Apache starts, SSL site unavailable

Hi,

I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
When I start apache, everything appears to work except the SSL site.
There's some sort of warning about the cache. mod_ssl.c is listed as
a compiled in module, and there's an: Include conf/ssl.conf in the
httpd.conf Any suggestions would be greatly appreciated.

Thanks,
-Jon

Here's the error log for the startup:

[Tue Jun 21 14:01:33 2005] [warn] Init: Session Cache is not
configured [hint: S
SLSessionCache]
[Tue Jun 21 14:01:33 2005] [notice] Apache/2.0.54 (Unix) mod_ssl/
2.0.54 OpenSSL/
0.9.7g configured -- resuming normal operations

Here's the ssl.conf (minus comments):

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache/logs/ssl_mutex

ServerName secure.securesite.com
ServerAdmin web@securesite.com
DocumentRoot /www/docs/secsite

Options FollowSymLinks ExecCGI Includes
AllowOverride None

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP
ErrorLog logs/secure.securesite.com-error_log
CustomLog logs/secure.securesite.com-access_log common
SSLCertificateFile /usr/local/apache/conf/ssl.crt/
secure.securesite.com.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/
secure.securesite.com.key




____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache starts, SSL site unavailable

On Tue, 21 Jun 2005, Jon August wrote:

> Hi,
>
> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
> When I start apache, everything appears to work except the SSL site.
> There's some sort of warning about the cache. mod_ssl.c is listed as
> a compiled in module, and there's an: Include conf/ssl.conf in the
> httpd.conf Any suggestions would be greatly appreciated.
>

Are you starting httpd with the -D SSL command line argument? If not,
then the entire block of configuration directives inside the SSL> container in your config file will be ignored.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache starts, SSL site unavailable

Can I just remove the IfDefine tags? or is that not recommended?



On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote:

> On Tue, 21 Jun 2005, Jon August wrote:
>
>
>> Hi,
>>
>> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
>> When I start apache, everything appears to work except the SSL site.
>> There's some sort of warning about the cache. mod_ssl.c is listed as
>> a compiled in module, and there's an: Include conf/ssl.conf in the
>> httpd.conf Any suggestions would be greatly appreciated.
>>
>>
>
> Are you starting httpd with the -D SSL command line argument? If not,
> then the entire block of configuration directives inside the > SSL> container in your config file will be ignored.
>
> --Cliff
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache starts, SSL site unavailable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 21 Jun 2005, Jon August wrote:

>
>
> Can I just remove the IfDefine tags? or is that not recommended?
>
>

You could though the gain might not be there, why not just run the server
in the proper mode?

Thanks,

Ron DuFresne


>
> On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote:
>
>> On Tue, 21 Jun 2005, Jon August wrote:
>>
>>
>>> Hi,
>>>
>>> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl enabled.
>>> When I start apache, everything appears to work except the SSL site.
>>> There's some sort of warning about the cache. mod_ssl.c is listed as
>>> a compiled in module, and there's an: Include conf/ssl.conf in the
>>> httpd.conf Any suggestions would be greatly appreciated.
>>>
>>>
>>
>> Are you starting httpd with the -D SSL command line argument? If not,
>> then the entire block of configuration directives inside the >> SSL> container in your config file will be ignored.
>>
>> --Cliff
>>
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

....We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCuG+7st+vzJSwZikRAkQTAJ90dOrQfPiSAUfkUmBC86FHoF4q3ACc DWRp
AhbKUmB4KKzSvs0cwU66e1Y=
=KtmY
-----END PGP SIGNATURE-----
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache starts, SSL site unavailable

I am running the server with the -D SSL option now and all is well.

Thanks for the help Cliff and Ron.

-Jon


On Jun 21, 2005, at 3:51 PM, R. DuFresne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 21 Jun 2005, Jon August wrote:
>
>
>>
>>
>> Can I just remove the IfDefine tags? or is that not recommended?
>>
>>
>>
>
> You could though the gain might not be there, why not just run the
> server in the proper mode?
>
> Thanks,
>
> Ron DuFresne
>
>
>
>>
>> On Jun 21, 2005, at 2:35 PM, Cliff Woolley wrote:
>>
>>
>>> On Tue, 21 Jun 2005, Jon August wrote:
>>>
>>>> Hi,
>>>> I'm switching from Stronghold to Apache 2.0.54 with mod_ssl
>>>> enabled.
>>>> When I start apache, everything appears to work except the SSL
>>>> site.
>>>> There's some sort of warning about the cache. mod_ssl.c is
>>>> listed as
>>>> a compiled in module, and there's an: Include conf/ssl.conf in the
>>>> httpd.conf Any suggestions would be greatly appreciated.
>>>>
>>> Are you starting httpd with the -D SSL command line argument? If
>>> not,
>>> then the entire block of configuration directives inside the
>>> >>> SSL> container in your config file will be ignored.
>>> --Cliff
>>>
>>
>>
>> ____________________________________________________________ _________
>> _
>> Apache Interface to OpenSSL (mod_ssl)
>> www.modssl.org
>> User Support Mailing List modssl-
>> users@modssl.org
>> Automated List Manager
>> majordomo@modssl.org
>>
>>
>
> - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
> Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
>
> ...We waste time looking for the perfect lover
> instead of creating the perfect love.
>
> -Tom Robbins
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFCuG+7st+vzJSwZikRAkQTAJ90dOrQfPiSAUfkUmBC86FHoF4q3ACc DWRp
> AhbKUmB4KKzSvs0cwU66e1Y=
> =KtmY
> -----END PGP SIGNATURE-----
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache starts, SSL site unavailable

On Tue, 21 Jun 2005, Jon August wrote:

> Can I just remove the IfDefine tags? or is that not recommended?

Yes, feel free. My understanding is that the only reason it's in there in
the first place is to try to make it clear that SSL isn't something you
can have work directly out of the box... you have to go and generate
yourself a private key and certificate request and so forth.

Unfortunately it has the side-effect of getting in the way sometimes, so
it's a lesser-of-two-evils situation I suppose.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org