httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rex Brooks <r...@starbourne.com>
Subject Re: [users@httpd] SSL Problem Still not Solved in Apache2-RHEL4
Date Tue, 16 May 2006 13:35:36 GMT
I tried both of Bill's suggestions and neither solved the problem 
yet.  The error message steadfastly remains the same. At least its 
consistent.

Just a slight note, there was a typo on the modssl.org page which got 
transferred:

openssl rsa -in server.key.org -out server.key

should be:

openssl rsa -in server.key.orig -out server.key

also the chmod 0400 should be chmod 400, but neither of those 
impacted the results: The passphrase was removed but httpd still 
failed to start.

We KNOW mod_ssl is at fault here, since, beyond the error message, 
httpd starts when mod_ssl is removed. We also know that when it is 
removed the VirtualHosts won't accept connections. AND, it appears 
that the PassPhrase is not responsible. (Note, I said, appears, since 
I am wondering if I actually need to be logged in as my user and then 
become root, instead of being logged in as root, which I have been?)

Regardless, there ought to be a process of elimination which will 
isolate the culprit in here somewhere.

Unfortunately, SSL is not optional.

Thanks,
Rex

>On 5/15/06, Rex Brooks <rexb@starbourne.com> wrote:
>
>>I did specify a pass phrase when I created the key/crt. However, I do
>>not get a request asking me to supply the pass phrase when I enter:
>>service httpd start. I just get the same FAILED notice with the same
>>error in the error_log.
>
>You likely wont get a request if you use "service httpd start"  -- we
>will try to resolve this step by step; please read all this mess
>before attempting any of it.
>
>First off before we start please back up everything and place the back
>up in a safe place; you probably should back it up twice to be safe.
>:-)
>
>Next, before you install my version of your ssl.conf please try this
>command sequence first: ( Found at:
>http://www.modssl.org/docs/2.8/ssl_faq.html#ToC30 )
>
># become root
>su -
>
># cd to the dircectory where the server key file is and execute
>cp server.key server.key.PW_BackUp
>cp server.key server.key.orig
>
># Remove the passphase from the server key
>openssl rsa -in server.key.org -out server.key
>
># Make sure the server.key file is now only readable by root:
>chown root:root server.key && chmod 0400 server.key
>
># NOTE -
># Make sure you subsitute your file names for the above "server key"
>
># Lastly -- try to start the server
>service httpd start
>
># various commands to see if its really running -
>lsof |grep -i tcp |grep -i http
>netstat -plan |grep 80
>tcpdump port 80
>
>If that works then we know that you canot start apache using "service"
>-- you'll either have to not use a passphrase (which is upto company
>security policy) or always start the "/etc/init.d/httpd restart" by
>hand -- so it will prompt you for the passphrase.
>
>If the above does not work you are welcome to try out my version of
>the ssl.conf -- please make two backups of your original first.  But I
>feel strongly that the above passphrase issue is partially, if not
>completely, at fault.
>
>
>HTH/Sx
>--
>WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/
>
>
>Content-Type: application/octet-stream; name="ssl.conf"
>Content-Disposition: attachment; filename="ssl.conf"
>X-Attachment-Id: f_en9mb1oz
>
>Attachment converted: Macintosh HD:ssl 1.conf (    /    ) (00130C8B)
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


-- 
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message