Re: Configuring apache mod_ssl
Fabio,
Thanks for the response. Here's a little bit more background about what I
have and am trying to do. Any suggestions about how to get me to my goal
would be greatly appreciated!
thanks,
Adam
Goal
----
I've got a server with multiple virtual hosts. For the most part, I really
only need https to work for my Squirrelmail webmail pages, but may also at
some point have to put in an ecommerce thing on a site to accept credit
cards. It seems to me that for simplicity sake, I'd ideally like to just
have all my sites be accessible identically via http and https. I'll just
put in a redirect for the http version of squirrelmail to go to 443
instead of 80. Is there any good reason why I shouldn't have my docs
available under http and https?
Environment (debian packages)
-----------
apache 1.3.27.0-2
apache-common 1.3.27.0-2
libapache-mod-ssl 2.8.14-3
openssl 0.9.7b-2
libssl0.9.6j-1
# apache -l
Compiled-in modules:
http_core.c
mod_so.c
mod_macro.c
suexec: disabled; invalid wrapper /usr/lib/apache/suexec
What I've done
--------------
Initially, I planned to use apache-ssl to do the https, but then figured
if I could configure apache 1.3 with mod_ssl, I'd have a cleaner and
easier to maintain system. So, my attempt to do that resulted in the
following changes to my httpd.conf. These are in the main section and not
duplicated in the Virtual hosts sections.
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
and
SSLVerifyClient 0
SSLVerifyDepth 10
# generated below with openssl
SSLCertificateKeyFile /etc/ssl/demoCA/certs/server.key
SSLCertificateFile /etc/ssl/demoCA/certs/server.crt
SSLCACertificateFile /etc/ssl/demoCA/certs/cacert.pem
What happens
------------
When I try to hit my home page via https, I get the following in my
access_log:
10.0.0.16 - - [20/Oct/2003:23:02:07 -0700] "\x80g\x01\x03\x01" 501 -
And my Safari browser gives an immediate error message:
"Could not open the page 10.0.0.22 because Safari could not establish a
secure connection to the server 10.0.0.22."
Previously, I was getting the following the following error when I tried
restarting apache:
Cannot load /usr/lib/apache/1.3/libssl.so into server:
/usr/lib/apache/1.3/libssl.so: undefined symbol: ap_conn_timeout
This happened when I tried to load the apache_ssl_module in my http.conf
file. I _think_ I'm not supposed to do that. If I'm correct, that module
isn't necessary to run mod_ssl and is only used for apache-ssl. True?
On Tue, 21 Oct 2003, Fabio Massimo Di Nitto wrote:
>
> Hi Adam,
> perhaps if you can provide me with a bit more information such as
> which version of apache, mod_ssl, configuration and especially what you
> are trying to do it would be better. Please also keep the apache mailing
> list in CC since i am not the only apache maintainer around and if i will
> die now, someone can follow up on your problem :-)
>
> The message you mention is in reference to a bug reported against apache.
> I did close that bug since we do compile apache with EAPI support.
>
> Thanks
> Fabio
>
> On Mon, 20 Oct 2003, Adam Dawes wrote:
>
> > Hi,
> >
> > I noticed your response to someone's question about getting mod_ssl to
> > work with apache 1.3 at:
> >
> > http://lists.debian.org/debian-apache/2003/debian-apache-200307/msg00050.html
> >
> > You mention in your response that it was a user configuration error. I'm
> > having the same trouble as the original poster. Can you shed any more
> > light on the proper way to configure https using regular apache 1.3 using
> > mod_ssl as a dso?
> >
> > thanks,
> > Adam
> >
> >
>
>
Reply to: