Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

Apache2 SSL problem

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  IIS 6.0 and ASP.Net Download Problems  
Author Message
user3352

External


Since: Dec 22, 2004
Posts: 3



(Msg. 1) Posted: Wed Dec 22, 2004 9:21 am
Post subject: Apache2 SSL problem
Archived from groups: alt>apache>configuration (more info?)
Hello,

I have spent the past few weeks trying to get SSL working on Suse
Enterprise server 9.1 with Apache 2. I have followed several guides
all of which were pretty similar give or take an item or two. I have
made sure that /etc/sysconfig/apache2 has ssl listed under
APACHE_MODULES and that APACHE_SERVER_FLAGS="-D SSL"

I have setup one virtual host as minimally as possible using the
template included in the installation and generated my certificate as
instructed.

When I run httpd2 -D SSL -S it tells my Syntax OK. When trying to
access the server via https I see the following in the access_log

192.168.42.230 - - [22/Dec/2004:07:41:06 -0800] "\x80g\x01\x03" 200
709 "-" "-"
192.168.42.230 - - [22/Dec/2004:07:41:09 -0800] "\x80g\x01\x03" 200
709 "-" "-"

With debugging on I see the following in the error.log

[Wed Dec 22 07:49:05 2004] [info] Shared memory session cache
initialised
[Wed Dec 22 07:49:05 2004] [info] Init: Initializing (virtual) servers
for SSL
[Wed Dec 22 07:49:05 2004] [warn] Init: (192.168.42.89:443) You
configured HTTP(80) on the standard HTTPS(443) port!
[Wed Dec 22 07:49:05 2004] [info] Server: Apache/2.0.49, Interface:
mod_ssl/2.0.49, Library: OpenSSL/0.9.7d
[Wed Dec 22 07:49:06 2004] [notice] mod_python: Creating 32 session
mutexes based on 150 max processes and 0 max threads.
[Wed Dec 22 07:49:06 2004] [notice] Apache/2.0.49 (Linux/SuSE)
configured -- resuming normal operations
[Wed Dec 22 07:49:06 2004] [info] Server built: Nov 9 2004 22:42:30
[Wed Dec 22 07:49:06 2004] [debug] prefork.c(955): AcceptMutex:
sysvsem (default: sysvsem)

I have gone through all of the conf files, but can not see where I
have configured HTTP(80) on the standard HTTPS(443) port.

Anyone have any ideas?

 >> Stay informed about: Apache2 SSL problem 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 2) Posted: Wed Dec 22, 2004 2:35 pm
Post subject: Re: Apache2 SSL problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On 2004-12-22, brlaas <no RemoveThis @no.net> wrote:
 > I have gone through all of the conf files, but can not see where I
 > have configured HTTP(80) on the standard HTTPS(443) port.

When Apache is configured for SSL usually you end up with something
like

Listen 80
<IfDefine SSL>
Listen 443
</IfDefine>

Then in the VirtualHost section:

<IfDefine SSL>
<VirtualHost *:443>
.....
</VirtualHost>
</IfDefine>

This makes apache listen to port 443 _only_ when SSL is enabled and on
port 80 for 'normal' http. I suppose that in your case you miss the
'443' part, so you're running https on port 80. Now, normally browsers
when instructed to use https switch automatically to port 443. This
keeps the two way separated. If you want to run https only, change your
'listen' directive to listen only on port 443.

Davide

--
We are at one with our work. If you disturb our work, our foot will be at
one with your ass.
-- J. Gostin on alt.sysadmin.recovery<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: Apache2 SSL problem 
Back to top
Login to vote
user3352

External


Since: Dec 22, 2004
Posts: 3



(Msg. 3) Posted: Wed Dec 22, 2004 2:35 pm
Post subject: Re: Apache2 SSL problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On 22 Dec 2004 18:10:09 GMT, Davide Bianchi
<davideyeahsure.DeleteThis@onlyforfun.net> :

 >On 2004-12-22, brlaas <no.DeleteThis@no.net> wrote:
  >> I have gone through all of the conf files, but can not see where I
  >> have configured HTTP(80) on the standard HTTPS(443) port.
 >
 >When Apache is configured for SSL usually you end up with something
 >like
 >
 >Listen 80
 ><IfDefine SSL>
 >Listen 443
 ></IfDefine>
 >
 >Then in the VirtualHost section:
 >
 ><IfDefine SSL>
 ><VirtualHost *:443>
 >....
 ></VirtualHost>
 ></IfDefine>
 >
 >This makes apache listen to port 443 _only_ when SSL is enabled and on
 >port 80 for 'normal' http. I suppose that in your case you miss the
 >'443' part, so you're running https on port 80. Now, normally browsers
 >when instructed to use https switch automatically to port 443. This
 >keeps the two way separated. If you want to run https only, change your
 >'listen' directive to listen only on port 443.
 >
 >Davide

Thanks Davide,

I did find the error and corrected it. My error_log now looks like the
following when starting up Apache2:

[Wed Dec 22 10:38:56 2004] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec2)
[Wed Dec 22 10:38:56 2004] [debug] util_ldap.c(1129): LDAP cache:
Unable to init Shared Cache: no file
[Wed Dec 22 10:38:56 2004] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Dec 22 10:38:56 2004] [notice] LDAP: SSL support unavailable
[Wed Dec 22 10:38:56 2004] [info] Init: Initializing OpenSSL library
[Wed Dec 22 10:38:56 2004] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Wed Dec 22 10:38:56 2004] [info] Loading certificate & private key of
SSL-aware server
[Wed Dec 22 10:38:56 2004] [debug] ssl_engine_pphrase.c(468):
unencrypted RSA private key - pass phrase not required
[Wed Dec 22 10:38:56 2004] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Wed Dec 22 10:38:57 2004] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Wed Dec 22 10:38:57 2004] [debug] ssl_scache_dbm.c(403):
Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Wed Dec 22 10:38:57 2004] [info] Init: Initializing (virtual) servers
for SSL
[Wed Dec 22 10:38:57 2004] [info] Configuring server for SSL protocol
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(402): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(585): Configuring
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(713): Configuring
RSA server certificate
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(752): Configuring
RSA server private key
[Wed Dec 22 10:38:57 2004] [info] Server: Apache/2.0.49, Interface:
mod_ssl/2.0.49, Library: OpenSSL/0.9.7d
[Wed Dec 22 10:38:57 2004] [debug] util_ldap.c(1129): LDAP cache:
Unable to init Shared Cache: no file
[Wed Dec 22 10:38:57 2004] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Dec 22 10:38:57 2004] [notice] LDAP: SSL support unavailable
[Wed Dec 22 10:38:57 2004] [info] Init: Initializing OpenSSL library
[Wed Dec 22 10:38:57 2004] [info] Init: Seeding PRNG with 136 bytes of
entropy
[Wed Dec 22 10:38:57 2004] [info] Loading certificate & private key of
SSL-aware server
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_pphrase.c(468):
unencrypted RSA private key - pass phrase not required
[Wed Dec 22 10:38:57 2004] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[Wed Dec 22 10:38:57 2004] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Wed Dec 22 10:38:57 2004] [debug] ssl_scache_dbm.c(403):
Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Wed Dec 22 10:38:57 2004] [info] Init: Initializing (virtual) servers
for SSL
[Wed Dec 22 10:38:57 2004] [info] Configuring server for SSL protocol
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(402): Creating
new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(585): Configuring
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(713): Configuring
RSA server certificate
[Wed Dec 22 10:38:57 2004] [debug] ssl_engine_init.c(752): Configuring
RSA server private key
[Wed Dec 22 10:38:57 2004] [info] Server: Apache/2.0.49, Interface:
mod_ssl/2.0.49, Library: OpenSSL/0.9.7d
[Wed Dec 22 10:38:58 2004] [notice] mod_python: Creating 32 session
mutexes based on 150 max processes and 0 max threads.
[Wed Dec 22 10:38:58 2004] [notice] Apache/2.0.49 (Linux/SuSE)
configured -- resuming normal operations
[Wed Dec 22 10:38:58 2004] [info] Server built: Nov 9 2004 22:42:30
[Wed Dec 22 10:38:58 2004] [debug] prefork.c(955): AcceptMutex:
sysvsem (default: sysvsem)

