles Chong ([EMAIL PROTECTED], [EMAIL PROTECTED]) Systems Engineer, Internet Division CSA Automated Pte Ltd, Singapore. __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: HTTPS headaches
On Mon, Apr 19, 1999, Robert Barr wrote: > I'm running Apache 1.3.6 on Solaris 2.6 with the latest mod_ssl and OpenSSL. > When I run Apache with the "apachectl startssl" command, the default page > becomes visible over my intranet at http://hercules:443, where "hercules" is > the name of the localhost webserver box. > > However, I get a "cannot find server" error message from my browser if I try > to connect with https://hercules:443. Additionally, the "httpd -S" command > does not show any virtual hosts configured. > > If anyone has any experience with this kind of problem, your help would be > highly appreciated. No one can help you unless you show us your actually used configuration, of course. I guess you're virtual hosts are not configured correctly. Start with the supplied httpd.conf-dist file or the installed httpd.conf file. This is prepared for SSL and should work correctly. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems using https:
Having written an authentication module for Apache which has passed our testing and appears to be working fine we rebuilt Apache with mod_ssl. We can access non secure web pages as "http://server/" and "http://server/~user" but "https://server/" fails with the following error message: Netscape's network connection was refused by the server: The server may not be accepting connections or may be busy. Try connecting again later. We are running: Apache 1.3.4, OpenSSL 0.9.2b, mod_ssl 2.2.5-1.3.4 compiled with gcc 2.7.2.3 and linked with Solaris ld under Solaris 2.7 Our experience of mod_ssl is limited so we would be grateful if anyone can suggest our next course of action... Thanks! -- If it ain't opinionated, it ain't Rich Teer. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Continuing https:// problems...
Help! I have assumedly correctly installed everything, as I receive: It worked! The SSL-aware Apache Web Server is installed on this Web Site. when I load up http://www.mywebsite.com HOWEVER, if I attempt: https://www.mywebsite.com I receive the following message: Netscape's network connection was refused by the server www.mywebsite.com The server may not be accepting connections or may be busy. My question: Other than modifying the httpd.conf file Virtual Host heading contained within the tags, there is nothing else that I should have to do, correct? This is contained within /home/www/apache_1.3.6/conf directory. I also bind to 443, and not 8080 Could somebody send me a snippet of their httpd.conf file (with important vars changed of course). However, I really can't see that I would miss something. Ideas? Any input is GREATLY appreciated. -- jason =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Jason Gilmore| Resident Dork [EMAIL PROTECTED] | Computing Services (614) 292-9692 phone | Fisher College of Business The Ohio State University =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https not responding
I just compiled all the stuff listed in the INSTALL file for the mod_ssl module. I did everything it said to, even some of the optional stuff without any compiling errors. I did "make certificate" after compiling apache and then did "make install" Now, when i run apachectl start and do http:// it will work fine. When I run apachectl startssl and do http:// it will run fine. However, when i try https:// it doesn't work, it says that the server is either busy or is not accepting connections on that port. I really don't have a clue what I did wrong. I did set the CN to the same hostname as i'm using when i test this. Josh __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https connection problems
Hi, I am having problems, still, getting Apache with mod_ssl to display on my non-root login I am running Caldera OpenLinux 2.2, with a 2.2.9 kernel, Apache 1.3.6 (owned by "nobody") mod_ssl 2.3.6-1.3.6 Apache is auto started in my /etc/rc.d/rc.local and when I start X under my root login, I can view the Apache pages with both http and https, no problem. Yet, if I log in using my usual non-root login, https errors out and Netscape give me "Netscape has encountered bad data from the server." Before I upgraded my OS, and was running Caldera 1.3 Apache worked great, both http and https with root and non-root logins. How can I fix this? I have tried recompiling Apache with fresh source code, fresh mod_ssl and that changed nothing. TIA Bruce -- "Nakanunara Koroshite Shimae Hototogisu" Oda Nobunaga __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Daemon question - https
My problem has been with getting http and https running at the same time. I thought that installing :80 and :443 for each virtual host would do it. But it isn;t working. An ISP I know is running two daemons. One for port 80 and the https daemon for port 443. I'm sure this would work for me. Is this how it's supposed to be done? Thanks. Stephen __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTP & HTTPS again.
Nevermind my last mail. I had forgotten to specify which ports it will listen to with the "Listen" directive in httpd.conf. Thanks for baring with me anyway. Regards, Kenneth Mutka __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS Proxy
On Wed, Mar 22, 2000, Robert X Weeks wrote: > In the notes of 2.6.2 it mentions that HTTPS proxying is now available. How do I > implement this is it the same as an insecure proxy or are there new commands > like SSLProxy on? The same CHANGES entry you mention also included this: | o SSLProxyProtocol [+-][SSLv2|SSLv3|TLSv1] ... | (enable or disable SSL protocol flavors) | o SSLProxyCipherSuite XXX:...:XXX | (colon-delimited list of permitted SSL ciphers) | o SSLProxyVerify on|off | (whether to verify the remote certificate) | o SSLProxyVerifyDepth N | (maximum certificate verification depth) | o SSLProxyCACertificateFile /path/to/file | (file containing server certificates) | o SSLProxyCACertificatePath /path/to/dir | (directory containing server certificates) | o SSLProxyMachineCertificateFile /path/to/file | (file containing client certificates) | o SSLProxyMachineCertificatePath /path/to/dir | (directory containing client certificates) > I have rebuilt apache with --enable-rule=SSL_EXPERIMENTAL --enable-module=proxy > and started with a fresh httpd.file but he proxy information is commented out > and I see no other proxy directive. > > Have I missed something? there is nothing in the FAQ. The stuff is experimental and so it is still not documented. That's why the FAQ also does not contain anything about it. The above short overview and the source code is the only information available for such an experimental feature. But keep in mind that for simple HTTPS client support in mod_proxy you don't need this experimental stuff. mod_ssl always provides basic HTTPS support for mod_proxy. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTPS Proxy
Thank you for you prompt reply. I am looking at implementing some secure proxing so I shall give this experimental code a through bashing and report back __rse replied__ The stuff is experimental and so it is still not documented. That's why the FAQ also does not contain anything about it. The above short overview and the source code is the only information available for such an experimental feature. But keep in mind that for simple HTTPS client support in mod_proxy you don't need this experimental stuff. mod_ssl always provides basic HTTPS support for mod_proxy. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https not working ....
