httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Henderson <dhender...@digital-pipe.com>
Subject [users@httpd] apache and ssl
Date Wed, 28 Jun 2006 19:44:46 GMT
      Gang,
    
         I have been working on this issue over the past few days.  I am trying to
    get SSL working with Apache 2.0 (Debian 3.0).  I have read through
    documentation on how to create Root CA's, ssl certificates and keys,
    etc.  I made a root ca and created a certificate and key for my site.
    I inserted the these lines into the following files (as well as the http.conf file):
    
     the mods-available/ssl.conf file (also
    tried putting them in my http.conf file):
    
    (mods-available/ssl.conf)
    SSLProtocol -all +SSLv2
    
    (virtual host file)
    SSLCertificateFile /location2file/filename.crt
    SSLCertificateKeyFile /location2file/filename.key
    
    I edited the ports.conf file and added the line "Listen 443", adjusted
    my firewall to forward port 443 traffic to the correct ip, edited the
    sites-available/sitefile to include two NameVirtualHost directives:
    
      NameVirtualHost 192.168.0.12:80
    NameVirtualHost 192.168.0.13:443
    
    then I created two <virtualhost> sections, one for port 80 traffic, one
    for port 443 traffic.  Because I am trying to get all files placed in a
    sub dir of the root of the website (/ssl), I appended "/ssl" to the end
    of the documentroot directive for the 443 entry.  If I visit the url in
    http, it displays just fine:
    
    http://www.foo.com/ssl/protected.html
    
    if I try to log into the site using https, I get prompted to accept a
    certificate (which isn't the one I created - seems to be the default
    one).  If I do accept I get the following error in the browser:
    
    501 Not Implemented
     The requested method is not implemented by this server.
    
    My questions are these:
    
    1) How do I get the "/ssl" directory to use ssl to protect anything
    stored in that directory?
    
    2) How do I get   apache to use my certificate that I cretaed?
    
    Thanks for any help given.
    Dave 
    
    
    
    Here is some other related information:
    
    I have tried starting apache with "apache2ctl startssl".
    I have run "apache2ctl configtest" and got a "syntax ok" response.
    Here is a copy of my virtual host definition:
    
    <VirtualHost 192.168.0.13:443>
            ServerAdmin webmas...@sitename.com
    
            DocumentRoot /var/www/sitename.com/demo/ssl
            ServerName demo.sitename.com/ssl
    
    SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
                   SSLCipherSuite SSLv2:+HIGH:+MEDIUM
                      SSLVerifyClient require
                    SSLVerifyDepth 1
    
            #   SSL specifications
    #       <Location /ssl>
    #               SSLCipherSuite SSLv2:+HIGH:+MEDIUM
    #               SSLVerifyClient require
    #               SSLVerifyDepth 1
    #       </Location>
    
            #   This should be changed to whatever you set DocumentRoot to.
            <Directory   /var/www/sitename.com/demo/ssl>
                    Options Indexes Includes
                    AllowOverride Options
                    Order allow,deny
                    Allow from all
                   # This directive allows us to have apache2's default start page
                   # in /apache2-default/, but still have / go to the right place
                   #RedirectMatch ^/$ /apache2-default/
              </Directory>
            ErrorLog /var/log/apache2/sitename.com/demo/error.log
            CustomLog /var/log/apache2/sitename.com/demo/access.log common
            CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
            CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
    
            # Possible values: debug, info, notice, warn, error, crit, alert, emerg.
            LogLevel warn
    
            ServerSignature On
    </VirtualHost>
Mime
View raw message