Testing with a dummy certificate...

am 10.06.2002 16:55:42 von Sean M Alderman

Hi all,
Just got Apache and Mod_SSL setup last friday for the first time. I
did the make certificate to create a dummy cert and installed it. I run
APACHE_HOME/bin/apachectl startssl to get the server started and get
prompted for the passphrase, enter the phrase and the server starts up.
When I point a browser to it (tried ssl-aware lynx, Netscape 4.78, and
Mozilla 0.99) the browser gives me an error (not an unrecognized CA
certificate message). Below is a snippet of some logs from
APACHE_HOME/logs. Could anyone tell me what the Invalid Method Request
F message means? Oh and I'm running Apache 1.3.24. mod_SSL 2.8.8, on
64bit UltraSPARC Solaris 2.8. Thanks!

Logs...
# pwd
/usr/appl/apache/logs
# tail access_log
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/apache_pb.gif HTTP/1.1" 200 1806
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/openssl_ics.gif HTTP/1.1" 200 2063
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/mod_ssl_sb.gif HTTP/1.1" 200 2007
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
/manual/images/feather.jpg HTTP/1.1" 200 7108
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:08 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:19 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:44:54 -0400] "F" 501 -
WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:45:08 -0400] "F" 501 -
# tail error_log
[Fri Jun 7 15:42:19 2002] [notice] Accept mutex: fcntl (Default: fcntl)
[Mon Jun 10 10:41:12 2002] [notice] caught SIGTERM, shutting down
[Mon Jun 10 10:41:45 2002] [notice] Apache/1.3.24 (Unix) PHP/4.2.0
mod_ssl/2.8.8 OpenSSL/0.9.6c configured -- resuming normal operations
[Mon Jun 10 10:41:45 2002] [notice] Accept mutex: fcntl (Default: fcntl)
[Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:42:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:42:19 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:44:54 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
[Mon Jun 10 10:45:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
method in request F
# tail ssl_engine_log
[10/Jun/2002 10:41:39 14549] [info] Init: Seeding PRNG with 136 bytes
of entropy
[10/Jun/2002 10:41:39 14549] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[10/Jun/2002 10:41:45 14549] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[10/Jun/2002 10:41:45 14553] [info] Init: 2nd startup round (already
detached)
[10/Jun/2002 10:41:45 14553] [info] Init: Reinitializing OpenSSL
library
[10/Jun/2002 10:41:45 14553] [info] Init: Seeding PRNG with 136 bytes
of entropy
[10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary RSA
private keys (512/1024 bits)
[10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[10/Jun/2002 10:41:45 14553] [info] Init: Initializing (virtual)
servers for SSL
[10/Jun/2002 10:41:45 14553] [info] Init: Configuring server
XXXX.lerc.nasa.gov:8443 for SSL protocol

--
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Testing with a dummy certificate...

am 10.06.2002 17:03:56 von Sean M Alderman

Opps...Nevermind, I just found that I had missed changing one line in
the conf/httpd.conf to change the port number from 8443 to 443.

Is there are a reason why the config defaults to ports 8080 and 8443
instead of 80 and 443?

