httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kövesdán Gábor <gabor.koves...@t-hosting.hu>
Subject [users@httpd] SSL in Apache 2.2.0
Date Thu, 02 Feb 2006 16:54:18 GMT
Hello,

I've upgraded to Apache 2.2.0 from 2.0.x. It didn't accept the old 
signatures I used with 2.0.x for https. I was told that this cert can't 
be a cacert anymore, thus I've generated a separate cert and a cacert to 
sign with. Now, I have these lines in the configuration for SSL:

#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/run/ssl_scache
#SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex

#NameVirtualHost 217.20.133.7:443

#SSLEngine optional

SSLCertificateFile /usr/local/etc/apache22/cert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/key.pem

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/apache/httpd-ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

If I set here (globally) SSLEngine optional or on, Apache didn't even 
start, and I get this in the error log:

[Thu Feb 02 17:35:06 2006] [info] mod_unique_id: using ip addr 217.20.133.7
[Thu Feb 02 17:35:07 2006] [info] Init: Seeding PRNG with 0 bytes of entropy
[Thu Feb 02 17:35:07 2006] [info] Loading certificate & private key of 
SSL-aware server
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_pphrase.c(469): 
unencrypted RSA private key - pass phrase not required
[Thu Feb 02 17:35:07 2006] [info] Init: Generating temporary RSA private 
keys (512/1024 bits)
[Thu Feb 02 17:35:07 2006] [info] Init: Generating temporary DH 
parameters (512/1024 bits)
[Thu Feb 02 17:35:07 2006] [debug] ssl_scache_dbm.c(409): Inter-Process 
Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Thu Feb 02 17:35:07 2006] [info] Init: Initializing (virtual) servers 
for SSL
[Thu Feb 02 17:35:07 2006] [info] Configuring server for SSL protocol
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(405): Creating new 
SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(729): Configuring 
RSA server certificate
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(768): Configuring 
RSA server private key

If I set SSLEngine on only in a VirtualHost block, it starts, but https 
still doesn't work. I get in the error log when try to browse that 
virtualhost via SSL:

[Thu Feb 02 17:51:21 2006] [debug] prefork.c(991): AcceptMutex: flock 
(default: flock)
[Thu Feb 02 17:51:25 2006] [error] [client 80.98.231.227] Invalid method 
in request \x80U\x01\x03\x01
[Thu Feb 02 17:51:25 2006] [error] [client 80.98.231.227] Invalid method 
in request \x80U\x01\x03


Could somebody help me to fix this?

Thanks in advance,

Gabor Kovesdan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message