startssl means nothing.

startssl means nothing.

am 06.07.2002 23:47:56 von Mark-Nathaniel Weisman

Hello List:
I'm kinda stuck here so I figured I'd try the list to see if I can get
any movement. I've got my local server certificate created, I've even
created a ca.key so that I can sign my own certs. I've installed the
following on my redhat 6.2 webserver:
apache-1.3.22-5.6
apache-devel-1.3.23-15
openssl-0.9.5a-7.6
mod_ssl-2.8.7-6
I've used only rpm files with this install. I've installed all three
packages with their dependancies, the openssl and mod_ssl were compiled
from source. However, two things did not happen,
1. There were no changes made to my httpd.conf file?
2. My httpd script does not recognize startssl as an option.
3. Port 443 is not open on the box even if I set a VirtualHost
directive.

Any ideas?

His Faithful Servant,
Mark
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: startssl means nothing.

am 07.07.2002 15:44:02 von Peter Viertel

All startssl does in the apachectl script is run httpd with -DSSL, this
activates any directives in httpd.conf that are between
so if you have not got an appropriately patched
httpd.conf then it wont do anything.

It looks as if you're using the with-apxs method to build libssl, that
is you're building against the precompiled rpm of apache, in this method
the httpd.conf would not get touched i dont think, or maybe it alters
conf/httpd.conf-dist.

the patch script under mod_sslxxxxx/pkg.sslcfg/sslcfg.patch should add
the bits in that you need - including the Listen 443 directive that is
missing.

But my advice is that for security reasons you should start with the
source trees of apache 1.3.26 and mod_ssl 2.8.10 - use the first method,
in which mod_ssl patches the apache source tree, and build apache
yourself. The rpm version you have is subject to a security advisory.


Mark-Nathaniel Weisman wrote:

> Hello List:
> I'm kinda stuck here so I figured I'd try the list to see if I can
> get any movement. I've got my local server certificate created, I've
> even created a ca.key so that I can sign my own certs. I've installed
> the following on my redhat 6.2 webserver:
> apache-1.3.22-5.6
> apache-devel-1.3.23-15
> openssl-0.9.5a-7.6
> mod_ssl-2.8.7-6
> I've used only rpm files with this install. I've installed all three
> packages with their dependancies, the openssl and mod_ssl were
> compiled from source. However, two things did not happen,
> 1. There were no changes made to my httpd.conf file?
> 2. My httpd script does not recognize startssl as an option.
> 3. Port 443 is not open on the box even if I set a VirtualHost
> directive.
>
> Any ideas?
>
> His Faithful Servant,
> Mark
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org