httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: [users@httpd] Apache 2.0.40, SSL and Linux
Date Fri, 27 Sep 2002 03:45:09 GMT
okay then, the only thing left, did you enable ssl when compiling?
it is an extention module that specifically needs to be compiled in.


Matt Raible wrote:

>There is not a mod_ssl.so in my modules directory - my original question
>was do I need this file - or does <IfModule mod_ssl.c> eliminate the
>need for it?  If it does - I must me missing mod_ssl.c??
>
>Here are all the LoadModule directives currently in my httpd.conf
>
>LoadModule access_module modules/mod_access.so
>LoadModule auth_module modules/mod_auth.so
>LoadModule auth_anon_module modules/mod_auth_anon.so
>LoadModule auth_dbm_module modules/mod_auth_dbm.so
>LoadModule auth_digest_module modules/mod_auth_digest.so
>LoadModule include_module modules/mod_include.so
>LoadModule log_config_module modules/mod_log_config.so
>LoadModule env_module modules/mod_env.so
>LoadModule expires_module modules/mod_expires.so
>LoadModule headers_module modules/mod_headers.so
>LoadModule setenvif_module modules/mod_setenvif.so
>LoadModule mime_module modules/mod_mime.so
>LoadModule dav_module modules/mod_dav.so
>LoadModule status_module modules/mod_status.so
>LoadModule autoindex_module modules/mod_autoindex.so
>LoadModule asis_module modules/mod_asis.so
>LoadModule info_module modules/mod_info.so
>LoadModule cgi_module modules/mod_cgi.so
>LoadModule dav_fs_module modules/mod_dav_fs.so
>LoadModule vhost_alias_module modules/mod_vhost_alias.so
>LoadModule negotiation_module modules/mod_negotiation.so
>LoadModule dir_module modules/mod_dir.so
>LoadModule imap_module modules/mod_imap.so
>LoadModule actions_module modules/mod_actions.so
>LoadModule speling_module modules/mod_speling.so
>LoadModule userdir_module modules/mod_userdir.so
>LoadModule alias_module modules/mod_alias.so
>LoadModule rewrite_module modules/mod_rewrite.so
>
>>-----Original Message-----
>>From: J. Greenlees [mailto:jaqui@shaw.ca] 
>>Sent: Thursday, September 26, 2002 9:12 PM
>>To: users@httpd.apache.org
>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
>>
>>
>>oh, and is there a loadmodule mod_ssl.so /.c in that section 
>>of the conf?
>>||
>>[top] <http://httpd.apache.org/docs-2.0/mod/mod_so.html#page-header>
>>
>>
>>    LoadModule Directive
>>
>>Description: 
>><http://httpd.apache.org/docs-2.0/mod/directive-dict.html#Desc
>>ription> 
>>Links in the object file or library, and adds to the list of 
>>active modules
>>Syntax: 
>><http://httpd.apache.org/docs-2.0/mod/directive-dict.html#Syntax> 
>>LoadModule /module filename/
>>Context: 
>><http://httpd.apache.org/docs-2.0/mod/directive-dict.html#Context> 
>>server config
>>Status: 
>><http://httpd.apache.org/docs-2.0/mod/directive-dict.html#Stat
>>us> Extension
>>Module: 
>><http://httpd.apache.org/docs-2.0/mod/directive-dict.html#Modu
>>le> mod_so
>>
>>The LoadModule directive links in the object file or library 
>>/filename/ 
>>and adds the module structure named /module/ to the list of active 
>>modules. /Module/ is the name of the external variable of 
>>type |module| 
>>in the file, and is listed as the Module Identifier 
>><http://httpd.apache.org/docs-2.0/mod/module-dict.html#ModuleI
>>dentifier> 
>>in the module documentation. Example:
>>
>>| LoadModule status_module modules/mod_status.so |
>>
>>loads the named module from the modules subdirectory of the 
>>ServerRoot.
>>
>>
>>
>>
>>J. Greenlees wrote:
>>
>>>just checking the docs for apache 2 mod_ssl, did you tell the server
>>>where the server key is?
>>>
>>>http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
>>>
>>>
>>>
>>>
>>>Matt Raible wrote:
>>>
>>>>I added a certificate with the commands below and started 
>>>>
>>my server 
>>
>>>>with "/usr/local/apachectl -D SSL -k start" but it still 
>>>>
>>appears as 
>>
>>>>if this
>>>>directive:
>>>>
>>>><IfModule mod_ssl.c>
>>>>   Include conf/ssl.conf
>>>></IfModule>
>>>>
>>>>is not working :(
>>>>
>>>>[root@drevil ssl]# openssl req -new -out my-server.csr
>>>>Using configuration from /usr/share/ssl/openssl.cnf 
>>>>
>>Generating a 1024 
>>
>>>>bit RSA private key ................++++++
>>>>..................++++++
>>>>writing new private key to 'privkey.pem'
>>>>Enter PEM pass phrase:
>>>>Verifying password - Enter PEM pass phrase:
>>>>-----
>>>>You are about to be asked to enter information that will 
>>>>
>>be incorporated
>>
>>>>into your certificate request.
>>>>What you are about to enter is what is called a 
>>>>
>>Distinguished Name or a
>>
>>>>DN.
>>>>There are quite a few fields but you can leave some blank
>>>>For some fields there will be a default value,
>>>>If you enter '.', the field will be left blank.
>>>>-----
>>>>Country Name (2 letter code) [GB]:US
>>>>State or Province Name (full name) [Berkshire]:
>>>>Locality Name (eg, city) [Newbury]:
>>>>Organization Name (eg, company) [My Company Ltd]:
>>>>Organizational Unit Name (eg, section) []:
>>>>Common Name (eg, your name or your server's hostname) []:drevil
>>>>Email Address []:
>>>>
>>>>Please enter the following 'extra' attributes
>>>>to be sent with your certificate request
>>>>A challenge password []:
>>>>An optional company name []:
>>>>[root@drevil ssl]# openssl rsa -in privkey.pem -out my-server.key 
>>>>read RSA key Enter PEM pass phrase:
>>>>writing RSA key
>>>>[root@drevil ssl]# openssl x509 -in my-server.csr -out 
>>>>
>>my-server.cert
>>
>>>>-req -signkey my-server.key -days 365
>>>>Signature ok
>>>>subject=/C=US/ST=Berkshire/L=Newbury/O=My Company Ltd/CN=drevil
>>>>Getting Private key
>>>>[root@drevil ssl]# openssl x509 -in my-server.cert -out
>>>>my-server.der.crt -outform DER
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>From: J. Greenlees [mailto:jaqui@shaw.ca] Sent: Thursday, 
>>>>>
>>September
>>
>>>>>26, 2002 8:19 PM
>>>>>To: users@httpd.apache.org
>>>>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
>>>>>
>>>>>
>>>>>hmmm, when starting the server do you get an error message at all?
>>>>>do you have a certificate ( even unsigned ) for the secure server?
>>>>>
>>>>>I have problems getting Rh to install on my system so using
>>>>>mandrake, don't have this problem on my systems. ( at 
>>>>>
>>least when I 
>>
>>>>>start secure server and have certificate )
>>>>>
>>>>>trying to remember the command but there is an apache command that
>>>>>will list loaded modules...ccheck the docs on mod_ssl it may help 
>>>>>diagnose exactly where the problem is.
>>>>>
>>>>>Matt Raible wrote:
>>>>>
>>>>>>So you're saying that mod_ssl.* (I'm guessing it'c
>>>>>>
>>>>>mod_ssl.c) is loaded
>>>>>
>>>>>>by default with the IfModule code below?  Is their 
>>>>>>
>>anyway to ensure
>>
>>>>>>this?
>>>>>>
>>>>>>In ssl.conf, I have the following line under <VirtualHost
>>>>>>_default_:443>
>>>>>>
>>>>>>ErrorLog logs/ssl.log
>>>>>>
>>>>>>But this does not get generated - I'm starting apache with
>>>>>>/usr/local/apache2/bin/apachectl startssl
>>>>>>
>>>>>>Here's what I get when I try to test it with openssl:
>>>>>>
>>>>>># openssl s_client -connect localhost:443
>>>>>>connect: Connection refused
>>>>>>connect:errno=29
>>>>>>#
>>>>>>
>>>>>>Thanks,
>>>>>>
>>>>>>Matt
>>>>>>
>>>>>>>-----Original Message-----
>>>>>>>From: J. Greenlees [mailto:jaqui@shaw.ca]
>>>>>>>Sent: Thursday, September 26, 2002 7:19 PM
>>>>>>>To: users@httpd.apache.org
>>>>>>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux
>>>>>>>
>>>>>>>
>>>>>>>Matt Raible wrote:
>>>>>>>
>>>>>>>>Platform: Red Hat 7.3
>>>>>>>>
>>>>>>>>I'm trying to setup SSL for Apache on Linux and I can't seem
>>>>>>>>
>>>>>>>to get it
>>>>>>>
>>>>>>>>working properly.  The following line in httpd.conf 
>>>>>>>>
>>gives me the 
>>
>>>>>>>>impression that the mod_ssl is already installed:
>>>>>>>>
>>>>>>>><IfModule mod_ssl.c>
>>>>>>>> Include conf/ssl.conf
>>>>>>>></IfModule>
>>>>>>>>
>>>>>>>>Do I have to add LoadModule ...??  If so, how do I get/create

>>>>>>>>mod_ssl.so?
>>>>>>>>
>>>>>>>>Thanks,
>>>>>>>>
>>>>>>>>Matt
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>-----------------------------------------------------------
>>>>>>>>
>>>>>----------
>>>>>
>>>>>>>>The official User-To-User support forum of the Apache 
>>>>>>>>
>>HTTP Server 
>>
>>>>>>>>Project. See <URL:http://httpd.apache.org/userslist.html>
for 
>>>>>>>>more info. To unsubscribe, e-mail: 
>>>>>>>>users-unsubscribe@httpd.apache.org
>>>>>>>>"   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>Matt,
>>>>>>>usually with linux disro's you don't have to alter the conf for

>>>>>>>enabling cgi or ssl, or even php.
>>>>>>>
>>>>>>>you do have to make / get a certificate for the ssl though.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>------------------------------------------------------------
>>>>>>>
>>>>>---------
>>>>>
>>>>>>>The official User-To-User support forum of the Apache 
>>>>>>>
>>HTTP Server 
>>
>>>>>>>Project. See <URL:http://httpd.apache.org/userslist.html>
>>>>>>>for more info. To unsubscribe, e-mail:
>>>>>>>users-unsubscribe@httpd.apache.org
>>>>>>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>>>>
>>>>>>
>>>>>>
>>-------------------------------------------------------------------
>>
>>>>>>--
>>>>>>The official User-To-User support forum of the Apache 
>>>>>>
>>HTTP Server 
>>
>>>>>>Project. See 
>>>>>>
>><URL:http://httpd.apache.org/userslist.html> for more 
>>
>>>>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>>> "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>--------------------------------------------------------------------
>>
>>>>>-
>>>>>The official User-To-User support forum of the Apache HTTP Server 
>>>>>Project. See <URL:http://httpd.apache.org/userslist.html> 
>>>>>
>>for more 
>>
>>>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>
>>>>
>>>>
>>---------------------------------------------------------------------
>>
>>>>The official User-To-User support forum of the Apache HTTP Server
>>>>Project.
>>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>
>>>The official User-To-User support forum of the Apache HTTP Server
>>>Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message