Hello everyone! I am working on an install of 8.2 pro and I'm having some trouble with apache. I have it working on a virtual server and the standard location (using webmin). I want to get secure access enabled on it and I'm having trouble with that. I see in /etc/httpd/httpd.conf that there is an entry for a server on port 443 and that server has all the options for SSL set in the default configuration. I also have the "LoadModule" entry for ssl_module, as well as the "AddModule" entry. Both of them, though, are wrapped in an "<IfDefine DUMMYSSL>" section. This is something new to me. I have the apache 1.3.27 and mod_ssl 2.8.12 packages installed, so it's not missing the module. I try enabling the module manually through webmin, but when I check mod_ssl, it does not "take". I have copied the directories and contents of ssl.crl, ssl.crt, ssl.csr, ssl.key, ssl.prm from my Red Hat 7.2 configuration to the SuSE 8.2 one, but that didn't help. I'm sure I'm missing something simple (like I probably am for compiling the kernel), but being a SuSE newbie, I'm not sure what it is... Thanks for any help! -Michael
On Wed, 21 May 2003 16:10:20 -0400
Michael George
Hello everyone!
I am working on an install of 8.2 pro and I'm having some trouble with apache.
I have the apache 1.3.27 and mod_ssl 2.8.12 packages installed, so it's not missing the module. I try enabling the module manually through webmin, but when I check mod_ssl, it does not "take".
I'm sure I'm missing something simple (like I probably am for compiling the kernel), but being a SuSE newbie, I'm not sure what it is...
There are some settings to enable https in /etc/sysconfig/apache and /etc/sysconfig/network/config needs to have a entry for FQHOSTNAME Then you should be able to "rcapache restart" and see mod_ssl listed as it starts. If you are doing it remotely, remember you need to have no password on the server certificate, or else it will ask you to enter the password at each start. Maybe webmin isn't dealing with that? In any event the logs in /var/log/http should tell you why it didn't start. -- use Perl; #powerful programmable prestidigitation
On Wed, May 21, 2003 at 04:57:48PM -0400, zentara wrote:
There are some settings to enable https in /etc/sysconfig/apache
Set these two entries to "yes"...
and /etc/sysconfig/network/config needs to have a entry for FQHOSTNAME
There wasn't one there, so I added it.
Then you should be able to "rcapache restart" and see mod_ssl listed as it starts.
I did this, but there was no listing of modules. Just a successful restart. However, webmin still doesn't allow me to configure mod_ssl and the virtual server on 443 doesn't appear. The stuff protected by ifdef DUMMYSSL is still not included.
If you are doing it remotely, remember you need to have no password on the server certificate, or else it will ask you to enter the password at each start. Maybe webmin isn't dealing with that?
In any event the logs in /var/log/http should tell you why it didn't start.
It did start, just no mod_ssl... I'm going to try this again in the morning...
On Wed, 21 May 2003 22:03:51 -0400
Michael George
Then you should be able to "rcapache restart" and see mod_ssl listed as it starts.
I did this, but there was no listing of modules. Just a successful restart.
You mean it started with ssl ?? The ssl_logs say started successfully? This is what my log shows when starting: [info] Server: Apache/1.3.26, Interface: mod_ssl/2.8.10, Library: OpenSSL/0.9.6g [info] Init: 1st startup round (still not detached) [info] Init: Initializing OpenSSL library [info] Init: Loading certificate & private key of SSL-aware server zentara.zentara.net:443 [info] Init: Seeding PRNG with 136 bytes of entropy [info] Init: Generating temporary RSA private keys (512/1024 bits) [info] Init: Configuring temporary DH parameters (512/1024 bits) [info] Init: 2nd startup round (already detached) [info] Init: Reinitializing OpenSSL library [info] Init: Seeding PRNG with 136 bytes of entropy [info] Init: Configuring temporary RSA private keys (512/1024 bits) [info] Init: Configuring temporary DH parameters (512/1024 bits) [info] Init: Initializing (virtual) servers for SSL [info] Init: Configuring server zentara.zentara.net:443 for SSL protocol [warn] Init: (zentara.zentara.net:443) RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
In any event the logs in /var/log/http should tell you why it didn't start.
It did start, just no mod_ssl...
What does your /etc/httpd *.conf files say? Especially : suse_loadmodule.conf suse_text.conf (this one lists the modules when apache starts)
I'm going to try this again in the morning...
Yeah, it can be easier after a night's sleep. I would get it running first, and worry later about why webmin isn't working. -- use Perl; #powerful programmable prestidigitation
On Wed, May 21, 2003 at 10:03:51PM -0400, Michael George wrote:
There are some settings to enable https in /etc/sysconfig/apache
Set these two entries to "yes"...
You did run SuSEconfig afterwards (or SuSEconfig --module apache)?
and /etc/sysconfig/network/config needs to have a entry for FQHOSTNAME
There wasn't one there, so I added it.
Not necessary, it is only a comment that is wrong. Sorry, it will be fixed only for 8.3...
Then you should be able to "rcapache restart" and see mod_ssl listed as it starts.
I did this, but there was no listing of modules. Just a successful restart. However, webmin still doesn't allow me to configure mod_ssl and the virtual server on 443 doesn't appear. The stuff protected by ifdef DUMMYSSL is still not included.
--> SuSEconfig Peter
participants (3)
-
Michael George
-
poeml@cmdline.net
-
zentara