Hosting Provided By

Re: Built-In Apache & HTTPS

From: Alex Kirk <alex(at)schnarff.com>
Date: Fri Jan 03 2003 - 15:03:21 EST

> Does your PF ruleset allow connections to 443 port on that machine?

Yes: I am not using a default block, and I have nothing explicitly blocking port 443.

As for my logs, I set SSLLogLevel to trace, looked at ssl_engine_log, and saw encouraging messages:

[03/Jan/2003 14:48:52 32661] [info] Server: Apache/1.3.26, Interface:
mod_ssl/2.8.10, Library: OpenSSL/0.9.7-beta3
[03/Jan/2003 14:48:52 32661] [info] Init: 1st startup round (still not
detached)
[03/Jan/2003 14:48:52 32661] [info] Init: Initializing OpenSSL library
[03/Jan/2003 14:48:52 32661] [info] Init: Loading certificate & private key
of SSL-aware server mail.schnarff.com:443
[03/Jan/2003 14:48:52 32661] [trace] Init: (mail.schnarff.com:443)
unencrypted RSA private key - pass phrase not required
[03/Jan/2003 14:48:52 32661] [info] Init: Loading certificate & private key
of SSL-aware server new.host.name:443
[03/Jan/2003 14:48:52 32661] [trace] Init: (new.host.name:443) unencrypted
RSA private key - pass phrase not required

These correspond to my VirtaulHost directives for that host:

   ServerAdmin alex@schnarff.com
   DocumentRoot /usr/local/apache/cgi-bin/    ServerName mail.schnarff.com
   ServerAlias *mail.schnarff.com
   ErrorLog logs/mail.schnarff.com-error_log    SSLEngine on
   SSLCertificateFile /etc/ssl/private/server.crt    SSLCertificateKeyFile /etc/ssl/private/server.key    CustomLog logs/mail.schnarff_access_log common    ...
</VirtualHost>
<VirtualHost 209.190.205.236:80>

Do you need help?

I'm at a loss here, because according to what I can decipher from the modssl.org documentation, this *should* work. The only things I can think of are:

There's a directive at the start of the server main config that tells it which port to listen to, and all I have is "Port 80". Should I add "Port

443" on the next line, or would that confuse it?

I have a <VirtualHost _default_:443> directive, though it's got "SSLEngine on" enabled and it has the same server key/certificate. Should I

comment this out?

Thanks again for all of your help.

Alex Kirk

[demime 0.98d removed an attachment of type application/pgp-signature]
Received on Fri Jan 3 15:07:33 2003

This message: [ Message body ]
Next message: Dom De Vitto: "Re: AntiVirus for sendmail"
Previous message: Chuck Yerkes: "Re: AntiVirus for sendmail"
In reply to: Donatas Budvytis: "Re: Built-In Apache & HTTPS"
In reply to Ben Goren: "Re: Should CUPS replace lpr et al?"
Next in thread: Waldemar Brodkorb: "Re: Built-In Apache & HTTPS"
Reply: Waldemar Brodkorb: "Re: Built-In Apache & HTTPS"
Reply: Otto Moerbeek: "Re: Built-In Apache & HTTPS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:32:14 EDT