log shows connection from server, but then can"t connect from internet client

log shows connection from server, but then can"t connect from internet client

am 18.07.2002 17:28:27 von Joe Dames

Hello fellow humans!


I am trying desperately to discover the new skill of installing an SSL
certificate on an Apache server which is (hopefully) SSL enabled.

..I start the server:
/usr/local/apache/bin/apachectl startssl
It starts cleanly! (I think)
http://molions.com/joe/apache-ssl_error_log.txt

..No my problems are uncovered. I can connect to port 443 on my virtual server
while using the openssh s_client tool at my servers shell. I cannot, however,
do a normal client connection from another machine's web browser (netscape, IE,
Opera, --all new versions). I have read high and low, and have learned a great
deal, but still am at a loss of what is wrong. I have compiled all of the
variables that I have found to have a direct effect upon the operation of ssl
and included them below for your expert opinions.

..I believe I have accomplished some level of success as evidenced by this
ssl_engine_log snip
http://molions.com/joe/ssl_engine_log_snip.txt
I am concerned about the whole "Init: 1st startup round (still not detached)"
bit in the ssl_engine_log. I don't understand why it must go through 2 startup
rounds. Is this a problem?

..When I run curl secure.mydomain.com:443 from the ssl server, it spits out all
of the html. But I am having no success having a client browser on another
machine connect to port 443 on this virtual server.

..Here is what I get when I run the command: "openssl s_client -connect
secure.mydomain.com:443 -state"
http://molions.com/joe/openssl-s_client_-connect.txt
(I've changed the names to protect the innocent ;)

..Here are my httpd.conf ssl tidbits
http://molions.com/joe/httpd.conf.tidbits.txt


..Here is some of my directory proof that the files are there and who can do what
with them
http://molions.com/joe/ssl_directory_structure.txt



If I have configured something totally wrong (I'm sure), please tell me. I
realize I still have so much to learn. Any help at all will be immensely
appreciated.

Joe Dames

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: log shows connection from server, but then can"t connect from internet client

am 18.07.2002 18:59:58 von Joe Dames

Digging deeper, I realized I had overlooked an error in the "openssl s_client"
output:

verify error:num=19:self signed certificate in certificate chain

Will this help?
openssl verify -CApath /usr/local/apache/conf/ca-bundle/ -CAfile
/usr/local/apache/conf/ca-bundle/ca.txt

I'm not sure if this is what I should be doing.



----- Original Message -----
From: "Joe Dames"
To:
Sent: Thursday, July 18, 2002 10:28 AM
Subject: log shows connection from server, but then can't connect from internet
client


> Hello fellow humans!
>
>
> I am trying desperately to discover the new skill of installing an SSL
> certificate on an Apache server which is (hopefully) SSL enabled.
>
> .I start the server:
> /usr/local/apache/bin/apachectl startssl
> It starts cleanly! (I think)
> http://molions.com/joe/apache-ssl_error_log.txt
>
> .No my problems are uncovered. I can connect to port 443 on my virtual server
> while using the openssh s_client tool at my servers shell. I cannot, however,
> do a normal client connection from another machine's web browser (netscape,
IE,
> Opera, --all new versions). I have read high and low, and have learned a
great
> deal, but still am at a loss of what is wrong. I have compiled all of the
> variables that I have found to have a direct effect upon the operation of ssl
> and included them below for your expert opinions.
>
> .I believe I have accomplished some level of success as evidenced by this
> ssl_engine_log snip
> http://molions.com/joe/ssl_engine_log_snip.txt
> I am concerned about the whole "Init: 1st startup round (still not detached)"
> bit in the ssl_engine_log. I don't understand why it must go through 2
startup
> rounds. Is this a problem?
>
> .When I run curl secure.mydomain.com:443 from the ssl server, it spits out all
> of the html. But I am having no success having a client browser on another
> machine connect to port 443 on this virtual server.
>
> .Here is what I get when I run the command: "openssl s_client -connect
> secure.mydomain.com:443 -state"
> http://molions.com/joe/openssl-s_client_-connect.txt
> (I've changed the names to protect the innocent ;)
>
> .Here are my httpd.conf ssl tidbits
> http://molions.com/joe/httpd.conf.tidbits.txt
>
>
> .Here is some of my directory proof that the files are there and who can do
what
> with them
> http://molions.com/joe/ssl_directory_structure.txt
>
>
>
> If I have configured something totally wrong (I'm sure), please tell me. I
> realize I still have so much to learn. Any help at all will be immensely
> appreciated.
>
> Joe Dames
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org