moron apache+ssl
OK, at one point in my life I had something working for a very brief
period that looked like https.
Unfortunately after a few days... it stopped. Never got it working
again...
So I'm trying to get sane directions working and I'm pretty hosed...
apache will start but https doesn't respond.
[Sat Jun 02 22:09:55 2007] [info] Init: Seeding PRNG with 0 bytes of
entropy
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Sat Jun 02 22:09:55 2007] [warn] Init: Session Cache is not
configured [hint: SSLSessionCache]
[Sat Jun 02 22:09:55 2007] [info] Init: Initializing (virtual)
servers for SSL
[Sat Jun 02 22:09:55 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8c
[Sat Jun 02 22:09:55 2007] [notice] suEXEC mechanism enabled
(wrapper: /usr/lib/apache2/suexec)
[Sat Jun 02 22:09:55 2007] [info] mod_fcgid: Process manager 16591
started
[Sat Jun 02 22:09:55 2007] [info] Init: Seeding PRNG with 0 bytes of
entropy
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Sat Jun 02 22:09:55 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Sat Jun 02 22:09:55 2007] [info] Init: Initializing (virtual)
servers for SSL
[Sat Jun 02 22:09:55 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8c
[Sat Jun 02 22:09:55 2007] [notice] Apache/2.2.3 (Debian) mod_ssl/
2.2.3 OpenSSL/0.9.8c configured -- resuming normal operations
[Sat Jun 02 22:09:55 2007] [info] Server built: Mar 27 2007 14:54:26
The response from Firefox is some error called "has sent an incorrect
or unexpected message. Error Code -12263"
I have Directives in apache.conf for:
Listen 443
Directives in ssl.conf
<IfModule mod_ssl.c>
# added by me.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/host.cert
SSLCertificateKeyFile /etc/apache2/ssl/host.key
NOTE: I also have SsLSessionCache called out even though the logs say
I don't. It's the debian default so I'm kind of "wtf?" on this one.
Now, I have about 100 questions that I've been searching for all
night long.
I'm either hitting the wrong keywords or just can't find anything.
First. If I want to have both SSL and non-SSL Virtual Hosts: It is
my understanding that I can only have one HTTPS host but many HTTP
hosts (chicken and egg).
For the most part, this is fine. I'm primarily looking at a http
+https host and perhaps smaller (static) http sites.
It's fairly obvious to me that I don't have any clue where to put the
SSLEngine/SSLCertificate* directives.
So I'm asking if someone has some concise information on how this can
be done....
I assume that no matter what I want to do I have to leave the 'Listen
443' directive in Section 1 of apache.conf.
true/false?
I suspect that the SSL Directives I want to use have to be entered
into a VirtualHost Directive like:
<VirtualHost *:443/>
SSLEngine on
SSLCertificateFile ...
SSLCertificateKeyFile ...
/// And other stuff there with directories and cgi-bin directories...
</VirtualHost>
And so I have to write a *lot* of stuff for the HTTPS stuff to work.
Seems that for just about every directive out there (cgi, fcgi, ...)
I have to darn near copy and repeat for HTTPS.
This seems incorrect because it's repetative, lengthy, and does
nothing to restrict sections to only HTTPS.
I haven't any idea how to make certain areas HTTP only and others
HTTPS only but it's probably related to SSLRequire.
Unfortunately, since I have no SSL working at all my ability to
investigate this is slightly limited.. ;)
So, what's a good practice for doing this kind of stuff.
Am I even close?
Reply to: