apache+ssl

To: Debian User List <debian-user@lists.debian.org>
Subject: apache+ssl
From: Tom Allison <tom@tacocat.net>
Date: Mon, 04 Jun 2007 19:50:14 -0400
Message-id: <[🔎] 4664A536.6010603@tacocat.net>
In-reply-to: <4663AC92.1090403@tacocat.net>
References: <4663AC92.1090403@tacocat.net>

Tom Allison wrote:

OK, at one point in my life I had something working for a very briefperiod that looked like https.Unfortunately after a few days... it stopped. Never got it workingagain...


I've found a number of mailing lists in search engines that talk about

openssl s_client -connect localhost:443 -state -debug -showcerts
connect: Connection refused
connect:errno=29

as being a pretty consistent problem with the configuration. But I can't findany thread where it's actually been resolved or the errno even clarified.


I'm really frustrated with this SSL stuff, is this like a state secret or something?

I've tried rebuilding keys using every possible combination I can find for doingit. The latest was

openssl req -new -x509 -nodes -out server.crt -keyout server.key
taken straight from the apache2.2 site.

I'm stuck.  How do you get SSL to work?

I did have this under apache 1 years ago.

How do you do it under Apache 2.2?

I created the keys as mentioned above.
I enabled ssl.conf
I added to http.conf the following:
SSLEngine on

and found that even though it was listed in ssl.conf I also had to include theDirectives for the CertificatFile, CertificatKeyFile, Cache and that would atleast allow it to start, but not serve a page.

Also tried moving all the SSL directives into the <VirtualHost *> Directive andthat also started but did nothing.

I did find that this is mentioned in a bug (267477 -- unclassified). Is thisall I have to work with under Debian? A bug that confirms my experience of:


ssl.conf is insufficient to get anything running.
There's no other mention of how to do it.

Maybe if you hack the shit out of apache2.conf and your virtual hosts you might,but who knows what you'll be left with.

Or has the decision been made to relegate SSL to only the most uber elite of thehackerz? I'm frustrated more than I've been in years and I'm even morefrustrated that I've been unable to find anyone who is willing to share anysuccess. Like I said, it seems to be a state secret.


HOWTO?  Anyone have a HOWTO that actually works?

Reply to:

Follow-Ups:
- Re: apache+ssl
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: apache+ssl
  - From: Jan-Petter Kruger <jpk@mosedotten.com>

Prev by Date: Slow web browsing redux
Next by Date: Problem with rssh and chroot() (amd64 / testing)
Previous by thread: Re: Objective data instead of subjective wooliness (was Re: Slow web browsing redux)
Next by thread: Re: apache+ssl
Index(es):
- Date
- Thread