Hi all Can anyone help me please I am running apache 1.3.11 + mod ssl 2.5.1 + openssl 0.9.4 This is the way I installed 1) From the unzipped apache directory I installed apache ./configure make make install after this apachectl start works fine and the website is up 2) from the openssl unzipped directory I installed openssl now I install the openssl . $ ./config $ make $ make test $ make install after this I generated the certificate and have both the certificate and key. Server.crt and server.key are stored in /usr/local/ssl/bin directory 3) from the mod ssl unzipped directory I installed modssl $ ./configure --with-apache=../apache_1.3.11 --with-ssl=../openssl-0.9.4 --with-crt=/usr/local/ssl/bin/server.crt --with-key=/usr/local/ssl/bin/server.key --enable-shared=ssl $ cd ../apache_1.3.x $ make $ make install now if the start the webserver it gives error Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not included in the server configuration Invalid command 'SSLCertificateFile', perhaps mis-spelled or defined by a module not included in the server configuration But if I comment these line the webserver starts.. but then https dosent work can u give me some idea Thanks and regards Anil __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: https client
ywae lin wrote: > > does someone have some C/C++ example how to > GET / POST over HTTPS in Unix ? > > thank you Try curl, or more correctly cURL. It's an open source C library implementing the client side for various protocols, including http and https (using openssl). It can be found at http://curl.haxx.nu/ If that doesn't do your trick, the openssl library itself (www.openssl.org) has a few simple C examples. Regards, Jan Dries __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Auto HTTPS
A user redirect in the head a web page at http://www/mydomain.com/michel
such as
https://www/mydomain.com/michel">
Would achieve this (redirecting after 1 second). However, the secure
document root would have to be different!
I don't think (AFAIK) there's a way for a web server to do this.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-Original Message-
From: michel [mailto:[EMAIL PROTECTED]]
Sent: 14 June 2000 16:46
To: [EMAIL PROTECTED]
Subject: Auto HTTPS
Hi, I have a site with SSL. I want that if a user came in
http://www/mydomain.com/michel via automatic the user is redirect to
https://www/mydomain.com/michel
I have see manual, but I'm a newbie in regular expression.
In httpd.conf I have:
Order allow,deny
Allow from all
RewriteEngineon
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{SERVER_NAME}/ [R,L]
#RewriteRule * https://%{SERVER_NAME}/$1
out of every
Tnx in advance
both them (Windows and M. Lewinski) suck a lot and both them are
are giving Bill some trouble.
--
Michel Morelli [EMAIL PROTECTED]
ICQ UIN: 58351764 PR of PhpItalia.com
http://www.ziobudda.net http://faq.ziobudda.net
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
"Airey, John" wrote:
>
> A user redirect in the head a web page at http://www/mydomain.com/michel
> such as
>
> https://www/mydomain.com/michel">
>
> Would achieve this (redirecting after 1 second). However, the secure
> document root would have to be different!
That does not achieve the goal.
>
> I don't think (AFAIK) there's a way for a web server to do this.
1) It would be really nice to respond UNDER the question, to make the thread
readable. (No offense.)
2) The auto redirect IS possible:
There are two virtual host definitions, one for the port 80 (unsecure) and one
for the port 443 (secure). In the virtual host :80 you could use something
like:
Redirect /michel https://www.domain.com/michel
In the virtual host :443 you might want to put a few redirect rules to switch
back to the :80 virtual host. There is a detailed example earlier on this list
(april-may).
Here is an example for a signup script:
RedirectMatch ^/(signup.pl.*) https://www.domain.com/$1
that line redirects the signup.pl script to the secure site, while passing all
the info to it.
So if the user does:
http://www.domain.com/signup.pl?name=Joe
It becomes:
https://www.domain.com/signup.pl?name=Joe
> -Original Message-
> From: michel [mailto:[EMAIL PROTECTED]]
> Sent: 14 June 2000 16:46
> To: [EMAIL PROTECTED]
> Subject: Auto HTTPS
>
> Hi, I have a site with SSL. I want that if a user came in
> http://www/mydomain.com/michel via automatic the user is redirect to
> https://www/mydomain.com/michel
>
> I have see manual, but I'm a newbie in regular expression.
> In httpd.conf I have:
>
> Order allow,deny
> Allow from all
> RewriteEngineon
> RewriteCond %{HTTPS} !=on
> RewriteRule (.*) https://%{SERVER_NAME}/ [R,L]
> #RewriteRule * https://%{SERVER_NAME}/$1
>
>
> out of every
>
> Tnx in advance
>
> both them (Windows and M. Lewinski) suck a lot and both them are
> are giving Bill some trouble.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
RE: Auto HTTPS
I wrote a handler to do it.
(BTW, I hope this helps, but PLEASE feel free to give criticisms and
suggestions. I'm new to Apache/modperl/etc. =o)
#~~
# module for Apache/mod_perl PerlPostReadRequestHandler to redirect
# users on the nonsecure port over to SSL (hopefully saving bookmarks)
#__
package Apache::PortCorrect;
use strict;
use Apache::Constants qw( :response :methods );
use Carp ();
$SIG{__WARN__} = \&Carp::cluck;
sub handler {
my($r,$s,$url,$args,$uri);
$r = shift; # the request object
return OK if 443 == $r->get_server_port;
(undef,$url,undef) = split(/\s+/o, $r->the_request);
# allow HTTP:// access to some core pages and to graphics
return OK if $url =~ m{ ^(?:/
| /(public|teampages|pics|avgrates)/.*
| /(home|cook)[.]shtml
| .*[.](gif|jpg)
)$
}ixo;
# else redirect to the secure server
$uri = "https://$our_server.com" . $url; # edited :o)
$args = $r->args;
$uri .= "?$args" if $args;
$r->custom_response(MOVED,$uri);
return MOVED;
}
1; # guarantee return code for load
##
In the config file, I just said (with minimal edit):
PerlModule Apache::PortCorrect
PerlPostReadRequestHandler Apache::PortCorrect
##
Hope that helps.
Paul
--- "Airey, John" <[EMAIL PROTECTED]> wrote:
> A user redirect in the head a web page at
> http://www/mydomain.com/michel
> such as
>
> https://www/mydomain.com/michel">
>
>
> Would achieve this (redirecting after 1 second). However, the secure
> document root would have to be different!
>
> I don't think (AFAIK) there's a way for a web server to do this.
>
> -
> John Airey
> Internet Systems Support Officer, ITCSD, Royal National Institute for
> the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
> [EMAIL PROTECTED]
>
>
> -Original Message-
> From: michel [mailto:[EMAIL PROTECTED]]
> Sent: 14 June 2000 16:46
> To: [EMAIL PROTECTED]
> Subject: Auto HTTPS
>
>
> Hi, I have a site with SSL. I want that if a user came in
> http://www/mydomain.com/michel via automatic the user is redirect to
> https://www/mydomain.com/michel
>
> I have see manual, but I'm a newbie in regular expression.
> In httpd.conf I have:
>
> Order allow,deny
> Allow from all
> RewriteEngineon
> RewriteCond %{HTTPS} !=on
> RewriteRule (.*) https://%{SERVER_NAME}/ [R,L]
> #RewriteRule * https://%{SERVER_NAME}/$1
>
>
> out of every
>
> Tnx in advance
>
> both them (Windows and M. Lewinski) suck a lot and both them are
> are giving Bill some trouble.
> --
> Michel Morelli [EMAIL PROTECTED]
>
> ICQ UIN: 58351764 PR of PhpItalia.com
> http://www.ziobudda.net http://faq.ziobudda.net
>
>
__
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
> [EMAIL PROTECTED]
>
__
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
On Wed, Jun 14, 2000 at 05:45:46PM +0200, michel wrote:
> Hi, I have a site with SSL. I want that if a user came in
> http://www/mydomain.com/michel via automatic the user is redirect to
> https://www/mydomain.com/michel
>
> I have see manual, but I'm a newbie in regular expression.
> In httpd.conf I have:
>
> Order allow,deny
> Allow from all
> RewriteEngine on
> RewriteCond %{HTTPS} !=on
> RewriteRule (.*) https://%{SERVER_NAME}/ [R,L]
> #RewriteRule * https://%{SERVER_NAME}/$1
>
>
> out of every
>
You could just do this on your http host:
RewriteEngineon
RewriteRule ^/michel(.*) https://%{SERVER_NAME}/michel$1 [L,R]
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
Balazs Nagy wrote: > > I don't think (AFAIK) there's a way for a web server to do this. > > 2) The auto redirect IS possible: > There are two virtual host definitions, one for the port 80 (unsecure) and one > for the port 443 (secure). In the virtual host :80 you could use something > like: > Redirect /michel https://www.domain.com/michel > In the virtual host :443 you might want to put a few redirect rules to switch > back to the :80 virtual host. There is a detailed example earlier on this list > (april-may). Actually, you could just do a global redirect: Redirect / https://www.domain.com/ which redirects any url under / (the web site's root) to the secure URL. > RedirectMatch ^/(signup.pl.*) https://www.domain.com/$1 I don't know that you even need to do that. Redirect will preserve CGI parameters entered as part of the URL. -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, BOFH - President, Chief Website Architect and Janitor Spammers and Net-abusers: Don't bother asking me for service. See http://NorthShoreTechnologies.net/go/policy/ for more information. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
On Wed, 14 Jun 2000, Steve Sobol wrote: > > Redirect /michel https://www.domain.com/michel Hi again. I have tried it, but it dows not works. When I access to /michel I'm redirect to https://... but the page displayed by Netscape is: -- Found The document has moved here. -- And "here" is a link to the same page (it creates a infinity link). How can i resolve it? Tnx in advance Non pensate al futuro ... usate il gerundio!!! -- Michel Morelli [EMAIL PROTECTED] ICQ UIN: 58351764 PR of PhpItalia.com http://www.ziobudda.net http://faq.ziobudda.net __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
michel wrote: > > On Wed, 14 Jun 2000, Steve Sobol wrote: > > > Redirect /michel https://www.domain.com/michel > > Hi again. > I have tried it, but it dows not works. > When I access to /michel I'm redirect to https://... but the page > displayed by Netscape is: > -- > Found > > The document has moved here. > -- > And "here" is a link to the same page (it creates a infinity link). > How can i resolve it? > there might be several problems: 1) Check that https is up and running 2) Check that you can access the page you want to direct to by typing the URL into the browser Remember that the alias for /michel and /michel/ are to different alias statements. The axample I gave you was cut out directly from my configs, so it will work is you can verify points 1) and 2) Good Luck. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
Steve Sobol wrote:
>
> Balazs Nagy wrote:
>
> > > I don't think (AFAIK) there's a way for a web server to do this.
> >
> > 2) The auto redirect IS possible:
> > There are two virtual host definitions, one for the port 80 (unsecure) and one
> > for the port 443 (secure). In the virtual host :80 you could use something
> > like:
> > Redirect /michel https://www.domain.com/michel
> > In the virtual host :443 you might want to put a few redirect rules to switch
> > back to the :80 virtual host. There is a detailed example earlier on this list
> > (april-may).
>
> Actually, you could just do a global redirect:
>
> Redirect / https://www.domain.com/
>
> which redirects any url under / (the web site's root) to the
> secure URL.
That was not the question ;) He wanted only part of the site (the subdir
/michel).
> > RedirectMatch ^/(signup.pl.*) https://www.domain.com/$1
>
> I don't know that you even need to do that.
>
> Redirect will preserve CGI parameters entered as part of the URL.
Yes, but in his case, he might have things like
.../michel/page1.html
or
.../michel/page2.html
In that case you do need to use
RedirectMatch ^/(michel.*) https://www.domain.com/$1
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
Hi Michel, Probably you defined the clause in a global manner and thus formed a loop inside the virtual host at port 443. Try embed your setting as below: Redirect /michel https://www.domain.com/michel Rgds. Martin michel wrote: > On Wed, 14 Jun 2000, Steve Sobol wrote: > > > Redirect /michel https://www.domain.com/michel > > Hi again. > I have tried it, but it dows not works. > When I access to /michel I'm redirect to https://... but the page > displayed by Netscape is: > -- > Found > > The document has moved here. > -- > And "here" is a link to the same page (it creates a infinity link). > How can i resolve it? > > Tnx in advance > > Non pensate al futuro ... usate il gerundio!!! > -- > Michel Morelli [EMAIL PROTECTED] > > ICQ UIN: 58351764 PR of PhpItalia.com > http://www.ziobudda.net http://faq.ziobudda.net > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
michel wrote: > > On Wed, 14 Jun 2000, Steve Sobol wrote: > > > Redirect /michel https://www.domain.com/michel > > Hi again. > I have tried it, but it dows not works. > When I access to /michel I'm redirect to https://... but the page > displayed by Netscape is: > -- > Found > > The document has moved here. > -- > And "here" is a link to the same page (it creates a infinity link). > How can i resolve it? Try redirect permanent / https://www.domain.com/ (There are a few different types of Redirects that Apache can generate.) -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, BOFH - President, Chief Website Architect and Janitor Spammers and Net-abusers: Don't bother asking me for service. See http://NorthShoreTechnologies.net/go/policy/ for more information. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Auto HTTPS
Balazs Nagy wrote: > > Redirect / https://www.domain.com/ > > > > which redirects any url under / (the web site's root) to the > > secure URL. > > That was not the question ;) Oh, so you want me to actually *read* and *comprehend* the question before replying? I think that's a bit much to ask. ;) Sorry about the misunderstanding. > In that case you do need to use > RedirectMatch ^/(michel.*) https://www.domain.com/$1 You are correct. -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, BOFH - President, Chief Website Architect and Janitor Spammers and Net-abusers: Don't bother asking me for service. See http://NorthShoreTechnologies.net/go/policy/ for more information. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTPS not running
I am able to set up a http apache server using apache_1.3.26 and openssl-0.9.6d I also installed mod_ssl but when I write https://nessus I am not able to get anything but when I write http://nessus/ I see the page, Hey, it worked The SSL/TLS-aware Apache webserver was successfully installed I also ran /usr/local/apache/bin/apachectl startssl But I am not able to run https server Can someone guide me I am in urgent need to set up https server I am referring the page http://www.modssl.org/docs/apachecon2001 Please suggest _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.rediff.com/jobs __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
passpharse starting https
Hello, Im sure im not the only one that has ever asked this but couldnt really find anything on google. What happens if you what to have your passphrase entered automatic when starting https, especially if your not sitting at your system at 3am... Thanks upfront... Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
http to https
Hello, Im sure this has been asked but I cant find the answer. I have Apache/1.3.27 (Unix)mod_ssl/2.8.12 OpenSSL/0.9.6e. In the httpd.conf can I make an http link go to (redirect) an https link. So if they click on this link: http://system.company.com/ it will direct to https://system/ or https://system.company.com/ Thanks upfront Ron __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https access problems
Hi, I am new to this mailing list. I am having a problem with external internet access to my server. I have the following in place: Red Hat 7.3/2.4.18-3 Apache 1.3.27 mod_ssl 2.8.12-1.3.27 OpenSSL 0.9.7a I have a main server running on port 80, and a virtualhost on port 443 for the SSL. I can access port 443 100% of the time from any client on my internal network. From external networks, I am having problems connecting. I see nothing in IPTraf when these connections external connections don't connect, nor do I get anything in my log files. I have no problems at all with http. All internal clients work fine for both http and https on MSIE, Netscape, and Mozilla. These same clients configured for loopback through a dial-up and back into a cable-modem can't get in.most of the time, but once in a while. The same symptoms occur for other people who have tried to access my SSL website. They have no problems with http, but https will almost always refuse the connection or give them a page not displayed. I found a couple of messages posted on this board which talked about the SSLSessionCache. I tried changing that to 'none' from 'dbm'. When I did this, the external connections worked!! 5 minutes later, they were gone, and I was back to the same place that I started. This is a very strange problem, and I am NOT an expert. I see that there are a lot of posts on this board concerning similiar sounding problems. Has anybody come up with a fix for this? Does anybody have any suggestions as to what I should do or try next? Any help here is greatly appreciated. Konn __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https not working
Hi, I have been stuck with the problem for a long time now. I will appreciate any suugestions to rectify this problem. THe thing is my https server on SunOS 5.9 serves Netscape ok. It is only MSIE thatis not able to access secure pages. what I see on the ssl_error_log is that IE and Apache server decide on the protocol and then server shutsdown the connection. What could be the reason? I'm totally lost. Part of the ssl_error_log file: --- [Tue Jun 17 14:16:30 2003] [debug] ssl_engine_kernel.c(1761): OpenSSL: Handshake: done [Tue Jun 17 14:16:30 2003] [info] Connection: Client IP: 130.86.72.20, Protocol: SSLv2, Cipher: RC4-MD5 (128/128 bits) [Tue Jun 17 14:16:31 2003] [debug] ssl_engine_io.c(1489): OpenSSL: I/O error, 2 bytes expected to read on BIO#13c2d0 [mem: 17b978] [Tue Jun 17 14:16:31 2003] [info] (70014)End of file found: SSL input filter read failed. [Tue Jun 17 14:16:31 2003] [info] Connection to child 3 closed with standard shutdown(server hawk.ecs.csus.edu:443, client 130.86.72.20) ~ - Config: OS: SunOs 5.9 Apache: 2.0.45 openssl: 0.9.7a shared library: MM - Thanks in advance. --veena __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
HTTPS Unknown Error
Hi All, I receive this error "HTTPS Unknown Error" with error code 500 from the apache server when i try to make a PUT request through HTTPS. Are their any specific reasons of that ? I have a test application which gets 204 response from the same server but our live application gets 500 response code. This seems confusing - anyone with help will be highly appreciated. Regards, NK -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 7:43 AM To: [EMAIL PROTECTED] Subject: RE: >-Original Message- >From: Dave Paris [mailto:[EMAIL PROTECTED] > > snip... You claim to >have spent two MONTHS trying to find what I found in under 10 >SECONDS. Er... the difference is that you recognised the problem immediately because you have seen it before. So you knew exactly what to type into Google. If you put yourself in Ian's shoes, he was using the NBVH mechanism for ages and became very familiar with it. He then tried to extend it to SSL, which is a reasonable thing to do, and then was suprised that it didn't work. It is not blindingly obvious, a priori, what the problem is. In that case, it is not so obvious what to type into Google - you might not necessarily realise that the problem is to do with NBVH, especially if that is not the only thing you changed. I am making this comment because I followed a very similar route to Ian in discovering this SSL limitation. In my case, I was tasked by my boss, who is a competent programmer, to "set up some NBVHs under SSL". It never occurred to me that my boss could have handed me an impossible task and I spent weeks trying to get it to work. In the end, it was this mailing list which enlightened me. Since then, I've tried to help out on the list, initially by explaining this issue whenever it came up but lately (since others also now do this quite ably), by chipping in whenever some bright spark reckons that he's found a workaround (it's a bit like debunking perpetual motion machine designs). Usually, he's forgotten about authentication and is using the same cert in all VHs... Anyway, the point I'm making is that the original poster is obviously a seasoned hacker (he uses openssl from the command line!) and as such should be welcome on this list and congratulated for using mod_ssl... So could we be a bit friendlier please? Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. >That doesn't make me one bit of a better person than you... it just >says that my mind works in a way that is different from yours. I'd >wager there are certain tasks you accomplish quite easily that would >take me some effort. It's the way us humans seem to be designed. > >Every once in awhile, it's a good thing to look at who we are >and what >we're good at and then review what we've chosen to do in life. > Doing a >job that meshes well with how you think can be all the difference >between looking forward to an rewarding day at the office and >a bruised >forehead from repeatedly smashing your head against a wall in >self-frustration. [ of course, I'm omitting the forehead bruising >caused by external influences like PHBs ;-) ] As for the >tone of your >note .. life's tough, grab a helmet. > >Kind Regards, >-dsp > >On Thursday, Aug 21, 2003, at 00:05 US/Eastern, Ian Newlands wrote: > >> If I hadn't already exhausted resources I would not have made this >> post in the first place. I have tried 3 different versions >of apache, >> searched through previous postings, used search engines etc. >bought 2 >> books on apache and have been attempting to get this going >for almost >> 2 months now. >> >> I'm glad you're amused by my frustration here. >> >> If there is anyone out there that is willing to submit a serious >> response to this I would appreciate it greatly. >> >> Regards, >> >> Ian Newlands >> >> >> - Original Message - >> From: "Dave Paris" <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]> >> Cc: "Ian Newlands" <[EMAIL PROTECTED]> >> Sent: Thursday, August 21, 2003 11:58 AM >> Subject: Re: virtual hosting >> >> >>> geeze. is it that time of the month already for this question? >>> seems like it was just yesterday when it was asked last .. >maybe I'm >>> just thinking of the other 100,000 times it was asked. >>> >>> in all seriousness, this dead horse has been beaten so many >times on >>> this list there isn't even a carcass left to hit at this point. >>> please go dig through
mod_ssl/Apache https problem
Hi, I set up mod_ssl-2.6.6-1.3.12 for Apache 1.2.12 on Sun/Solaris2.6 (with built-in PHP4.0 and ApacheJServ-1.1.2), made a self-signed certificate (make certificate TYPE=custom) and launched .../apachectl startssl (with Pass phrase) Installed everything as logged in as root. Tried form a PC w/Netscape 4.72: https://my.own.server/ get a message that Netscape does not recognize the authority who signed this certificate (I can agree), clicking a few "Next"'s gets me to the small window "You have requested a secure document", but then: Forbidden Tou don't have permission to access / on this server If I use http://my.own.server/path_to_a_subdir/someHTMLfile.html I end up with: Not Found The requested URL/path_to_a_subdir/someHTMLfile.html was not found on this server Using http instead of https works fine. What could be wrong ? Thanks in advance for any hints. Pieter Pieter Donche, I.T. Manager E-mail: [EMAIL PROTECTED] Dept. Math. & Computer Science Voice: +32(0)3/820.22.02 University of Antwerp (UIA), room A2.23 Fax: +32(0)3/820.24.21 Universiteitsplein 1, B 2610 Wilrijk, BELGIUM __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
https pass-through proxying
We'd like to bring nice webpages from remote host into our namespace. But connection between remote host and our namespace should use SSL protocol. How can it be done? We know that a dynamic mirror is done by the use of the mod_rewrite module and Proxy Throughput feature (flag [P]) as follows: RewriteEngine on RewriteRule ^nice_pages/(.*)$ <http://www.nicepages.com/$1> [P,L] But when we convert <http://www.nicepages.com/$1> to <https://www.nicepages.com/$1> it doesn't work. Remote host and our namespace server use OpenSSL-0.9.5a, Apache 1.3.12 and Apache1.3.12+ssl1.41 patch. In mod_ssl F_A_Q.htm we saw that "mod_ssl adds support for HTTPS to the Apache Proxy Module (mod_proxy)". Does it mean, we can do this using mod_ssl? Elizabeth & Chris
Re: AW: HTTPS-Error
Hiendl Elke wrote: > > when I type whereis apachectl it prompts me "apachectl:"; when I point to Try find / -name apachectl -print I suspect apachectl is in /usr/local somewhere, and whereis isn't checking there. > https://localhost, it also hangs. > So what to do now? Read http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 and try some of the tests. Something is running on 443, and I suspect it's apache. Use apachectl to stop apache, then verify there is nothing on 443. > > > -Ursprüngliche Nachricht- > > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > > Gesendet am: Mittwoch, 18. Oktober 2000 10:18 > > An: [EMAIL PROTECTED] > > Betreff: Re: HTTPS-Error > > > > Hiendl Elke wrote: > > > > > > I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 > > running on > > > Caldera OpenLinux 2.3. I configured my Apache to listen > > only to Port 443. I > > > am able to start Apache, but when I type: > > https://myserver.domain.com , the > > > whole thing just hangs; when I look in the error.log I get > > following: > > > > > > [] [error] [client 192.168.3.42] Invalid method in request + > > > > > > It also tells me, that it could not bind to Port 443 > > (Adress already in use: > > > make_sock: could not bind to port 443) > > http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 tells > > you how to manually check your HTTPS server. This will > > tell you if something is listening to 443. > > > > > When I try to start with apachectl startssl, I am told that > > the command was > > > not found > > > Sounds all very strange to me, can anybody help me? > > It sounds to me that your PATH doesn't include > > apachectl. > > > > whereis apachectl > > > > should help. What happens if you point your web > > browser at https://localhost/ ? > > > > Adam. > > __ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager[EMAIL PROTECTED] > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: AW: HTTPS-Error
Hi Adam, thanks for your kind help. But I´m still having trouble: apachectl is in /usr/local/apache/bin but despite the permissions are o.k., it prompts me that the command is not found. I already tried some of the tests: telnet localhost:80 gives me "Unknown host" also telnet on Port 443; the same is with my full Server name. with telnet localhost I can connect. The openssl command also wasn`t found (??), the same with cURL. When I try: cd /usr/sbin # httpd -DSSL it gives the following error-message: [..][warn] Loaded DSO libexec/mod_jserv.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI). I compiled the JServ module, because I have to include Tomcat in my httpd.conf. So actually, I have to problems: to get the Apache started with SSL on Port 443 and to get Tomcat to talk to Apache. All ASAP! Any help is greatly appreciated Elke > -Ursprüngliche Nachricht- > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > Gesendet am: Mittwoch, 18. Oktober 2000 11:02 > An: [EMAIL PROTECTED] > Betreff: Re: AW: HTTPS-Error > > Hiendl Elke wrote: > > > > when I type whereis apachectl it prompts me "apachectl:"; > when I point to > Try > > find / -name apachectl -print > > I suspect apachectl is in /usr/local somewhere, and > whereis isn't checking there. > > > https://localhost, it also hangs. > > So what to do now? > Read http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 and > try some of the tests. Something is running on 443, and I > suspect it's apache. Use apachectl to stop apache, then > verify there is nothing on 443. > > > > > > -Ursprüngliche Nachricht- > > > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > > > Gesendet am: Mittwoch, 18. Oktober 2000 10:18 > > > An: [EMAIL PROTECTED] > > > Betreff: Re: HTTPS-Error > > > > > > Hiendl Elke wrote: > > > > > > > > I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 > > > running on > > > > Caldera OpenLinux 2.3. I configured my Apache to listen > > > only to Port 443. I > > > > am able to start Apache, but when I type: > > > https://myserver.domain.com , the > > > > whole thing just hangs; when I look in the error.log I get > > > following: > > > > > > > > [] [error] [client 192.168.3.42] Invalid method in request + > > > > > > > > It also tells me, that it could not bind to Port 443 > > > (Adress already in use: > > > > make_sock: could not bind to port 443) > > > http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 tells > > > you how to manually check your HTTPS server. This will > > > tell you if something is listening to 443. > > > > > > > When I try to start with apachectl startssl, I am told that > > > the command was > > > > not found > > > > Sounds all very strange to me, can anybody help me? > > > It sounds to me that your PATH doesn't include > > > apachectl. > > > > > > whereis apachectl > > > > > > should help. What happens if you point your web > > > browser at https://localhost/ ? > > > > > > Adam. > > > > __ > > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > > User Support Mailing List > [EMAIL PROTECTED] > > > Automated List Manager > [EMAIL PROTECTED] > > > > > > __ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
R: AW: HTTPS-Error
HI, I had the same error, but on Windows NT system, I have resolve this changed the httpd.conf file, I had changed: load module LoadModule anon_auth_module modules/ApacheModuleAuthAnon.dll LoadModule dbm_auth_module modules/ApacheModuleAuthDBM.dll LoadModule digest_auth_module modules/ApacheModuleAuthDigest.dll LoadModule cern_meta_module modules/ApacheModuleCERNMeta.dll LoadModule digest_module modules/ApacheModuleDigest.dll LoadModule expires_module modules/ApacheModuleExpires.dll LoadModule headers_module modules/ApacheModuleHeaders.dll LoadModule proxy_module modules/ApacheModuleProxy.dll LoadModule rewrite_module modules/ApacheModuleRewrite.dll LoadModule speling_module modules/ApacheModuleSpeling.dll LoadModule info_module modules/ApacheModuleInfo.dll LoadModule status_module modules/ApacheModuleStatus.dll LoadModule usertrack_module modules/ApacheModuleUserTrack.dll LoadModule ssl_module modules/ApacheModuleSSL.dll The modules into unix system have .o or .so extention and have add listen directive with port 443 in this mode when I try connecr manualy through openssl I had success. try Giovanni -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Per conto di Hiendl Elke Inviato: mercoledì 18 ottobre 2000 11.31 A: [EMAIL PROTECTED] Oggetto: AW: AW: HTTPS-Error Hi Adam, thanks for your kind help. But I´m still having trouble: apachectl is in /usr/local/apache/bin but despite the permissions are o.k., it prompts me that the command is not found. I already tried some of the tests: telnet localhost:80 gives me "Unknown host" also telnet on Port 443; the same is with my full Server name. with telnet localhost I can connect. The openssl command also wasn`t found (??), the same with cURL. When I try: cd /usr/sbin # httpd -DSSL it gives the following error-message: [..][warn] Loaded DSO libexec/mod_jserv.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI). I compiled the JServ module, because I have to include Tomcat in my httpd.conf. So actually, I have to problems: to get the Apache started with SSL on Port 443 and to get Tomcat to talk to Apache. All ASAP! Any help is greatly appreciated Elke > -Ursprüngliche Nachricht- > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > Gesendet am: Mittwoch, 18. Oktober 2000 11:02 > An: [EMAIL PROTECTED] > Betreff: Re: AW: HTTPS-Error > > Hiendl Elke wrote: > > > > when I type whereis apachectl it prompts me "apachectl:"; > when I point to > Try > > find / -name apachectl -print > > I suspect apachectl is in /usr/local somewhere, and > whereis isn't checking there. > > > https://localhost, it also hangs. > > So what to do now? > Read http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 and > try some of the tests. Something is running on 443, and I > suspect it's apache. Use apachectl to stop apache, then > verify there is nothing on 443. > > > > > > -Ursprüngliche Nachricht- > > > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > > > Gesendet am: Mittwoch, 18. Oktober 2000 10:18 > > > An: [EMAIL PROTECTED] > > > Betreff: Re: HTTPS-Error > > > > > > Hiendl Elke wrote: > > > > > > > > I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 > > > running on > > > > Caldera OpenLinux 2.3. I configured my Apache to listen > > > only to Port 443. I > > > > am able to start Apache, but when I type: > > > https://myserver.domain.com , the > > > > whole thing just hangs; when I look in the error.log I get > > > following: > > > > > > > > [] [error] [client 192.168.3.42] Invalid method in request + > > > > > > > > It also tells me, that it could not bind to Port 443 > > > (Adress already in use: > > > > make_sock: could not bind to port 443) > > > http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 tells > > > you how to manually check your HTTPS server. This will > > > tell you if something is listening to 443. > > > > > > > When I try to start with apachectl startssl, I am told that > > > the command was > > > > not found > > > > Sounds all very strange to me, can anybody help me? > > > It sounds to me that your PATH doesn't include > > > apachectl. > > > > > > whereis apachectl > > > > > > should help. What happens if you point your web > > > browser at https://localhost/ ? > > > > > > Adam. > > > > __ > > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org &g
Re: AW: HTTPS-Error
Caldera keeps apachectl in /etc/httpd/bin I would issue something like apachectl start ; tail /var/log/httpd/apache/error_log and see what kind of error log it generates For more specific info about Caldera+Apache and other Caldera related subjects check out http://linux.nf/stepbystep.htm and go to Apache->Armand Document Armand Hiendl Elke wrote: > > when I type whereis apachectl it prompts me "apachectl:"; when I point to > https://localhost, it also hangs. > So what to do now? > > > -Urspr|ngliche Nachricht- > > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > > Gesendet am: Mittwoch, 18. Oktober 2000 10:18 > > An: [EMAIL PROTECTED] > > Betreff: Re: HTTPS-Error > > > > Hiendl Elke wrote: > > > > > > I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 > > running on > > > Caldera OpenLinux 2.3. I configured my Apache to listen > > only to Port 443. I > > > am able to start Apache, but when I type: > > https://myserver.domain.com , the > > > whole thing just hangs; when I look in the error.log I get > > following: > > > > > > [] [error] [client 192.168.3.42] Invalid method in request + > > > > > > It also tells me, that it could not bind to Port 443 > > (Adress already in use: > > > make_sock: could not bind to port 443) > > http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 tells > > you how to manually check your HTTPS server. This will > > tell you if something is listening to 443. > > > > > When I try to start with apachectl startssl, I am told that > > the command was > > > not found > > > Sounds all very strange to me, can anybody help me? > > It sounds to me that your PATH doesn't include > > apachectl. > > > > whereis apachectl > > > > should help. What happens if you point your web > > browser at https://localhost/ ? > > > > Adam. > > __ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager[EMAIL PROTECTED] > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: AW: HTTPS-Error
Hiendl Elke wrote: > > when I type whereis apachectl it prompts me "apachectl:"; when I point to > https://localhost, it also hangs. > So what to do now? Are you really typing in http_s_ as above in your post? Armand __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: AW: HTTPS-Error
Really, I´m not kidding! > -Ursprüngliche Nachricht- > Von: Armand [mailto:[EMAIL PROTECTED]] > Gesendet am: Mittwoch, 18. Oktober 2000 16:51 > An: [EMAIL PROTECTED] > Betreff: Re: AW: HTTPS-Error > > Hiendl Elke wrote: > > > > when I type whereis apachectl it prompts me "apachectl:"; > when I point to > > https://localhost, it also hangs. > > So what to do now? > > Are you really typing in http_s_ as above in your post? > > Armand > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: AW: HTTPS-Error
Hi Armand, thanks for the link; I think I will try once again from scratch. But I don`t need PHP at all (can I just skip these steps?), but I have to use mod_jserv (Tomcat as servlet-container). Any experience how to build it and avoid the error message about EAPI/DEAPI? TIA Elke > -Ursprüngliche Nachricht- > Von: Armand [mailto:[EMAIL PROTECTED]] > Gesendet am: Mittwoch, 18. Oktober 2000 16:49 > An: [EMAIL PROTECTED] > Betreff: Re: AW: HTTPS-Error > > Caldera keeps apachectl in /etc/httpd/bin I would issue > something like > > apachectl start ; tail /var/log/httpd/apache/error_log > > and see what kind of error log it generates > > For more specific info about Caldera+Apache and other Caldera related > subjects check out http://linux.nf/stepbystep.htm and go to > Apache->Armand Document > > Armand > > Hiendl Elke wrote: > > > > when I type whereis apachectl it prompts me "apachectl:"; > when I point to > > https://localhost, it also hangs. > > So what to do now? > > > > > -Urspr|ngliche Nachricht- > > > Von: Adam Nealis [mailto:[EMAIL PROTECTED]] > > > Gesendet am: Mittwoch, 18. Oktober 2000 10:18 > > > An: [EMAIL PROTECTED] > > > Betreff: Re: HTTPS-Error > > > > > > Hiendl Elke wrote: > > > > > > > > I have Apache1.3.12, modssl 2.6.6-1-3-12 and openssl 0.9.6 > > > running on > > > > Caldera OpenLinux 2.3. I configured my Apache to listen > > > only to Port 443. I > > > > am able to start Apache, but when I type: > > > https://myserver.domain.com , the > > > > whole thing just hangs; when I look in the error.log I get > > > following: > > > > > > > > [] [error] [client 192.168.3.42] Invalid method in request + > > > > > > > > It also tells me, that it could not bind to Port 443 > > > (Adress already in use: > > > > make_sock: could not bind to port 443) > > > http://www.modssl.org/docs/2.7/ssl_faq.html#ToC19 tells > > > you how to manually check your HTTPS server. This will > > > tell you if something is listening to 443. > > > > > > > When I try to start with apachectl startssl, I am told that > > > the command was > > > > not found > > > > Sounds all very strange to me, can anybody help me? > > > It sounds to me that your PATH doesn't include > > > apachectl. > > > > > > whereis apachectl > > > > > > should help. What happens if you point your web > > > browser at https://localhost/ ? > > > > > > Adam. > > > > __ > > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > > User Support Mailing List > [EMAIL PROTECTED] > > > Automated List Manager > [EMAIL PROTECTED] > > > > > > __ > > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > > User Support Mailing List > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Free HTTPS benchmarking tool?
I've been digging around for a few hours today looking for something to give me an idea of my web site responsiveness. It doesn't have to be too sophisticated, but it must support cookies during runs (to see anything useful on my site you must log in via a on the Home Page). Oh, and do SSL too ;). All I found was http_load which I'm not convinced worked. Also webstone 2.5 + SSL, but it was a bit awkward not least because of the requirement of using rexe so I didn't get as far as an actual run. I considered lynx-ssl, but I couldn't fathom a way to give it a list of URLs and have it hammer the site that way. The -crawl option in lynx was tempting, but since the live site allows one to post information I am nervous to point a crawler at the site. OTOH since we store state information in cookies I might be able to get lynx to work with that, and fire off zillions of lynx processes, one per list. Like I said, I'm not rying to be too sophisticated (yet). Has anyone any suggestions? Thanks, Adam. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: http vs. https
> And I can access the web server by both http and https. Both http://myhost/ > and https://myhost/ are OK. > My question is, how can restrict a directory/file to be only accessed by > https, and others by http? Use the SSLRequireSSL directive Bye, Ago ps.: you can use mod_rewrite to always rewrite these directories address from http:// to https:// __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: http vs. https
Hello ! And how did you manage your DocumentRoot settings ? Because I followed the instructions and settings and I just see the default redhat page, which says I should change the documentroot. But why shuold I ? I just keep the pages in a directory set up to virtual domains and all of them have a seperate directory under this virtuals directory. So how does it possible to use the same directory just with https://... Should I use the mod_rewrite every time ? Bye, Ago __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: http vs. https
Wayne Li wrote: > My question is, how can restrict a directory/file to be only accessed by > https, and others by http? Think of the SSL server as a distinct VirtualHost so make sure the content directories don't overlap. E.g something like: HTTP virtual host: DocumentRoot /home/user/html/plain_HTTP SSL virtual host: DocumentRoot /home/user/html/ssl_stuff If you must have SSL stuff under the HTTP DocumentRoot then use: SSLRequireSSL Rgds, Owen Boyle __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
.htaccess and https:// connections
I think others have asked this question as well, but I would like a portion of my secure site to be blocked to access unless a name and password is entered. I have create a valid .htaccess file, pointing at a valid .htpasswd file, and it works provided that part of the site is accessed through an http: connection -- it correctly query's for the name and password before showing the page. However, when accessed through a https: connection, no such query pops up - the script is run and the page shows as if there were no .htaccess file at all. I have tried putting the directives directly into the httpd.conf file, but the result is the same either way I do it - the .htaccess file only seems to work if the connection to the page is made through an unsecure connection. I would like the sessions to this page (an admin page to be used by authorized users off-site) to require authorization and be through an SSL session. The chances of anyone guessing the directory/script name is low, but still Any ideas? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Allow from env=HTTPS
Hello,
I'm trying to create an access rule so that users can access
the website unsecurely from inside the office and have to use https
to access it from the outside.
I put this in a .htaccess file:
Order Deny,Allow
Deny from all
Allow from env=HTTPS
Allow from 192.168.1.0/24
However, this doesn't work. The "Allow from env=HTTPS" line _never_
works, however hard I try.
If I execute a CGI script that prints the environment variables, I
can see that "HTTPS=on". Also if I put the following in the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS}on
RewriteRule .* - [E=secure:on]
.. I can see from the output of the mentioned CGI script that the
environment variable "secure" is set to "on" as well. So it appears
that mod_rewrite does see the HTTPS variable, but that mod_access
doesn't ... I've read the mod_access source, and it should work.
The only problem could be the order in which the modules are loaded
and the requests are processed - but that shouldn't matter, right,
as the EAPI hooks that mod_ssl uses make sure that HTTPS is set
very early (I read the mod_ssl source and that seems to happen).
So why doesn't it work ?
Oh - apache 1.3.14, mod_ssl 2.7.1
Mike.
--
Go not unto the Usenet for advice, for you will be told both yea and nay (and
quite a few things that just have nothing at all to do with the question).
-- seen in a .sig somewhere
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
sometimes http sometimes https
does anyone know why if I use a response.redirect from a servlet to a jsp - I get a http jsp but if I do a getServletConfig().getServletContext().getRequestDispatcher I get a https page (obviously showing servley address in url window) I don't see why? Justin __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: HTTP and HTTPS
"Hu, Meng P (Meng Pei)" wrote: > > Hi, > > i had apache 1.3.19 + mod_ssl-2.8.2 + openssl-0.9.6a installed with no > error. > > i can start up Apache by running apachectl startssl and there is no error in > error_log file either. > > But, i cannot connect to server via https with Netscape Navigator 4.7. It > only can do http. > > Please help ! There must be something important that i missed. Did you actually define an SSL virtualhost? The server can now do HTTP or HTTPS but you must tell it what protocol to use with each virtualhost. You need something like: SSLEngine on SSLCertificateFile/path-to-certificate-file SSLCertificateKeyFile /path-to-key-file DocumentRoot /path-to-https-content Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Https web page entrance.
