Re: mod_ssl on Debian 2.2

["Eric G . Miller" <egm2@jps.net>]

On Sun, Jun 04, 2000 at 05:54:57PM -0400, Dr. Orange wrote:
> 
> I installed mod_ssl and        it's dependencies through dselect.
> After that, without changing anything I      started apache with
> /usr/sbin/apache -DSSL. But https://mylocalhost.com         would not
> accept the connection. I then tried /usr/sbin/apachectl startssl
> but it told me "startssl" wasn't a valid option. I uncommented the
> following line in httpd.conf:
> LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so 

That's not enough.  You need to tell apache to Listen on port 443
(https) as well.  There should be sample configs that come with mod_ssl.

For instance: in /etc/apache/httpd.conf

# Added for SSL
<IfModule mod_ssl.c>
Listen 80
Listen 443
</IfModule>
# MIME-types
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfModule>
# SSL Pass Phrase
<IfModule mod_ssl.c>
SSLSessionCache	     dbm:/var/run/ssl_cache
SSLSessionCacheTimeout 300
SSLMutex             file:/var/run/ssl_mutex
SSLRandomSeed  connect  file:/dev/random  512
SSLRandomSeed  connect  file:/dev/urandom 512
SSLLog                  /var/log/apache/ssl_engine_log
SSLLogLevel debug
</IfModule>

There's more for configuring the port in /etc/apache/access.conf
<VirtualHost [hostname]:443>
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</IfModule>
</VirtualHost>

You might need to play around with generating keys as well. I think I
had to modify the start-up script, because it wants a passphrase at
boot, which doesn't work too well.  It's a bit of trouble, eh!  I'd
guarantee the above configuration is not completely correct, so check
out the docs...

-- 
daw daw dit, daw daw daw, daw dit dit dit daw, dit dit daw dit,
dit dit, dit dit dit, dit dit dit dit, daw dit dit dit daw,