However I still can not access the server via https , I still see in
the access log

192.168.42.9 - - [22/Dec/2004:10:41:21 -0800] "\x80L\x01\x03" 200 709
"-" "-"

Everytime I try to access https and the ssl_request_log is empty. I
did not see anything in the error_log that would indicate a
configuration problem.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Apache2 SSL problem 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 4) Posted: Wed Dec 22, 2004 3:35 pm
Post subject: Re: Apache2 SSL problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On 2004-12-22, brlaas <no.RemoveThis@no.net> wrote:
 > However I still can not access the server via https , I still see in
 > the access log
 > 192.168.42.9 - - [22/Dec/2004:10:41:21 -0800] "\x80L\x01\x03" 200 709
 > "-" "-"

This usually happens when you are using https on normal http (port 80).
How do you connect with the server? Are you using some kind of proxy?

Davide

--
Linux: the operating system with a CLUE... Command Line User Environment<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Apache2 SSL problem 
Back to top
Login to vote
user3352

External


Since: Dec 22, 2004
Posts: 3



(Msg. 5) Posted: Wed Dec 22, 2004 3:35 pm
Post subject: Re: Apache2 SSL problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On 22 Dec 2004 19:20:47 GMT, Davide Bianchi
<davideyeahsure.DeleteThis@onlyforfun.net> :

 >On 2004-12-22, brlaas <no.DeleteThis@no.net> wrote:
  >> However I still can not access the server via https , I still see in
  >> the access log
  >> 192.168.42.9 - - [22/Dec/2004:10:41:21 -0800] "\x80L\x01\x03" 200 709
  >> "-" "-"
 >
 >This usually happens when you are using https on normal http (port 80).
 >How do you connect with the server? Are you using some kind of proxy?
 >
 >Davide

No proxy, just a direct LAN connection.<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Apache2 SSL problem 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 6) Posted: Wed Dec 22, 2004 3:35 pm
Post subject: Re: Apache2 SSL problem [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On 2004-12-22, brlaas <no.DeleteThis@no.net> wrote:
 > No proxy, just a direct LAN connection.

Well, I've exhausted the ideas. It looks like your Apache is
listening but is not decrypting the requests.
Check your SSL configuration in the Virtual Host part that is
supposed to listen to https, because I think that is the problem.

Davide

--
The correct way to roll NT out is out the door and into the nearest
Dempster Dumpster or other large waste receptacle.
--Mike Andrews<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Apache2 SSL problem 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
apache2.0.48 and php 4.3.4 problem. - Having some issues installing php after i've installed apache. The problem is make install fails due to error initializing something in apxs. Apache installs fine. linux 2.4.xx gcc 3.3.3 apache 2.0.48 ( built with ./configure --enable-dav --with-ssl..

Problem with restarting apache2 - Hello, I installed on my RH7.3 following software: Apache 2.0.49 mod_ssl 2.0.49 OpenSSL 0.9.6b PHP 4.3.6 Problem is with restart apache2 serwer. Everytime (during restarting) I get errors: [notice] SIGHUP received. Attempting to restart [notice] seg....

PROBLEM Z HASEŁKIEM NA APACHE2 w PHP - Witam. Mam problem z jednym plikiem. Oto on: <HTML> <HEAD> &lt;meta http-equiv="content-type" content="text/html; charset=windows-1250"&gt; </HEAD> <BODY> <? $TYTUL=htmlspecialchars(stripslashes($...

Help Problem! Multi-IP on same Machine with Apache2! - Hi, I'm using apache-2.0.48 on FreeBSD, I'm planning to put 3 IP(interface) on my server. Can I let my apache to round robin the out-going interface no matter which interface it gets the request? Btw, I'm not able to use DNS round robin, so please give m...

Apache2 OpenSSL config problem - I'm trying to configure the lates version of Apache on my server with these parameters ../configure --enable-headers --enable-cgi --enable-speling --enable-so --ena ble-ssl --with-mpm=prefork And i get this error: checking for SSL/TLS toolkit base.....
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]