On Mon, 2002-06-10 at 10:55, Sean M Alderman wrote:
> Hi all,
> Just got Apache and Mod_SSL setup last friday for the first time. I
> did the make certificate to create a dummy cert and installed it. I run
> APACHE_HOME/bin/apachectl startssl to get the server started and get
> prompted for the passphrase, enter the phrase and the server starts up.
> When I point a browser to it (tried ssl-aware lynx, Netscape 4.78, and
> Mozilla 0.99) the browser gives me an error (not an unrecognized CA
> certificate message). Below is a snippet of some logs from
> APACHE_HOME/logs. Could anyone tell me what the Invalid Method Request
> F message means? Oh and I'm running Apache 1.3.24. mod_SSL 2.8.8, on
> 64bit UltraSPARC Solaris 2.8. Thanks!
>
> Logs...
> # pwd
> /usr/appl/apache/logs
> # tail access_log
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/apache_pb.gif HTTP/1.1" 200 1806
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/openssl_ics.gif HTTP/1.1" 200 2063
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/mod_ssl_sb.gif HTTP/1.1" 200 2007
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:41:58 -0400] "GET
> /manual/images/feather.jpg HTTP/1.1" 200 7108
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:03 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:08 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:42:19 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:44:54 -0400] "F" 501 -
> WWW.XXX.YYY.ZZZ - - [10/Jun/2002:10:45:08 -0400] "F" 501 -
> # tail error_log
> [Fri Jun 7 15:42:19 2002] [notice] Accept mutex: fcntl (Default: fcntl)
> [Mon Jun 10 10:41:12 2002] [notice] caught SIGTERM, shutting down
> [Mon Jun 10 10:41:45 2002] [notice] Apache/1.3.24 (Unix) PHP/4.2.0
> mod_ssl/2.8.8 OpenSSL/0.9.6c configured -- resuming normal operations
> [Mon Jun 10 10:41:45 2002] [notice] Accept mutex: fcntl (Default: fcntl)
> [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:42:03 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:42:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:42:19 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:44:54 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> [Mon Jun 10 10:45:08 2002] [error] [client WWW.XXX.YYY.ZZZ] Invalid
> method in request F
> # tail ssl_engine_log
> [10/Jun/2002 10:41:39 14549] [info] Init: Seeding PRNG with 136 bytes
> of entropy
> [10/Jun/2002 10:41:39 14549] [info] Init: Generating temporary RSA
> private keys (512/1024 bits)
> [10/Jun/2002 10:41:45 14549] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [10/Jun/2002 10:41:45 14553] [info] Init: 2nd startup round (already
> detached)
> [10/Jun/2002 10:41:45 14553] [info] Init: Reinitializing OpenSSL
> library
> [10/Jun/2002 10:41:45 14553] [info] Init: Seeding PRNG with 136 bytes
> of entropy
> [10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [10/Jun/2002 10:41:45 14553] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [10/Jun/2002 10:41:45 14553] [info] Init: Initializing (virtual)
> servers for SSL
> [10/Jun/2002 10:41:45 14553] [info] Init: Configuring server
> XXXX.lerc.nasa.gov:8443 for SSL protocol
>
>
>
> --
> Sean M. Alderman
> ITRACK Systems Analyst
> PACE/NCI - NASA Glenn Research Center
> (216) 433-2795
>
> Calling a windowed operating system "Windows" is like naming an
> automobile "Wheels."
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
--
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Testing with a dummy certificate...

am 10.06.2002 18:06:52 von Geoff Thorpe

Hi there,

On 10 Jun 2002, Sean M Alderman wrote:

> Opps...Nevermind, I just found that I had missed changing one line in
> the conf/httpd.conf to change the port number from 8443 to 443.
>
> Is there are a reason why the config defaults to ports 8080 and 8443
> instead of 80 and 443?

You can only start services on ports below 1024 if you are root. At least
it's that way on respectable systems. :-) The default to 8080 and 8443
assumes that, like everything else (default index.html(s), dummy certs),
it should install some kind of template installation for you to test with
and change rather than trying to configure anything production-like. It
also reduces the chance that it conflicts with any system-wide running
web-server upon installation.

Cheers,
Geoff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Testing with a dummy certificate...

am 10.06.2002 21:02:30 von Sean M Alderman

I guess that makes sense. This box we're putting it on already has
Tomcat and Inktomi's search engine fighting for 8080 and the surrounding
ports... Not that they're any of them are difficult to change, but it
presented an interesting configuration glitch when I missed that second
port statement in the config.

On Mon, 2002-06-10 at 12:06, Geoff Thorpe wrote:
> Hi there,
>
> On 10 Jun 2002, Sean M Alderman wrote:
>
> > Opps...Nevermind, I just found that I had missed changing one line in
> > the conf/httpd.conf to change the port number from 8443 to 443.
> >
> > Is there are a reason why the config defaults to ports 8080 and 8443
> > instead of 80 and 443?
>
> You can only start services on ports below 1024 if you are root. At least
> it's that way on respectable systems. :-) The default to 8080 and 8443
> assumes that, like everything else (default index.html(s), dummy certs),
> it should install some kind of template installation for you to test with
> and change rather than trying to configure anything production-like. It
> also reduces the chance that it conflicts with any system-wide running
> web-server upon installation.
>
> Cheers,
> Geoff
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
--
Sean M. Alderman
ITRACK Systems Analyst
PACE/NCI - NASA Glenn Research Center
(216) 433-2795

Calling a windowed operating system "Windows" is like naming an
automobile "Wheels."
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Testing with a dummy certificate...

am 10.06.2002 21:02:30 von Sean M Alderman