httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Sheffer <jimshef...@blueworld.com>
Subject RE: [users@httpd] Apache 1.3.x mod_ssl- how to test?
Date Fri, 31 Jan 2003 21:47:03 GMT
OK- here is what i have now.  I created a local test cert, added the 
following code to my httpd.conf file:

LoadModule ssl_module         libexec/httpd/libssl.so
AddModule mod_ssl.c

At the end of my httpd file:

<IfModule mod_ssl.c>
   Listen 192.147.175.21:443
	SSLCertificateFile /etc/httpd/ssl2/cert.pem
	SSLCertificateKeyFile /etc/httpd/ssl2/privkey.pem

    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
        
    <VirtualHost _default_:443>
        SSLEngine on
DocumentRoot /Library/WebServer/Documents/integrated
ServerName secure.integrated.net
CustomLog /Library/WebServer/Documents/integrated/logs/access_log common
    </VirtualHost>

</IfModule> 

I cannot access the httpd sites.
I CAN access the site https://secure.integrated.net

I get a browser error about the cert, which is expected. I hit ok and 
get to the site.
If I go again to the site, I get the following browser error:
Security failure. Data decryption error

My error log says the following:

[Fri Jan 31 13:38:01 2003] [notice] Apache/1.3.26 (Darwin) 
mod_ssl/2.8.10 OpenSSL/0.9.6b configured -- resuming normal operations
[Fri Jan 31 13:38:01 2003] [notice] Accept mutex: flock (Default: flock)
[Fri Jan 31 13:38:58 2003] [error] mod_ssl: SSL handshake interrupted 
by system [Hint: Stop button pressed in browser?!] (System error 
follows)
[Fri Jan 31 13:38:58 2003] [error] System: Connection reset by peer 
(errno: 54)


ANY ideas what may be going on?

Thanks all!
Jim

----------------
On Fri, 31 Jan 2003 10:58:28 +0100, Boyle Owen wrote:
>> -----Original Message-----
>> From: Jim Sheffer [mailto:jimsheffer@blueworld.com]
>> 
>> I'm trying to get mod_ssl to work, but to no avail.
>> I have a valid cert and everyhting seems to be set up correctly, but 
>> when I add the following and restart, Apache won't start.  It says it 
>> is starting, but none of the websites are accessable.
>> 
>> I have the following in my httpd.conf file:
>> 
>> LoadModule ssl_module         libexec/httpd/libssl.so
>> AddModule mod_ssl.c
>> 
>> <VirtualHost 192.147.175.21>
> 
> Do you have a "Listen 443" directive somewhere? I usually prefer to be
> extremely explicit, e.g.
> 
> Listen 192.147.175.21:443
> <VirtualHost 192.147.175.21:443>
> ...etc.
> 
> Check the error log after the restart to see if there was a start-up
> error. Also, use "ps -ef | grep httpd" to check if apache is really
> running (not accessing sites does not necessarily mean apache is not
> running).
> 
> Rgds,
> 
> Owen Boyle
> 
>> DocumentRoot /Library/WebServer/Documents/integrated
>> ServerName secure. integrated.net
>> CustomLog 
>> /Library/WebServer/Documents/integrated/logs/access_log common
>> SSLEngine on
>> SSLCACertificateFile /etc/httpd/ca.txt
>> SSLCertificateFile /etc/httpd/cert/secure_ integrated_net.crt
>> SSLCertificateKeyFile /etc/httpd/cert/integratedkey.key
>> </VirtualHost>
>> 
>> Thanks!
>> Jim
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP 
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>> 
> 
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company. 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message