httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel R. Blair" <joeca...@realcoders.org>
Subject Re: [users@httpd] Problems with SSL All of a Sudden
Date Mon, 26 May 2003 17:48:15 GMT
On Sun, 25 May 2003, Paul Simon wrote:

> > > I believe the list has exhausted all avenues for
> > resolution, therefore
> > > (if I were in your shoes) I suggest you contact a
> > third party SSL
> > > consultant who can troubleshoot and rebuild the
> > SSL portion as
> > > appropriate.
> > >
> > > I mean, if this is a business issue, then it would
> > dictate that a
> > > proper business resolution be followed at this
> > late date.
> >
> > I agree, it's got to be fixed.. and I have no clue
> > given what everyone has
> > tried to do to help what in the hell to do to fix
> > it...
>
> I would have rebuilt this server by now. Or tried
> moving a mirror into the production space.
>
> That said, I would DEFINITELY jump through every hoop
> to get a localhost SSL request served. Danny, I don't
> think you have determined whether or not you can do
> that. Have you? It seems you should be able to do that
> since there is a socket listening on 443. If you can
> do that, then the server is working properly.

Well, we don't have lynx or links installed on the box, but I am about to
compile and install lynx and see if that works at all at establishing a
localhost/SSL connection.. is there anything else that you could recommend
that would allow me to establish an SSL connection?

I did telnet to port 443 of localhost, type in "GET index.jsp" and have it
Apache spit out an HTML formatted response claiming that the client was
not communicating in SSL mode and that operations couldn't continue, then
the telnet session was dropped... , just FYI..

> Also, you say that this suddenly happened. In my
> experience this has always (almost always :-) been
> some kind of network issue, despite what your ISP
> says, a changed router/switch config etc... The
> apache/SSL server is a very stable piece of software.
> For it suddenly to stop working wouldn't immediately
> make me think that the software is at fault.

My thoughts exactly.. if something just randomly started happening, I
would imagine that it would not be our software.. I even recovered an
older backup of the config files (which I had just added a new virtual
host to the current config files before this started happening (without
SSL)) and brought the server down, and backup with apachectl startssl
(using backup conf files) and the problem did not go away. so, it was not
the configuration file minor change..  We checked with the Co-Lo facility
and they assured us that port 443 was open, etc.  But, I don't know what
else to make them tell us to assure that it's not their problem.. As far
as I know (my boss spoke with them) they haven't changed anything...

> I hope you get it working soon and share your
> solution!

Paul,
	Oh I will definitely post my solution if I can find one.. I'm
about to resort to re-compiling a newer version of apache (like 2.0.44/45)
and see if that solves anything, but, My boss hates to mess with anything
that "was working fine", he thinks it was something that I did to cause
this, and to tell you the truth, even if I was malicious enough to want to
inflict this kind of trouble, I wouldn't know how.. so.. I can honestly
say it wasn't something I did.. the only thing I did from time of known
working to time of not working was a re-make of sendmail's
/etc/mail/access.db file and a mysqldump --all-databases of the mysql
server for a backup.. and the addition of VirtualHost definition in the
apache configuration file for a new project we were working on for
reporting database statistics.. then I took the server down (apachectl
stop) and brought it back up (apachectl startssl) and that was it..
virtual host reposnded and worked fine.. and then the next day I get a
call telling me that the SSL wasn't working..

	According to my Boss, it was the Verisign credit card transactions
that were not working when he called me.. then, when I rebooted the
machine on his request to see if it would fix it, all https:// urls
stopped working (he claims that the https://www.juke.biz/content/index.jsp
was accessible before the reboot... now.. I didn't verify this myself,
but, I have to take his word on it.. so.. I honestly am in the dark here,
and I recently (less than a month ago) took over administration of this
box and am just getting familar with the non-standard layout of the
environment.. plus, I am a FreeBSD veteran, not a Linux user, and this is
a Non-standard lay'ed out Redhat install.. so.. That makes everything even
more difficult for me..

Thank you Paul for all of your help.. I really appreciate it and your
valuable time.. I will post the fix if I can fix it AS SOON AS I DO FIX
IT, I promise =]  I wouldn't put this on my worst enemy...


Danny

                           = Daniel Blair =
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- dblair@realcoders.org -                   [http://www.realcoders.org]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message