Re: [apache] plain SSL support [SOLVED]
>> What is the cleanest way to get plain Apache+SSL going?
>
> Perhaps install apache-ssl (not apache) and only require ssl for some
> directories/sites? I haven't done it, this is just something you might
> consider looking into.
Sounds good in theory but unfortunately apache-ssl appears to be inextricably
SSL'd. Attempting to "turn off" SSL is unsuccessful; causes the web browser to
call the server repeatedly and then cough up "Document contains no data" with many
SSL error messages in the log.
So, I opted to go the route I've been using on Redhat systems which is to use
mod_ssl. I uninstalled apache-ssl and installed regular 'apache' and then
libapache-mod-ssl. It doesn't work out of the box though. It's painful. Basically
you have to run:
# mod-ssl-makecert
select 1 for 'dummy' (which it says not to do; thanks) and then add something like
the following to your httpd.conf which fortunately for me I copied out of a
working install on a RH machine:
Listen 80
Listen 443
...
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/log/apache/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/log/apache/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/apache/ssl_engine_log
SSLLogLevel error
</IfModule>
<VirtualHost _default_:443>
ErrorLog /var/log/apache/error.log
TransferLog /var/log/apache/access.log
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Why anyone thinks someone could possibly figure this out without help from someone
who has done it before is beyond me.
--
A program should be written to model the concepts of the task it
performs rather than the physical world or a process because this
maximizes the potential for it to be applied to tasks that are
conceptually similar and, more important, to tasks that have not
yet been conceived.
Reply to: