Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 42788 invoked by uid 500); 27 Sep 2002 03:43:59 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 42763 invoked from network); 27 Sep 2002 03:43:59 -0000 Received: from shawidc-mo1.cg.shawcable.net (HELO pd4mo2so.prod.shaw.ca) (24.71.223.10) by daedalus.apache.org with SMTP; 27 Sep 2002 03:43:59 -0000 Received: from pd2mr4so.prod.shaw.ca (pd2mr4so-ser.prod.shaw.ca [10.0.141.107]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H3200LDUVPLVE@l-daemon> for users@httpd.apache.org; Thu, 26 Sep 2002 21:44:09 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca (pn2ml7so-qfe0.prod.shaw.ca [10.0.121.151]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H3200F78VPLIX@l-daemon> for users@httpd.apache.org; Thu, 26 Sep 2002 21:44:09 -0600 (MDT) Received: from shaw.ca (h24-78-72-182.vc.shawcable.net [24.78.72.182]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H3200IQPVPJ8A@l-daemon> for users@httpd.apache.org; Thu, 26 Sep 2002 21:44:09 -0600 (MDT) Date: Thu, 26 Sep 2002 20:45:09 -0700 From: "J. Greenlees" To: users@httpd.apache.org Message-id: <3D93D445.7020308@shaw.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii; format=flowed Content-transfer-encoding: 7BIT X-Accept-Language: en-us User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:0.9.8) Gecko/20020204 References: <003a01c265d5$0ea6ff60$0b00a8c0@raibledesigns.com> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux okay then, the only thing left, did you enable ssl when compiling? it is an extention module that specifically needs to be compiled in. Matt Raible wrote: >There is not a mod_ssl.so in my modules directory - my original question >was do I need this file - or does eliminate the >need for it? If it does - I must me missing mod_ssl.c?? > >Here are all the LoadModule directives currently in my httpd.conf > >LoadModule access_module modules/mod_access.so >LoadModule auth_module modules/mod_auth.so >LoadModule auth_anon_module modules/mod_auth_anon.so >LoadModule auth_dbm_module modules/mod_auth_dbm.so >LoadModule auth_digest_module modules/mod_auth_digest.so >LoadModule include_module modules/mod_include.so >LoadModule log_config_module modules/mod_log_config.so >LoadModule env_module modules/mod_env.so >LoadModule expires_module modules/mod_expires.so >LoadModule headers_module modules/mod_headers.so >LoadModule setenvif_module modules/mod_setenvif.so >LoadModule mime_module modules/mod_mime.so >LoadModule dav_module modules/mod_dav.so >LoadModule status_module modules/mod_status.so >LoadModule autoindex_module modules/mod_autoindex.so >LoadModule asis_module modules/mod_asis.so >LoadModule info_module modules/mod_info.so >LoadModule cgi_module modules/mod_cgi.so >LoadModule dav_fs_module modules/mod_dav_fs.so >LoadModule vhost_alias_module modules/mod_vhost_alias.so >LoadModule negotiation_module modules/mod_negotiation.so >LoadModule dir_module modules/mod_dir.so >LoadModule imap_module modules/mod_imap.so >LoadModule actions_module modules/mod_actions.so >LoadModule speling_module modules/mod_speling.so >LoadModule userdir_module modules/mod_userdir.so >LoadModule alias_module modules/mod_alias.so >LoadModule rewrite_module modules/mod_rewrite.so > >>-----Original Message----- >>From: J. Greenlees [mailto:jaqui@shaw.ca] >>Sent: Thursday, September 26, 2002 9:12 PM >>To: users@httpd.apache.org >>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux >> >> >>oh, and is there a loadmodule mod_ssl.so /.c in that section >>of the conf? >>|| >>[top] >> >> >> LoadModule Directive >> >>Description: >>>ription> >>Links in the object file or library, and adds to the list of >>active modules >>Syntax: >> >>LoadModule /module filename/ >>Context: >> >>server config >>Status: >>>us> Extension >>Module: >>>le> mod_so >> >>The LoadModule directive links in the object file or library >>/filename/ >>and adds the module structure named /module/ to the list of active >>modules. /Module/ is the name of the external variable of >>type |module| >>in the file, and is listed as the Module Identifier >>>dentifier> >>in the module documentation. Example: >> >>| LoadModule status_module modules/mod_status.so | >> >>loads the named module from the modules subdirectory of the >>ServerRoot. >> >> >> >> >>J. Greenlees wrote: >> >>>just checking the docs for apache 2 mod_ssl, did you tell the server >>>where the server key is? >>> >>>http://httpd.apache.org/docs-2.0/mod/mod_ssl.html >>> >>> >>> >>> >>>Matt Raible wrote: >>> >>>>I added a certificate with the commands below and started >>>> >>my server >> >>>>with "/usr/local/apachectl -D SSL -k start" but it still >>>> >>appears as >> >>>>if this >>>>directive: >>>> >>>> >>>> Include conf/ssl.conf >>>> >>>> >>>>is not working :( >>>> >>>>[root@drevil ssl]# openssl req -new -out my-server.csr >>>>Using configuration from /usr/share/ssl/openssl.cnf >>>> >>Generating a 1024 >> >>>>bit RSA private key ................++++++ >>>>..................++++++ >>>>writing new private key to 'privkey.pem' >>>>Enter PEM pass phrase: >>>>Verifying password - Enter PEM pass phrase: >>>>----- >>>>You are about to be asked to enter information that will >>>> >>be incorporated >> >>>>into your certificate request. >>>>What you are about to enter is what is called a >>>> >>Distinguished Name or a >> >>>>DN. >>>>There are quite a few fields but you can leave some blank >>>>For some fields there will be a default value, >>>>If you enter '.', the field will be left blank. >>>>----- >>>>Country Name (2 letter code) [GB]:US >>>>State or Province Name (full name) [Berkshire]: >>>>Locality Name (eg, city) [Newbury]: >>>>Organization Name (eg, company) [My Company Ltd]: >>>>Organizational Unit Name (eg, section) []: >>>>Common Name (eg, your name or your server's hostname) []:drevil >>>>Email Address []: >>>> >>>>Please enter the following 'extra' attributes >>>>to be sent with your certificate request >>>>A challenge password []: >>>>An optional company name []: >>>>[root@drevil ssl]# openssl rsa -in privkey.pem -out my-server.key >>>>read RSA key Enter PEM pass phrase: >>>>writing RSA key >>>>[root@drevil ssl]# openssl x509 -in my-server.csr -out >>>> >>my-server.cert >> >>>>-req -signkey my-server.key -days 365 >>>>Signature ok >>>>subject=/C=US/ST=Berkshire/L=Newbury/O=My Company Ltd/CN=drevil >>>>Getting Private key >>>>[root@drevil ssl]# openssl x509 -in my-server.cert -out >>>>my-server.der.crt -outform DER >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: J. Greenlees [mailto:jaqui@shaw.ca] Sent: Thursday, >>>>> >>September >> >>>>>26, 2002 8:19 PM >>>>>To: users@httpd.apache.org >>>>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux >>>>> >>>>> >>>>>hmmm, when starting the server do you get an error message at all? >>>>>do you have a certificate ( even unsigned ) for the secure server? >>>>> >>>>>I have problems getting Rh to install on my system so using >>>>>mandrake, don't have this problem on my systems. ( at >>>>> >>least when I >> >>>>>start secure server and have certificate ) >>>>> >>>>>trying to remember the command but there is an apache command that >>>>>will list loaded modules...ccheck the docs on mod_ssl it may help >>>>>diagnose exactly where the problem is. >>>>> >>>>>Matt Raible wrote: >>>>> >>>>>>So you're saying that mod_ssl.* (I'm guessing it'c >>>>>> >>>>>mod_ssl.c) is loaded >>>>> >>>>>>by default with the IfModule code below? Is their >>>>>> >>anyway to ensure >> >>>>>>this? >>>>>> >>>>>>In ssl.conf, I have the following line under >>>>>_default_:443> >>>>>> >>>>>>ErrorLog logs/ssl.log >>>>>> >>>>>>But this does not get generated - I'm starting apache with >>>>>>/usr/local/apache2/bin/apachectl startssl >>>>>> >>>>>>Here's what I get when I try to test it with openssl: >>>>>> >>>>>># openssl s_client -connect localhost:443 >>>>>>connect: Connection refused >>>>>>connect:errno=29 >>>>>># >>>>>> >>>>>>Thanks, >>>>>> >>>>>>Matt >>>>>> >>>>>>>-----Original Message----- >>>>>>>From: J. Greenlees [mailto:jaqui@shaw.ca] >>>>>>>Sent: Thursday, September 26, 2002 7:19 PM >>>>>>>To: users@httpd.apache.org >>>>>>>Subject: Re: [users@httpd] Apache 2.0.40, SSL and Linux >>>>>>> >>>>>>> >>>>>>>Matt Raible wrote: >>>>>>> >>>>>>>>Platform: Red Hat 7.3 >>>>>>>> >>>>>>>>I'm trying to setup SSL for Apache on Linux and I can't seem >>>>>>>> >>>>>>>to get it >>>>>>> >>>>>>>>working properly. The following line in httpd.conf >>>>>>>> >>gives me the >> >>>>>>>>impression that the mod_ssl is already installed: >>>>>>>> >>>>>>>> >>>>>>>> Include conf/ssl.conf >>>>>>>> >>>>>>>> >>>>>>>>Do I have to add LoadModule ...?? If so, how do I get/create >>>>>>>>mod_ssl.so? >>>>>>>> >>>>>>>>Thanks, >>>>>>>> >>>>>>>>Matt >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>----------------------------------------------------------- >>>>>>>> >>>>>---------- >>>>> >>>>>>>>The official User-To-User support forum of the Apache >>>>>>>> >>HTTP Server >> >>>>>>>>Project. See for >>>>>>>>more info. To unsubscribe, e-mail: >>>>>>>>users-unsubscribe@httpd.apache.org >>>>>>>>" from the digest: users-digest-unsubscribe@httpd.apache.org >>>>>>>>For additional commands, e-mail: users-help@httpd.apache.org >>>>>>>> >>>>>>>> >>>>>>>Matt, >>>>>>>usually with linux disro's you don't have to alter the conf for >>>>>>>enabling cgi or ssl, or even php. >>>>>>> >>>>>>>you do have to make / get a certificate for the ssl though. >>>>>>> >>>>>>> >>>>>>> >>>>>>>------------------------------------------------------------ >>>>>>> >>>>>--------- >>>>> >>>>>>>The official User-To-User support forum of the Apache >>>>>>> >>HTTP Server >> >>>>>>>Project. See >>>>>>>for more info. To unsubscribe, e-mail: >>>>>>>users-unsubscribe@httpd.apache.org >>>>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org >>>>>>>For additional commands, e-mail: users-help@httpd.apache.org >>>>>>> >>>>>> >>>>>> >>------------------------------------------------------------------- >> >>>>>>-- >>>>>>The official User-To-User support forum of the Apache >>>>>> >>HTTP Server >> >>>>>>Project. See >>>>>> >> for more >> >>>>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >>>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org >>>>>>For additional commands, e-mail: users-help@httpd.apache.org >>>>>> >>>>>> >>>>> >>>>> >>>>> >>-------------------------------------------------------------------- >> >>>>>- >>>>>The official User-To-User support forum of the Apache HTTP Server >>>>>Project. See >>>>> >>for more >> >>>>>info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org >>>>>For additional commands, e-mail: users-help@httpd.apache.org >>>>> >>>> >>>> >>>> >>--------------------------------------------------------------------- >> >>>>The official User-To-User support forum of the Apache HTTP Server >>>>Project. >>>>See for more info. >>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >>>> " from the digest: users-digest-unsubscribe@httpd.apache.org >>>>For additional commands, e-mail: users-help@httpd.apache.org >>>> >>>> >>> >>> >>> >>> >>--------------------------------------------------------------------- >> >>>The official User-To-User support forum of the Apache HTTP Server >>>Project. >>>See for more info. >>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >>> " from the digest: users-digest-unsubscribe@httpd.apache.org >>>For additional commands, e-mail: users-help@httpd.apache.org >>> >>> >> >> > > > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP Server Project. >See for more info. >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org >For additional commands, e-mail: users-help@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org