[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Configuring mod_ssl



Hi,

I'm trying to get mod_ssl configured on my server but it isn't coming
together and was hoping I could get some help from the field. Below is a
description of my setup and what I'm trying to do. Any guesses where I'm
going wrong?

I've got a server with multiple virtual hosts. For the most part, I really
only need https to work for my Squirrelmail webmail pages, but may also at
some point have to put in an ecommerce thing on a site to accept credit
cards. It seems to me that for simplicity sake, I'd ideally like to just
have all my sites be accessible identically via http and https. I'll just
put in a redirect for the http version of squirrelmail to go to 443
instead of 80. Is there any good reason why I shouldn't have my docs
available under http and https?

Environment (debian packages)
-----------
apache 1.3.27.0-2
apache-common 1.3.27.0-2
libapache-mod-ssl 2.8.14-3
openssl 0.9.7b-2
libssl0.9.6j-1

# apache -l
Compiled-in modules:
  http_core.c
  mod_so.c
  mod_macro.c
suexec: disabled; invalid wrapper /usr/lib/apache/suexec

What I've done
--------------
Initially, I planned to use apache-ssl to do the https, but then figured
if I could configure apache 1.3 with mod_ssl, I'd have a cleaner and
easier to maintain system. So, my attempt to do that resulted in the
following changes to my httpd.conf. These are in the main section and not
duplicated in the Virtual hosts sections.

LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so

and

SSLVerifyClient 0
SSLVerifyDepth 10
# generated below with openssl
SSLCertificateKeyFile /etc/ssl/demoCA/certs/server.key
SSLCertificateFile /etc/ssl/demoCA/certs/server.crt
SSLCACertificateFile /etc/ssl/demoCA/certs/cacert.pem

What happens
------------
When I try to hit my home page via https, I get the following in my
access_log:

10.0.0.16  - - [20/Oct/2003:23:02:07 -0700] "\x80g\x01\x03\x01" 501 -

And my Safari browser gives an immediate error message:
"Could not open the page 10.0.0.22 because Safari could not establish a
secure connection to the server 10.0.0.22."

Previously, I was getting the following the following error when I tried
restarting apache:
Cannot load /usr/lib/apache/1.3/libssl.so into server:
/usr/lib/apache/1.3/libssl.so: undefined symbol: ap_conn_timeout

This happened when I tried to load the apache_ssl_module in my http.conf
file. I _think_ I'm not supposed to do that. If I'm correct, that module
isn't necessary to run mod_ssl and is only used for apache-ssl. True?





Reply to: