httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <scte...@apache.org>
Subject Re: [users@httpd] Verisign signatures with Apache server
Date Tue, 09 Jan 2007 16:41:25 GMT
Nancy,

On Jan 9, 2007, at 8:20 AM, Booterbaugh, Nancy wrote:

> Error_Log has the following warning message :   Session Cache is  
> not configured [hint: SSLSessionCache]
> ssl-error_log has the following error message :    [error] Unable  
> to configure verify locations for client authentication

Hm... without the SSL session cache, clients will not be able to re- 
use their SSL sessions.  This can have a serious performance impact  
on your server.

Please put in the main server configuration the following directive:

SSLSessionCache shm:/usr/local/apache2/logs/ssl_scache(512000)
SSLSessionCacheTimeout 300

See the following documentation URL for an explanation:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslsessioncache

> I use following command to start the Apache server instead of  
> "apachectl":
> ./httpd -k start -f /usr/local/apache2/conf/httpd-cob-certs.conf

That is the command apachectl executes, so you're fine there.

> Here is the Virtual host configuration we have in the "httpd-cob- 
> certs.conf" file. The only difference between this and the one we  
> were using for self-signed is the directory location in the SSL  
> parameters.

Looks like a fine configuration to me, but do add the session cache  
stuff.

S.

-- 
sctemme@apache.org            http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



Mime
View raw message