Problem in Setting Up SSL

Re: Problem in Setting Up SSL

Are you sure that mod_ssl httpd module is listen in localhost:2443?

O vie, 02-02-2007 ás 18:30 +0530, Shyam Shukla escribiu:
> Hi All,
> 
>  
> 
> I am getting problem in setting up SSL in apache 2.0.59 in linux
> platform.
> 
> I followed the steps as below:
> 
>  
> 
> 1- Created a self signed ca cert.
> 
> 2- Created a server cert using the same ca.
> 
> 3- Created two directories ssl.crt and ssl.key under
> apache_server_home_dir/conf to put ca, server cert and private key.
> 
> 4- Modified ssl.conf file to define ssl port, server name, path to
> certificates etc.
> 
>  
> 
> I did all the steps that I had done previously with apache 2.0.52,
> which was working in ssl mode but in case of apache 2.0.59, it does
> not start up at all.
> 
>  
> 
> When I try to access through browser, for e.g. https://hostname:2443,
> I get the message “page can not be displayed”.
> 
>  
> 
> Can anyone guide me where am I going wrong or could send me some
> documents to setup ssl in apache 2.0.59?
> 
>  
> 
>  
> 
>  
> 
> Best Regards,
> Shyam Shukla
> 
> 
> 
>  
> 
> 
> DISCLAIMER ========== This e-mail may contain privileged and
> confidential information which is the property of Persistent Systems
> Pvt. Ltd. It is intended only for the use of the individual or entity
> to which it is addressed. If you are not the intended recipient, you
> are not authorized to read, retain, copy, print, distribute or use
> this message. If you have received this communication in error, please
> notify the sender and delete all copies of this message. Persistent
> Systems Pvt. Ltd. does not accept any liability for virus infected
> mails.
> 
--
Devel it, Precio http://www.pas-world.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Compression in SSL

Hello,

In mod_ssl I can not see any option to enable compression.
It's posible to enable compression in SSL or
mod_deflate made it before?

--

-- 
--
Devel in Precio http://www.pas-world.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Re: Compression in SSL

devel schrieb:
> In mod_ssl I can not see any option to enable compression.
> It's posible to enable compression in SSL or
> mod_deflate made it before?

Hi,

if you are using Apache 2 you should be fine with mod_deflate. Test
your site with the firefox plugin "LiveHttpHeaders"; the header info
"Content-Encoding=gzip" means your listener delivers compressed content.

If you are using Apache 1.3, follow the steps from the mini howto at
http://marc.theaimsgroup.com/?l=apache-modgzip&m=103056813417250&w=2.
In short terms, set up two vhosts: one hidden only compressing with
mod_gzip, the other public one with ssl which is proxying the content
from the first one.

Hope that helps,
Eckard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Cannot load mod_ssl.so into server: The operating system cannot run %1

Re: Cannot load mod_ssl.so into server: The operating system cannot run %1

This list is about mod_ssl under Apache 1.3.xx, just like modssl.org
said it was. Furthermore as the apache website states, mod_ssl is now
part of Apache 2.x thus the support would be there.

On 2/15/07, Andrew Madu <andrewmadu <at> gmail.com> wrote:
> Operating system: Windows XP Professional
> Version: 2002
> Service Pack: 2
>
> Apache HTTP version: 2.2.4 (Binary)
>
> Syntax error on line 114 of httpd.conf:
> Cannot load mod_ssl.so into server: The operating system cannot run %1
>
> Of course line 114 in my httpd.conf document is:
> LoadModule ssl_module modules/mod_ssl.so
>
> The mod_ssl.so module is situated in C:\Program Files\Apache Software
> Foundation\Apache2.2\modules.
>
> What is the issue here and how can I best resolve it?
>
> --
> Regards
>
> Andrew
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Re: Cannot load mod_ssl.so into server: The operating system cannot run %1

Installing Apache + SSL on Windows

I've been trying for ages to get my server running SSL successfully. I
don't need port 80 (unencrypted traffic) at all, just 411.

I have the module set up just fine, and apache runs fine unless I
define a valid cert and key:

SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key

These are unencrypted (win32 doesn't support encrypted keys) SSL keys
that are valid for apache (when they're not valid it tells me so and
refuses to load them). But when I have these defined, and I start
apache, the "starting apache" console window comes up and takes longer
than usual, then just crashes and the vista "Apache HTTP server
stopped working and was closed" window comes up.

This is the entire debug log for an attempted start:

[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL
[Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
RSA server certificate
[Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
(CN) `163.11.110.152:443' does NOT match server name!?
[Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
RSA server private key
[Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
[Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
SSL-aware server

It abruptly ends at that last line.

This is the relevant section from my httpd.conf. It's basically
identical to ssl.conf and including that doesn't make a difference.
And like I said, if I just take out those two cert/key lines then it
will start fine (but of course tell me that there's no way ssl will
work without a certificate).

#SSL

Listen 163.11.110.152:443

AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl    .crl

SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none

LogLevel debug

<VirtualHost 163.11.110.152:443>
SSLEngine On
SSLCertificateFile pw/my-server.cert
SSLCertificateKeyFile pw/my-server.key
</VirtualHost>

Does anyone know what's going on? I see hundreds of success stories
around the internet about making the key file unencrypted, but mine is
already unencrypted. Also it's Listening on a specific IP address,
something that helped some other people. What else is there left ot
try?

--

-- 
Brian Gordon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Re: Installing Apache + SSL on Windows

Re: Installing Apache + SSL on Windows

There is no pass phrase on the key file. I've redone the key and crt
several times; it always asks me for a passphrase at some point but I
think that at the end of the process nothing is encrypted

On 2/16/07, Xian Xian <xian1990 <at> gmail.com> wrote:
> Brian,
> You'd better to redo a key file and crt file. Remove the pass phrase from
> the key file. Good luck!
> Xian
>
>
> On 2/16/07, Brian Gordon <bgordon0 <at> gmail.com> wrote:
> >
> > I've been trying for ages to get my server running SSL successfully. I
> > don't need port 80 (unencrypted traffic) at all, just 411.
> >
> > I have the module set up just fine, and apache runs fine unless I
> > define a valid cert and key:
> >
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> >
> > These are unencrypted (win32 doesn't support encrypted keys) SSL keys
> > that are valid for apache (when they're not valid it tells me so and
> > refuses to load them). But when I have these defined, and I start
> > apache, the "starting apache" console window comes up and takes longer
> > than usual, then just crashes and the vista "Apache HTTP server
> > stopped working and was closed" window comes up.
> >
> > This is the entire debug log for an attempted start:
> >
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> > SSL-aware server
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469):
> > unencrypted RSA private key - pass phrase not required
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA
> > private keys (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH
> > parameters (512/1024 bits)
> > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for
> SSL
> > [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating
> > new SSL context (protocols: SSLv2, SSLv3, TLSv1)
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring
> > RSA server certificate
> > [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName
> > (CN) `163.11.110.152:443' does NOT match server name!?
> > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring
> > RSA server private key
> > [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface:
> > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d
> > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of
> > SSL-aware server
> >
> > It abruptly ends at that last line.
> >
> > This is the relevant section from my httpd.conf. It's basically
> > identical to ssl.conf and including that doesn't make a difference.
> > And like I said, if I just take out those two cert/key lines then it
> > will start fine (but of course tell me that there's no way ssl will
> > work without a certificate).
> >
> > #SSL
> >
> > Listen 163.11.110.152:443
> >
> > AddType application/x-x509-ca-cert .cert
> > AddType application/x-pkcs7-crl    .crl
> >
> > SSLMutex default
> > SSLRandomSeed startup builtin
> > SSLSessionCache none
> >
> > LogLevel debug
> >
> > <VirtualHost 163.11.110.152:443>
> > SSLEngine On
> > SSLCertificateFile pw/my-server.cert
> > SSLCertificateKeyFile pw/my-server.key
> > </VirtualHost>
> >
> > Does anyone know what's going on? I see hundreds of success stories
> > around the internet about making the key file unencrypted, but mine is
> > already unencrypted. Also it's Listening on a specific IP address,
> > something that helped some other people. What else is there left ot
> > try?
> >
> > --
> > Brian Gordon
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> > User Support Mailing List                      modssl-users <at> modssl.org
> > Automated List Manager
> majordomo <at> modssl.org
> >
>
>

--

-- 
Brian Gordon
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org