From users-return-116911-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Tue Feb 6 01:02:35 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id 4B860180647 for ; Tue, 6 Feb 2018 01:02:35 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 3B700160C5A; Tue, 6 Feb 2018 00:02:35 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 5B2DF160C3B for ; Tue, 6 Feb 2018 01:02:34 +0100 (CET) Received: (qmail 15004 invoked by uid 500); 6 Feb 2018 00:02:32 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 14994 invoked by uid 99); 6 Feb 2018 00:02:32 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Feb 2018 00:02:32 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 4EB5F180161 for ; Tue, 6 Feb 2018 00:02:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.973 X-Spam-Level: * X-Spam-Status: No, score=1.973 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, HTTP_ESCAPED_HOST=1.621, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id smaWlWm6ggwt for ; Tue, 6 Feb 2018 00:02:30 +0000 (UTC) Received: from nvmail2.nv.gov (nvmail2.nv.gov [167.154.11.117]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 1F1DD5F640 for ; Tue, 6 Feb 2018 00:02:28 +0000 (UTC) X-ASG-Debug-ID: 1517875339-0d712b1edcc92f0001-XEkec8 Received: from msecmail.nv.gov (msecmail.nv.gov [167.154.10.235]) by nvmail2.nv.gov with ESMTP id oXDnoIWzVLjUnAp9 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 05 Feb 2018 16:02:19 -0800 (PST) X-Barracuda-Envelope-From: prvs=15759e7835=jpcauhape@nvdetr.org X-Barracuda-Effective-Source-IP: msecmail.nv.gov[167.154.10.235] X-Barracuda-Apparent-Source-IP: 167.154.10.235 X-ASG-Whitelist: Client Received: from pps.filterd (msecmail.nv.gov [127.0.0.1]) by msecmail.nv.gov (8.16.0.21/8.16.0.21) with SMTP id w15Ex78u017966 for ; Mon, 5 Feb 2018 16:02:19 -0800 Received: from ccexchcas00.state.nv.us (ccexchcas00.state.nv.us [10.131.10.53]) by msecmail.nv.gov with ESMTP id 2fwwjbgah6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Mon, 05 Feb 2018 16:02:19 -0800 Received: from ccexch03.STATE.NV.US ([10.131.10.50]) by CCEXCHCAS00.STATE.NV.US ([10.131.10.53]) with mapi id 14.03.0361.001; Mon, 5 Feb 2018 16:02:18 -0800 From: Jeff Cauhape To: "users@httpd.apache.org" Thread-Topic: Probably small problem with SSL config X-ASG-Orig-Subj: Probably small problem with SSL config Thread-Index: AdOe3a6iMLNLhnZQTQurSZhe3UNNQg== Date: Tue, 6 Feb 2018 00:02:18 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.133.4.36] Content-Type: multipart/alternative; boundary="_000_D38F32E64B2D79458525F9877BFDCBBC26417BB4ccexch03STATENV_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5600 definitions=5800 signatures=585085 X-Barracuda-Connect: msecmail.nv.gov[167.154.10.235] X-Barracuda-Start-Time: 1517875339 X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384 X-Barracuda-URL: https://167.154.11.117:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at nv.gov X-Barracuda-Scan-Msg-Size: 8427 X-Barracuda-BRTS-Status: 1 Subject: [users@httpd] Probably small problem with SSL config --_000_D38F32E64B2D79458525F9877BFDCBBC26417BB4ccexch03STATENV_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I'm setting up an Apache server 2.4.25 in our DMZ for the first time, and having an issue with getting SSL configured correctly. I am using links text based browser to connect from a second machine to the first machine. The connection works with HTTP but not with HTTPS. When I try to connect with HTTPS, I get the error: "Unable to retrieve https:// address>/: SSL error" Unfortunately I'm not finding any useful log information to help me figure out what I'm doing wrong. Here's the relevant bits from the httpd.conf file: SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLSessionCache dbm:/apps/apache_2.4.25/ssl/ssl_cache Listen 443 ServerName SSLEngine on SSLCertificateFile "/apps/apache_2.4.25/ssl/nvdetr.crt" SSLCertificateKeyFile "/apps/apache_2.4.25/ssl/nvdetr.key" I'm loading modules ssl_module, authn_dbm_module among others. The ssl directory is 755, root/root and the crt and key files are daemon/r= oot 644. From the error_log file: [Mon Feb 05 15:42:00.247694 2018] [mpm_event:notice] [pid 5604:tid 13977236= 6497600] AH00489: Apache/2.4.25 (Unix) OpenSSL/1.0.1e-fips configured -- re= suming normal operations [Mon Feb 05 15:42:00.247945 2018] [core:notice] [pid 5604:tid 1397723664976= 00] AH00094: Command line: '/apps/apache_2.4.25/bin/httpd' There is no HTTPS reference in the access_log file. The only references to http in /var/log/messages is referring to syslogd. The /var/log/dmesg just has boot info. nb - this is RHEL 7.4 Ideas? Suggestions where to look? Thanks, Jeff Cauhape IT Professional III Department of Employment, Training and Rehabilitation Phone 1-775-684-3804 Email: jpcauhape@nvdetr.org --_000_D38F32E64B2D79458525F9877BFDCBBC26417BB4ccexch03STATENV_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I’m setting up an Apache server 2.4.25 in our = DMZ for the first time,

and having an issue with getting SSL configured corr= ectly.

 

I am using links text based browser to connect from = a second machine

to the first machine. The connection works with HTTP= but not with HTTPS.

 

When I try to connect with HTTPS, I get the error:

 

“Unable to retrieve = https://<ip address>/:

 

        &nbs= p;            &= nbsp;  SSL error”

 

Unfortunately I’m not finding any useful log i= nformation to

help me figure out what I’m doing wrong.<= /o:p>

 

Here’s the relevant bits from the httpd.conf f= ile:

 

= <IfModule ssl_module>

= SSLRandomSeed startup builtin

= SSLRandomSeed connect builtin

= SSLSessionCache dbm:/apps/apache_2.4.25/ssl/ssl_cache

= </IfModule>

=  

= Listen 443

= <VirtualHost *:443>

=   ServerName   <the_FQDN>

=   SSLEngine    on

=   SSLCertificateFile    "/apps/apache_2.4.25/ssl/n= vdetr.crt"

=   SSLCertificateKeyFile "/apps/apache_2.4.25/ssl/nvdetr.key"=

= </VirtualHost>

 

I’m loading modules ssl_module, authn_dbm_modu= le among others.

 

The ssl directory is  755, root/root and the cr= t and key files are daemon/root 644.

 

From the error_log file:

 

[Mon Feb 05 15:42:00.247694 2018] [mpm_event:notice]= [pid 5604:tid 139772366497600] AH00489: Apache/2.4.25 (Unix) OpenSSL/1.0.1= e-fips configured -- resuming normal operations

[Mon Feb 05 15:42:00.247945 2018] [core:notice] [pid= 5604:tid 139772366497600] AH00094: Command line: '/apps/apache_2.4.25/bin/= httpd'

There is no HTTPS reference in the access_log file.

 

The only references to http in /var/log/messages is = referring to syslogd.

 

The /var/log/dmesg just has boot info.

 

nb – this is RHEL 7.4

 

Ideas? Suggestions where to look?

 

Thanks,

 

Jeff Cauhape

IT Professional III

Department of Employment, Training and Rehabilitatio= n

Phone 1-775-684-3804

Email: jpcauhape@nvdetr.org

 

--_000_D38F32E64B2D79458525F9877BFDCBBC26417BB4ccexch03STATENV_--