[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mod_ssl on Debian 2.2

On Sun, Jun 04, 2000 at 05:54:57PM -0400, Dr. Orange wrote:
> I installed mod_ssl and        it's dependencies through dselect.
> After that, without changing anything I      started apache with
> /usr/sbin/apache -DSSL. But https://mylocalhost.com         would not
> accept the connection. I then tried /usr/sbin/apachectl startssl
> but it told me "startssl" wasn't a valid option. I uncommented the
> following line in httpd.conf:
> LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so 

That's not enough.  You need to tell apache to Listen on port 443
(https) as well.  There should be sample configs that come with mod_ssl.

For instance: in /etc/apache/httpd.conf

# Added for SSL
<IfModule mod_ssl.c>
Listen 80
Listen 443
# MIME-types
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
# SSL Pass Phrase
<IfModule mod_ssl.c>
SSLSessionCache	     dbm:/var/run/ssl_cache
SSLSessionCacheTimeout 300
SSLMutex             file:/var/run/ssl_mutex
SSLRandomSeed  connect  file:/dev/random  512
SSLRandomSeed  connect  file:/dev/urandom 512
SSLLog                  /var/log/apache/ssl_engine_log
SSLLogLevel debug

There's more for configuring the port in /etc/apache/access.conf
<VirtualHost [hostname]:443>
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

You might need to play around with generating keys as well. I think I
had to modify the start-up script, because it wants a passphrase at
boot, which doesn't work too well.  It's a bit of trouble, eh!  I'd
guarantee the above configuration is not completely correct, so check
out the docs...

daw daw dit, daw daw daw, daw dit dit dit daw, dit dit daw dit,
dit dit, dit dit dit, dit dit dit dit, daw dit dit dit daw,

Reply to: