httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: [users@httpd] Apache 2.0.40, SSL and Linux
Date Fri, 27 Sep 2002 03:00:59 GMT
just checking the docs for apache 2 mod_ssl, did you tell the server 
where the server key is?

http://httpd.apache.org/docs-2.0/mod/mod_ssl.html




Matt Raible wrote:

>I added a certificate with the commands below and started my server with
>"/usr/local/apachectl -D SSL -k start" but it still appears as if this
>directive:
>
><IfModule mod_ssl.c>
>    Include conf/ssl.conf
></IfModule>
>
>is not working :(
>
>[root@drevil ssl]# openssl req -new -out my-server.csr
>Using configuration from /usr/share/ssl/openssl.cnf
>Generating a 1024 bit RSA private key
>................++++++
>..................++++++
>writing new private key to 'privkey.pem'
>Enter PEM pass phrase:
>Verifying password - Enter PEM pass phrase:
>-----
>You are about to be asked to enter information that will be incorporated
>into your certificate request.
>What you are about to enter is what is called a Distinguished Name or a
>DN.
>There are quite a few fields but you can leave some blank
>For some fields there will be a default value,
>If you enter '.', the field will be left blank.
>-----
>Country Name (2 letter code) [GB]:US
>State or Province Name (full name) [Berkshire]:
>Locality Name (eg, city) [Newbury]:
>Organization Name (eg, company) [My Company Ltd]:
>Organizational Unit Name (eg, section) []:
>Common Name (eg, your name or your server's hostname) []:drevil
>Email Address []:
>
>Please enter the following 'extra' attributes
>to be sent with your certificate request
>A challenge password []:
>An optional company name []:
>[root@drevil ssl]# openssl rsa -in privkey.pem -out my-server.key
>read RSA key
>Enter PEM pass phrase:
>writing RSA key
>[root@drevil ssl]# openssl x509 -in my-server.csr -out my-server.cert
>-req -signkey my-server.key -days 365
>Signature ok
>subject=/C=US/ST=Berkshire/L=Newbury/O=My Company Ltd/CN=drevil
>Getting Private key
>[root@drevil ssl]# openssl x509 -in my-server.cert -out
>my-server.der.crt -outform DER
>
>
>
>>-----Original Message-----
>>From: J. Greenlees [mailto:jaqui@shaw.ca] 
>>Sent: Thursday, September 26, 2002 8:19 PM
>>To: users@httpd.apache.org
>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
>>
>>
>>hmmm, when starting the server do you get an error message at 
>>all? do you have a certificate ( even unsigned ) for the 
>>secure server?
>>
>>I have problems getting Rh to install on my system so using mandrake, 
>>don't have this problem on my systems. ( at least when I start secure 
>>server and have certificate )
>>
>>trying to remember the command but there is an apache command 
>>that will 
>>list loaded modules...ccheck the docs on mod_ssl it may help diagnose 
>>exactly where the problem is.
>>
>>Matt Raible wrote:
>>
>>>So you're saying that mod_ssl.* (I'm guessing it'c 
>>>
>>mod_ssl.c) is loaded 
>>
>>>by default with the IfModule code below?  Is their anyway to ensure 
>>>this?
>>>
>>>In ssl.conf, I have the following line under <VirtualHost 
>>>_default_:443>
>>>
>>>ErrorLog logs/ssl.log
>>>
>>>But this does not get generated - I'm starting apache with 
>>>/usr/local/apache2/bin/apachectl startssl
>>>
>>>Here's what I get when I try to test it with openssl:
>>>
>>># openssl s_client -connect localhost:443
>>>connect: Connection refused
>>>connect:errno=29
>>>#
>>>
>>>Thanks,
>>>
>>>Matt
>>>
>>>>-----Original Message-----
>>>>From: J. Greenlees [mailto:jaqui@shaw.ca]
>>>>Sent: Thursday, September 26, 2002 7:19 PM
>>>>To: users@httpd.apache.org
>>>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
>>>>
>>>>
>>>>Matt Raible wrote:
>>>>
>>>>>Platform: Red Hat 7.3
>>>>>
>>>>>I'm trying to setup SSL for Apache on Linux and I can't seem
>>>>>
>>>>to get it
>>>>
>>>>>working properly.  The following line in httpd.conf gives me the
>>>>>impression that the mod_ssl is already installed:
>>>>>
>>>>><IfModule mod_ssl.c>
>>>>>  Include conf/ssl.conf
>>>>></IfModule>
>>>>>
>>>>>Do I have to add LoadModule ...??  If so, how do I get/create
>>>>>mod_ssl.so?
>>>>>
>>>>>Thanks,
>>>>>
>>>>>Matt
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>-----------------------------------------------------------
>>>>>
>>----------
>>
>>>>>The official User-To-User support forum of the Apache HTTP Server
>>>>>Project. See <URL:http://httpd.apache.org/userslist.html> for more

>>>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>>
>>>>Matt,
>>>>usually with linux disro's you don't have to alter the conf
>>>>for enabling 
>>>>cgi or ssl, or even php.
>>>>
>>>>you do have to make / get a certificate for the ssl though.
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------
>>>>
>>---------
>>
>>>>The official User-To-User support forum of the Apache HTTP
>>>>Server Project. See 
>>>><URL:http://httpd.apache.org/userslist.html> for more info. 
>>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server 
>>>Project. See <URL:http://httpd.apache.org/userslist.html> for more 
>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP 
>>Server Project. See 
>><URL:http://httpd.apache.org/userslist.html> for more info. 
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message