Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 92442 invoked from network); 21 Jul 2008 15:30:20 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Jul 2008 15:30:20 -0000 Received: (qmail 3014 invoked by uid 500); 21 Jul 2008 15:30:09 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 2770 invoked by uid 500); 21 Jul 2008 15:30:08 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 2759 invoked by uid 99); 21 Jul 2008 15:30:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jul 2008 08:30:08 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of kohan.massoud@gmail.com designates 64.233.182.186 as permitted sender) Received: from [64.233.182.186] (HELO nf-out-0910.google.com) (64.233.182.186) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jul 2008 15:29:15 +0000 Received: by nf-out-0910.google.com with SMTP id 30so432329nfu.24 for ; Mon, 21 Jul 2008 08:29:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=7yDb7aDpsMDH4A8XFaV5PY5UJaj5mKvjgfs6XOINfiQ=; b=IlOIi5FH2Oxv0N56/AryppsJloHW/eHINDfdXCxLm+uM1IFJYYNttkgpEKjzgwQjDq n8tBfqR8hljFRwUE2zHXPrmpnA1gICacRZfkZA7LqLQTk99N5FAUVq5e+z+2hTrd1EE4 5ZJyQKfdNc9jErKHtHGrtaw6HSTN+T/zq9eyI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=VHpnkPl1Ucg7mh0T/m18iiMXie3Z0k5j1im3DWpWzpLD+9PL3Xao19b32l0VnGmw88 ij7V+BVLqsFQs3oBJnnO6huaCEzLAbKYvwGO3+idPREttnayYSZKtRcjiwFtRwdDCsZZ uyhSrh0H2Cr5K9egedMSVT419a0zvPqzAa3do= Received: by 10.210.141.4 with SMTP id o4mr3400644ebd.154.1216654178725; Mon, 21 Jul 2008 08:29:38 -0700 (PDT) Received: by 10.210.56.5 with HTTP; Mon, 21 Jul 2008 08:29:38 -0700 (PDT) Message-ID: <60f15f3e0807210829i760f6084p3a343ca83751129d@mail.gmail.com> Date: Mon, 21 Jul 2008 08:29:38 -0700 From: kohanm To: users@httpd.apache.org In-Reply-To: <9DD36C99332AB7438F8D73C048D8C62C012B0678@sneezy.ad.e-dialog.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_51597_8478703.1216654178741" References: <60f15f3e0807181335p76c7ccd8ndd2dbcf23a956ff5@mail.gmail.com> <9DD36C99332AB7438F8D73C048D8C62C012B0643@sneezy.ad.e-dialog.com> <60f15f3e0807181526v3f8a2037l56f40f24dec7aa8e@mail.gmail.com> <9DD36C99332AB7438F8D73C048D8C62C012B0678@sneezy.ad.e-dialog.com> X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Configuration Errors on SSL+Apache 2.2 +mod_jk +Tomcat 5.5 ------=_Part_51597_8478703.1216654178741 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I do not have mod_ssl.so under Apache/modules. I downloaded Apache 2.2 the binary version and then the jk_module separately. I read from different sources that I have to install Apache 2.2.* from source than I have to enable mod_ssl and there is not any separate SSL module for Apache 2.2. am I right? MK On 7/21/08, Jorge Medina wrote: > > Depending on your flavor of Linux and how you got Apache, you may already > have the mod_ssl module and you may need just to load it. > > Check if the file mod_ssl.so already exists on the directory where apache > is installed. > > > ------------------------------ > > *From:* kohanm [mailto:kohan.massoud@gmail.com] > *Sent:* Friday, July 18, 2008 6:26 PM > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] Configuration Errors on SSL+Apache 2.2 > +mod_jk +Tomcat 5.5 > > > > Thanks for your reply: > > > > > > Did you enable (LoadModule) the ssl module ? > > No, I thought the only thing that I have to do is to modify on httpd.conf > : > > include conf/extra/httpd-ssl.conf > > > > I have linux binary version so, do I have to download the ssl_module? and > then > > add it to the httpd.conf : > > LoadModule ssl_module modules/mod_ssl.so > > > > > > > > > How did you get your certificate and key? Is your public key protected by a > password ? If not, you don't need to include the SSLPassPhraseDialog > directive. > > > > After creating key,csr then sent to Thawte. I got certificate form Thawte > and the key and certificate are on the conf file. > > I am not sure if the public key is protected by a passowd. > > > > Thanks, > > MK > > > > > > > > > > ------------------------------ > > *From:* kohanm [mailto:kohan.massoud@gmail.com] > *Sent:* Friday, July 18, 2008 4:35 PM > *To:* users@httpd.apache.org > *Subject:* [users@httpd] Configuration Errors on SSL+Apache 2.2 +mod_jk > +Tomcat 5.5 > > > > Hi, > > > > I'am having probem to configure the SSL with the Apache 2.2 +mod_jk > +Tomcat 5.5. > > Without *SSL *implementation the *Tomcat 5.5 +Apache2.2 + mod_k* works > fine. > > For implementing the SSL first I take it out the # from Include ssl: > *Include conf/extra/httpd-ssl.conf ** > *and also in the *httpd-ssl.conf* file I modified these lines: > *ServerName mydomain:443** > SSLCertificateFile "/usr/local/apache2/conf/server.crt" > SSLCertificateKeyFile "/usr/local/apache2/conf/sever.key" * > > When I run apachectl after running tomcat, I get these ERRORs: > [Fri Jul 18 13:22:20 2008] [warn] Useless use of AllowOverride in line 114. > Syntax error on line 57 of /usr/local/apache2/conf/extra/httpd-ssl.conf: > Invalid command '*SSLPassPhraseDialog*', perhaps misspelled or defined by > a module not included in the server configuration > > > Here the httdf.conf file(short describtion): > > *Listen mydomainIP:80** > LoadModule jk_module modules/mod_jk-apache-2.2.4.so * > > * * > > ** > > *JkWorkersFile conf/workers.properties** > JkLogFile logs/mod_jk.log > JkLogLevel error > JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " > JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories > JkRequestLogFormat "%w %V %T"* > > * * > > *Alias /list "/usr/local/jakarta-tomcat/webapps/list/"* > > * ** > Options Indexes +FollowSymLinks > AllowOverride None > Allow from all > * > > * ** > Alias /example "/usr/local/jakarta-tomcat/webapps/example/"* > > * ** > Options Indexes +FollowSymLinks > AllowOverride None > Allow from all > * > > > * ** > AllowOverride None > deny from all > * > > > * JkMount /list/* example** > JkMount /example/* example* > > ** > > > *# Secure (SSL/TLS) connections** > Include conf/extra/httpd-ssl.conf* > > *** > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > * > > > > > ____________________ > > in the *httpd-ssl.conf* file the only lines that I changed from default > are : > > *ServerName mydomain:443** > SSLCertificateFile "/usr/local/apache2/conf/server.crt" > SSLCertificateKeyFile "/usr/local/apache2/conf/sever.key"* > > > > Thanks for your help, > > MK > > > > > > -- > Massoud > -- Massoud ------=_Part_51597_8478703.1216654178741 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
I do not have mod_ssl.so under Apache/modules. I downloaded Apache 2.2 the binary version and then the  jk_module  separately.
I read from different sources that I have to install Apache 2.2.* from source than I have to enable mod_ssl  and there is not any separate SSL module for Apache 2.2. am I  right?
MK


 
On 7/21/08, Jorge Medina <jmedina@e-dialog.com> wrote:

Depending on your flavor of Linux and how you got Apache, you may already have the mod_ssl module and you may need just to load it.

Check if the file mod_ssl.so already exists on the directory where apache is installed.

 

From: kohanm [mailto:kohan.massoud@gmail.com]
Sent: Friday, July 18, 2008 6:26 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Configuration Errors on SSL+Apache 2.2 +mod_jk +Tomcat 5.5

 

Thanks for your reply:
 


 

Did you enable (LoadModule) the ssl module ?

No, I thought the only thing that I have to do is to modify on httpd.conf :

include  conf/extra/httpd-ssl.conf

 

I have linux binary version so,  do I have to download the ssl_module?  and then

add it  to the   httpd.conf :

LoadModule ssl_module modules/mod_ssl.so

 


 

 

How did you get your certificate and key? Is your public key protected by a password ? If not, you don't need to include the SSLPassPhraseDialog directive.

 

After creating key,csr then sent to Thawte. I got certificate form Thawte and the key and certificate are on the conf file.

I am not sure if the public key is protected by a passowd.

 

Thanks,

MK
 

 

 

 

 

From: kohanm [mailto:kohan.massoud@gmail.com]
Sent: Friday, July 18, 2008 4:35 PM
To: users@httpd.apache.org
Subject: [users@httpd] Configuration Errors on SSL+Apache 2.2 +mod_jk +Tomcat 5.5

 

Hi,

 

I'am having probem to configure the SSL with the  Apache 2.2 +mod_jk +Tomcat 5.5.

Without SSL implementation the Tomcat 5.5 +Apache2.2 + mod_k works fine.

For implementing the SSL first I take it out the  # from Include ssl:
Include conf/extra/httpd-ssl.conf
and also in the httpd-ssl.conf file I modified these lines:
ServerName  mydomain:443
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/sever.key"

 When I run apachectl after running tomcat,  I get these ERRORs:
[Fri Jul 18 13:22:20 2008] [warn] Useless use of AllowOverride in line 114.
Syntax error on line 57 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration


Here the httdf.conf file(short describtion):

Listen  mydomainIP:80
 LoadModule jk_module modules/mod_jk-apache-2.2.4.so

 

<IfModule mod_jk.c>

JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"

 

Alias /list  "/usr/local/jakarta-tomcat/webapps/list/"

 <Directory "/usr/local/jakarta-tomcat/webapps/list/">
        Options Indexes +FollowSymLinks
        AllowOverride None
        Allow from all
    </Directory>

 
Alias /example  "/usr/local/jakarta-tomcat/webapps/example/"

 <Directory "/usr/local/jakarta-tomcat/webapps/example/">
        Options Indexes +FollowSymLinks
        AllowOverride None
        Allow from all
    </Directory>


    <Location "/*/WEB-INF/*">
        AllowOverride None
        deny from all
    </Location>


 JkMount  /list/*  example
 JkMount /example/* example

</IfModule>


# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

 


____________________

in the httpd-ssl.conf file the only lines that I changed from default are :

ServerName  mydomain:443
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/sever.key"

 

Thanks for your help,

MK
 




--
Massoud




--
Massoud ------=_Part_51597_8478703.1216654178741--