My problem is (Apache,mod_ssl,mysql,php3/4): When I enter web page which use php/mysql (forum), IE told me that I enter Secure Page, I can look at cert, it told me about some dangerous links etc. But when I enter the link of topics, every times ask me about security. Every time I have to click OK, to see the web. It's normal ? Can I only one click, that I know that is secure web, and it have got some dangerous links(cgi web count), and use https, without clicking "OK" every page link ??? Greetings [EMAIL PROTECTED] <><><><><><><><><><><><><> What is the biggest bug of Microsoft ? >Absence of "kill -9"<--- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: https - port problem
Hi everyone, I have just installed an Apache server with SSL. It works, but I can only read my html pages, I can't access to my cgi scripts in /usr/local/apache/cgi-bin. My browser says : "You don't have the permission to access /cgi-bin". May be this problem comes from the SSL configuration in the httpd.conf. Does someone know if there is something especially to change ? I only change Port and Listen directives in the httpd.conf. Configuration : Red Hat 6.2 Apache 1.3.20 OpenSSL 0.9.6a ModSSL 2.8.4-1.3.20 Thanks...:) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: https - port problem
I had to add suexec to get around this. I created another user and group (like www and www) and run Apache as this user. (edit your httpd.conf, change from "nobody") also compile in a suexec user. If you've done if successfully, when you do a httpd -l, you'll see a line that says "suexec wrapper created successfully". Then chown all of the cgi-bin files to this user. -Original Message- From: zze-BOGATIRSKY Jeremy apprenti FTRD/DMI/LAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 4:58 AM To: '[EMAIL PROTECTED]' Subject: RE: https - port problem Hi everyone, I have just installed an Apache server with SSL. It works, but I can only read my html pages, I can't access to my cgi scripts in /usr/local/apache/cgi-bin. My browser says : "You don't have the permission to access /cgi-bin". May be this problem comes from the SSL configuration in the httpd.conf. Does someone know if there is something especially to change ? I only change Port and Listen directives in the httpd.conf. Configuration : Red Hat 6.2 Apache 1.3.20 OpenSSL 0.9.6a ModSSL 2.8.4-1.3.20 Thanks...:) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: https - port problem
Thanks you very much Ray. It seems to be that. Jeremy -Message d'origine- De : McCaffity, Ray [mailto:[EMAIL PROTECTED]] Envoye : jeudi 31 mai 2001 15:13 A : '[EMAIL PROTECTED]' Objet : RE: https - port problem I had to add suexec to get around this. I created another user and group (like www and www) and run Apache as this user. (edit your httpd.conf, change from "nobody") also compile in a suexec user. If you've done if successfully, when you do a httpd -l, you'll see a line that says "suexec wrapper created successfully". Then chown all of the cgi-bin files to this user. -Original Message- From: zze-BOGATIRSKY Jeremy apprenti FTRD/DMI/LAN [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 31, 2001 4:58 AM To: '[EMAIL PROTECTED]' Subject: RE: https - port problem Hi everyone, I have just installed an Apache server with SSL. It works, but I can only read my html pages, I can't access to my cgi scripts in /usr/local/apache/cgi-bin. My browser says : "You don't have the permission to access /cgi-bin". May be this problem comes from the SSL configuration in the httpd.conf. Does someone know if there is something especially to change ? I only change Port and Listen directives in the httpd.conf. Configuration : Red Hat 6.2 Apache 1.3.20 OpenSSL 0.9.6a ModSSL 2.8.4-1.3.20 Thanks...:) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: ProxyPass to https
>-Original Message-
>From: Ravi Babu D - CTD, Chennai. [mailto:[EMAIL PROTECTED]]
>Sent: 28 November 2001 11:10
>To: [EMAIL PROTECTED]
>Subject: ProxyPass to https
>
>
>Hi,
>
> I've small clarification related ProxyPass ,
>ProxyPassReverse directives
>in the Apache_1.3.19 with mod_ssl2.8.3 .
>Is it possible to Proxypass to the https server ?
>ie Is the following directives are correct ?
>ProxyPass /test https:///test1
>ProxyPassReverse /test https:///test1
>
>Here the remotewebserver is SSL enabled server.
>
Yes, although I would use
ProxyPass /test/ https:///test1/
ProxyPassReverse /test/ https:///test1/
But that means that you have to remember the trailing / (which purists will
point out should always be added if you are requesting the default document
for a directory. Most browsers add this automatically)
The following should work as well:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)$
RewriteRule ^(/test/.*)$ https:///test1/$1 [P]
No doubt someone else knows a more elegant usage of mod-rewrite.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-
NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.
RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.
Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.
RNIB Registered Charity Number: 226227
Website: http://www.rnib.org.uk
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: directing http --> https
Quoting Owen Boyle <[EMAIL PROTECTED]>: > If you want to be more specific so that > http://d.com/foo/bar.html --> https://d.com/foo/bar.html > then use something like: > > RedirectMatch (.*) https://d.com$1 > Won't this create an infinate loop? I could be wrong, but I think RedirectMatch will pick up the hit via http or https, and attempt to send the user to https://d.com$1 even if the user came via https in the first place. mod_rewrite seems to be the only alternative I've seen so far. If I'm wrong, let me know... __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: directing http --> https
In article <[EMAIL PROTECTED]> you wrote:
> Quoting Owen Boyle <[EMAIL PROTECTED]>:
>
>> If you want to be more specific so that
>> http://d.com/foo/bar.html --> https://d.com/foo/bar.html
>> then use something like:
>>
>> RedirectMatch (.*) https://d.com$1
>>
>
> Won't this create an infinate loop?
> I could be wrong, but I think RedirectMatch will pick up the hit via http or https,
>and attempt to send the user to https://d.com$1 even if the user came via https in
>the first place.
>
> mod_rewrite seems to be the only alternative I've seen so far. If I'm
> wrong, let me know...
Either you have to put the RedirectMatch only into the of
the HTTP-only virtual server or (in case you do it globally) you have to
use a RewriteRule with a RewriteCond which checks the %{HTTPS} variable
to avoid looping.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Re: https without certificate
In article <[EMAIL PROTECTED]> you wrote: > I was wondering if it may be possible to configure modssl to do crypto > with no certificate. No. > I know that it should be possible because certificates are just a way to > authenticate the server, not to establish the crypto. No, the server certificate is also important and required for the secure exchange of the crytography parameters of SSL/TLS. Without this, the client and server would not be able to securely exchange the necessary symmetric encryption parameters. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: directing http --> https
[EMAIL PROTECTED] wrote: > > RedirectMatch (.*) https://d.com$1 > > > > Won't this create an infinate loop? > I could be wrong, but I think RedirectMatch will pick up the hit via http or https, >and attempt to send the user to https://d.com$1 even if the user came via https in >the first place. > It depends on the "context" - i.e. where you put the directive in the httpd.conf file. If you put it outside of any virtualhost container it will have "server-config" context which means it will apply globally to all VHs. Then you will have trouble... However, if you have virtualhosts defined and you put the directive inside a VH container, it will have "virtualhost" context which means that it will only apply to that VH. Since you are using VHs, you must put the directive inside the plain HTTP VH for "d.com". Then it will only apply to HTTP requests to d.com. > mod_rewrite seems to be the only alternative I've seen so far. If I'm wrong, let me >know... mod_rewrite is great and I'm a big fan, but it is a sledge-hammer to crack a nut in this instance. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: https without certificate
"Ralf S. Engelschall" wrote: > > In article <[EMAIL PROTECTED]> you wrote: > > > I was wondering if it may be possible to configure modssl to do crypto > > with no certificate. > > No. too bad > > I know that it should be possible because certificates are just a way to > > authenticate the server, not to establish the crypto. > > No, the server certificate is also important and required for the secure > exchange of the crytography parameters of SSL/TLS. Without this, the > client and server would not be able to securely exchange the necessary > symmetric encryption parameters. well, that's right, but, if I don't really care about that much security and would just like some crippled http to get rid of young kiddies ? -- Mathieu Arnold __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: https without certificate
Mathieu Arnold wrote: > > > I know that it should be possible because certificates are just a way to > > > authenticate the server, not to establish the crypto. > > > > No, the server certificate is also important and required for the secure > > exchange of the crytography parameters of SSL/TLS. Without this, the > > client and server would not be able to securely exchange the necessary > > symmetric encryption parameters. > > well, that's right, but, if I don't really care about that much security > and would just like some crippled http to get rid of young kiddies ? Read Ralf's reply again - the certificate actually *contains* the server's public key. The browser uses this to encrypt a session-key and send this back to the server. Thereafter, the browser and server use this common session key to communicate throughout the rest of the session. Without a certificate, the browser can *never* establish communication with the server. It's like opening a locked door without a key. Read some of the docs for more details. If you don't care about authentication (or rather, if you believe your clients don't care about authentication) then make a self-signed certificate as described in the mod_ssl docs (see the website). This will provide the free certificate you need to get SSL working. Rgds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
