httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Coby" <jc...@listingbook.com>
Subject Re: [users@httpd] HTTPS?
Date Tue, 19 Nov 2002 21:40:30 GMT
> > ping has nothing to do with ssl.  Only whether or not the TCP stack is
> alive
> > and the computer can be reached.
>
> But does not the fact that I am pinging securesite (as opposed to one of
the
> other domains on .13) and getting a response from the correct IP indicate
> something good?

No, not really.  Pinging the .18 ip and getting a response only means that
the .18 interface is up and running.  You still have to have something
waiting for a connection.  In this case, you want apache to listen on port
443 for ssl connections.  That's where netstat -an | grep LISTEN comes into
play.  You can also portscan (i use nmap from insecure.org) your server from
another to see what ports are open to connections.

I guess you could think of IP addresses and ports as an office building (the
IP address) and offices (the port).  The mail you send to office 80 goes to
a totally different person than to office 443, even though they are at the
same building.

ping would be analagous to having someone drive by and make sure that the
building exists and then drops off a piece of mail to send back to you.  If
you get the mail back, the building exists, is ready for more mail, and you
can now send packages to specific offices (and they can send packages back
to you).

netstat -an | grep 443 would be walking over to office 443 and making sure
that there is someone there waiting for packages.

> > Sounds like you have some VirtualHost problems if you are getting the
.13
> > site on .18.
>
> If it helps, I'll post the relevant parts of the VHosts.conf file...  I
> honestly don't see anything squirrely, but I'd be happy for more
experienced
> eyes to show me the light!
>
> > usage: /usr/local/apache/bin/apachectl
> > (start|stop|restart|fullstatus|status|graceful|configtest|help)
>
> Here is where it ends.  I don't get the other lines.

Doesn't look like you need the startssl option as mod_ssl and SSL configs
are always getting loaded.  All the startssl option does is pass -DSSL so
that the <IfDefine SSL> tags are parsed.

> > netstat -an | grep 443;  Do you see anything?  Until you do, apache
isn't
> > listening on port 443, the SSL port.
>
> nothing...  Until I uncommented Listen 443 from the mod_ssl.conf file...
> Then I got exactly as typed below, and https://securesite brings up the
> default page for http://freesites, after first complaining that the cert
was
> for the wrong domain.

Ok, good, you now have ssl working, its down to VHost config problems.  The
cert warning is from not having a valid cert for the securesite domain.

> In nosing through all the FAQs I can find, as well as the chapter on SSL
in
> Linux System Administration (from Craig Hunt Library), I think I have the
> directives in there as I am supposed to, but, again, I will be happy to
post
> them if that will help...

If you can't figure out why you're getting the results that you are, go
ahead and post the problem along with the relevant configurations and any
errors/warning you get when starting apache.  I'm not the best with
VirtualHosts, but several on this list will be able to help you.  There was
a really good thread explaining them last week or the week before, you might
want to check out the archives.

> Just in case I haven't said it yet, THANKS!!

No problem :-)

-Jacob


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message