Mailinglist Archive: opensuse (4237 mails)
| < Previous | Next > |
Apache2 SSL problem
- From: "Niclas Arndt" <niclas_arndt@xxxxxxxxxxx>
- Date: Sun, 15 Aug 2004 15:33:07 +0200
- Message-id: <BAY1-F25M08l4u8blil00059d6f@xxxxxxxxxxx>
Hi
I have a problem getting Apache 2.0.49 on SuSE 9.1 to work with SSL. It works with http, but for some reason https won't work.
I have another server running Apache 1.3 on SuSE 8.2 and it works very well. The certificates are created the same way and my 9.1 config files are based on the ones from 8.2. There has been a change between /etc/sysconfig/Apache and /etc/sysconfig/Apache2, however.
/usr/sbin/httpd2 -S returns "VirtualHost configuration: syntax OK"
openssl s_client -connect localhost:443 -state -debug returns "connect: Connection refused" and "errorno=29"
As far as I understand, all config files are included by /etc/Apache2/httpd.conf.
The necessary ports are open in the firewall.
What I need is serving of http and https on the same IP number and same FQDN.
I am greatful for any help. Thanks in advance.
Cheers
/Niclas
Below are the sections in the various config files I believe to be of importance:
Listen my.ip.address.here:80
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen my.ip.address.here:443
</IfModule>
</IfDefine>
</IfDefine>
-----
<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost my.ip.address.here:443>
DocumentRoot "/srv/squirrelmail"
ServerName a.y.zz
ServerAdmin x@xxxx
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>
-----
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache
SSLSessionCacheTimeout 600
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
</IfDefine>
</IfDefine>
-----
APACHE_HTTPD_CONF="" # This defaults to /etc/apache2/httpd.conf
APACHE_MPM=""
APACHE_SERVERADMIN="x@xxxx"
APACHE_SERVERNAME=""
APACHE_CONF_INCLUDE_FILES=""
#APACHE_CONF_INCLUDE_DIRS="/etc/apache2/vhosts.d/*.conf" # This is already included in httpd.conf
APACHE_CONF_INCLUDE_DIRS=""
APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php4"
APACHE_SERVER_FLAGS="-D SSL"
APACHE_START_TIMEOUT="2"
APACHE_SERVERSIGNATURE="on"
APACHE_LOGLEVEL="warn"
APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"
APACHE_USE_CANONICAL_NAME="on"
APACHE_SERVERTOKENS="OS"
APACHE_EXTENDED_STATUS="off"
APACHE_BUFFERED_LOGS="off"
APACHE_TIMEOUT="300"
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
I have a problem getting Apache 2.0.49 on SuSE 9.1 to work with SSL. It works with http, but for some reason https won't work.
I have another server running Apache 1.3 on SuSE 8.2 and it works very well. The certificates are created the same way and my 9.1 config files are based on the ones from 8.2. There has been a change between /etc/sysconfig/Apache and /etc/sysconfig/Apache2, however.
/usr/sbin/httpd2 -S returns "VirtualHost configuration: syntax OK"
openssl s_client -connect localhost:443 -state -debug returns "connect: Connection refused" and "errorno=29"
As far as I understand, all config files are included by /etc/Apache2/httpd.conf.
The necessary ports are open in the firewall.
What I need is serving of http and https on the same IP number and same FQDN.
I am greatful for any help. Thanks in advance.
Cheers
/Niclas
Below are the sections in the various config files I believe to be of importance:
From /etc/apache2/listen.conf:
Listen my.ip.address.here:80
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen my.ip.address.here:443
</IfModule>
</IfDefine>
</IfDefine>
-----
From /etc/apache2/vhosts.d/MySSLServer.conf:
<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost my.ip.address.here:443>
DocumentRoot "/srv/squirrelmail"
ServerName a.y.zz
ServerAdmin x@xxxx
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>
-----
From /etc/apache2/ss-global.conf:
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache
SSLSessionCacheTimeout 600
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
</IfDefine>
</IfDefine>
-----
From /etc/sysconfig/apache2:
APACHE_HTTPD_CONF="" # This defaults to /etc/apache2/httpd.conf
APACHE_MPM=""
APACHE_SERVERADMIN="x@xxxx"
APACHE_SERVERNAME=""
APACHE_CONF_INCLUDE_FILES=""
#APACHE_CONF_INCLUDE_DIRS="/etc/apache2/vhosts.d/*.conf" # This is already included in httpd.conf
APACHE_CONF_INCLUDE_DIRS=""
APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php4"
APACHE_SERVER_FLAGS="-D SSL"
APACHE_START_TIMEOUT="2"
APACHE_SERVERSIGNATURE="on"
APACHE_LOGLEVEL="warn"
APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"
APACHE_USE_CANONICAL_NAME="on"
APACHE_SERVERTOKENS="OS"
APACHE_EXTENDED_STATUS="off"
APACHE_BUFFERED_LOGS="off"
APACHE_TIMEOUT="300"
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
| < Previous | Next > |