apache+ssl
Tom Allison wrote:
OK, at one point in my life I had something working for a very brief
period that looked like https.
Unfortunately after a few days... it stopped. Never got it working
again...
I've found a number of mailing lists in search engines that talk about
openssl s_client -connect localhost:443 -state -debug -showcerts
connect: Connection refused
connect:errno=29
as being a pretty consistent problem with the configuration. But I can't find
any thread where it's actually been resolved or the errno even clarified.
I'm really frustrated with this SSL stuff, is this like a state secret or something?
I've tried rebuilding keys using every possible combination I can find for doing
it. The latest was
openssl req -new -x509 -nodes -out server.crt -keyout server.key
taken straight from the apache2.2 site.
I'm stuck. How do you get SSL to work?
I did have this under apache 1 years ago.
How do you do it under Apache 2.2?
I created the keys as mentioned above.
I enabled ssl.conf
I added to http.conf the following:
SSLEngine on
and found that even though it was listed in ssl.conf I also had to include the
Directives for the CertificatFile, CertificatKeyFile, Cache and that would at
least allow it to start, but not serve a page.
Also tried moving all the SSL directives into the <VirtualHost *> Directive and
that also started but did nothing.
I did find that this is mentioned in a bug (267477 -- unclassified). Is this
all I have to work with under Debian? A bug that confirms my experience of:
ssl.conf is insufficient to get anything running.
There's no other mention of how to do it.
Maybe if you hack the shit out of apache2.conf and your virtual hosts you might,
but who knows what you'll be left with.
Or has the decision been made to relegate SSL to only the most uber elite of the
hackerz? I'm frustrated more than I've been in years and I'm even more
frustrated that I've been unable to find anyone who is willing to share any
success. Like I said, it seems to be a state secret.
HOWTO? Anyone have a HOWTO that actually works?
Reply to: