Apache mod_ssl and FIPS 140-2

Apache mod_ssl and FIPS 140-2

am 15.06.2007 20:26:16 von David_Gerendas

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7AF7A.A8EA93E6
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated...

=20

Thanks,

David Gerendas, CISSP=20
McAfee, Inc.=20
949-297-5600 Main=20
949-860-3369 Direct=20
949-289-8677 Mobile=20
david_gerendas@mcafee.com =20

=20


------_=_NextPart_001_01C7AF7A.A8EA93E6
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">

namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>









style=3D'font-size:10.0pt;
font-family:Arial'>Does anyone know if the Apache v2.2.x implementation =
of
OpenSSL mod_ssl is FIPS 140-2 validated? What version of OpenSSL is =
distributed
with the current version of Apache? Any help is much =
appreciated…



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>Thanks,



style=3D'font-size:10.0pt;font-family:"Microsoft Sans Serif";color:navy;
font-weight:bold'>David Gerendas, color=3Dnavy
face=3D"Microsoft Sans Serif"> style=3D'font-size:7.5pt;font-family:"Microsoft Sans Serif";
color:navy;font-weight:bold'>CISSP

style=3D'font-size:
10.0pt;font-family:"Microsoft Sans Serif";color:black'>McAfee, =
Inc.


style=3D'font-size:
10.0pt;font-family:"Microsoft Sans Serif";color:black'>949-297-5600 =
Main


style=3D'font-size:
10.0pt;font-family:"Microsoft Sans Serif";color:black'>949-860-3369 =
Direct


style=3D'font-size:
10.0pt;font-family:"Microsoft Sans Serif";color:black'>949-289-8677 =
w:st=3D"on">Mobile

face=3D"Microsoft Sans Serif"> style=3D'font-size:10.0pt;font-family:"Microsoft Sans =
Serif"'>david_gerendas@mcafee.com



style=3D'font-size:10.0pt'> 









------_=_NextPart_001_01C7AF7A.A8EA93E6--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache mod_ssl and FIPS 140-2

am 15.06.2007 21:18:05 von Dave Paris

http://csrc.nist.gov/cryptval/140-1/1401val2007.htm#733

Best~
-d

David_Gerendas@McAfee.com wrote:
> Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl=
=20
> is FIPS 140-2 validated? What version of OpenSSL is distributed with th=
e=20
> current version of Apache? Any help is much appreciated=85
>=20
> =20
>=20
> Thanks,
>=20
> *David Gerendas, **CISSP*
> McAfee, Inc.
> 949-297-5600 Main
> 949-860-3369 Direct
> 949-289-8677 Mobile
> david_gerendas@mcafee.com
>=20
> =20
>=20
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Apache with mod_ssl

am 16.06.2007 00:54:02 von Saikat Saha

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7AFA0.11D703D2
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

We have apache 2.2.4 compiled with all modules but commented out all
load modules. Do not have anything in httpd.conf file to state that this
is https. But when I start apache, it tries to goto https and prompts
for pass phrase. How does apache determine that this is https whereas
this is actually a http server. After I enter a passphrase, it shows
successful but the server never starts up. Can someone please help?

=20

Also can apache support both http and https at different ports at the
same time?

=20

Thanks much for your help.

SS

=20

=20

=20

[root@rh4_109 bin]# ./apachectl start

Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)

Some of your private key files are encrypted for security reasons.

In order to read them you have to provide the pass phrases.

=20

Server 10.3.110.109:443 (RSA)

Enter pass phrase:

=20

OK: Pass Phrase Dialog successful.

=20

=20

Httpd.conf=20

=20

# Secure (SSL/TLS) connections

#Include conf/extra/httpd-ssl.conf

#

# Note: The following must must be present to support

# starting without SSL on platforms with no /dev/random equivalent

# but a statically compiled-in mod_ssl.

#



SSLRandomSeed startup builtin

SSLRandomSeed connect builtin




------_=_NextPart_001_01C7AFA0.11D703D2
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">









style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>We have apache 2.2.4 compiled with =
all
modules but commented out all load modules. Do not have anything in =
httpd.conf
file to state that this is https. But when I start apache, it tries to =
goto
https and prompts for pass phrase. How does apache determine that this =
is https
whereas this is actually a http server. After I enter a passphrase, it =
shows
successful but the server never starts up. Can someone please =
help?



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Also can apache support both http =
and
https at different ports at the same time?



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Thanks much for your =
help.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>SS



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>[root@rh4_109 bin]# ./apachectl =
start



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Apache/2.2.4 mod_ssl/2.2.4 (Pass =
Phrase
Dialog)



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Some of your private key files are
encrypted for security reasons.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>In order to read them you have to =
provide
the pass phrases.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Server 10.3.110.109:443 =
(RSA)



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Enter pass =
phrase:



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>OK: Pass Phrase Dialog =
successful.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Httpd.conf =



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'> 



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'># Secure (SSL/TLS) =
connections



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>#Include =
conf/extra/httpd-ssl.conf



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>#



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'># Note: The following must must be =
present
to support



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>#      =
; starting without SSL on platforms
with no /dev/random equivalent



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>#      =
; but a statically compiled-in
mod_ssl.



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>#



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><IfModule =
ssl_module>



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>SSLRandomSeed startup =
builtin



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>SSLRandomSeed connect =
builtin



style=3D'font-size:
10.0pt;font-family:Arial;color:navy'></IfModule><=
/font>









------_=_NextPart_001_01C7AFA0.11D703D2--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache with mod_ssl

am 16.06.2007 01:13:12 von ohannet

Saikat Saha wrote:
> We have apache 2.2.4 compiled with all modules but commented out all
> load modules. Do not have anything in httpd.conf file to state that this
> is https. But when I start apache, it tries to goto https and prompts
> for pass phrase. How does apache determine that this is https whereas
> this is actually a http server.

Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check this.

> After I enter a passphrase, it shows
> successful but the server never starts up. Can someone please help?

The reason probably can be found in Apache's error_log file.

> Also can apache support both http and https at different ports at the
> same time?

Yes. The defaults are port 80 for http and port 443 for https.

--
Omar W. Hannet
http://www.allez-oop.net/
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Apache with mod_ssl

am 16.06.2007 01:21:16 von Saikat Saha

Apache was compiled as below

../configure --with-ldap --enable-mods-shared=3D"all ssl ldap cache proxy
authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
disk_cache" --prefix=3D/opt/apache-2.2.4

Httpd -l gives below
[root@rh4_109 bin]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c

How do I compile so that it does not load mod_ssl automatically and
loads only if httpd.conf is configured.

Surprisingly there are no error logs even at debug level.

Thank you so very much for the kind help.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: Friday, June 15, 2007 4:13 PM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl

Saikat Saha wrote:
> We have apache 2.2.4 compiled with all modules but commented out all=20
> load modules. Do not have anything in httpd.conf file to state that
this=20
> is https. But when I start apache, it tries to goto https and prompts=20
> for pass phrase. How does apache determine that this is https whereas=20
> this is actually a http server.

Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check this.

> After I enter a passphrase, it shows=20
> successful but the server never starts up. Can someone please help?

The reason probably can be found in Apache's error_log file.

> Also can apache support both http and https at different ports at the=20
> same time?

Yes. The defaults are port 80 for http and port 443 for https.

--=20
Omar W. Hannet
http://www.allez-oop.net/
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache with mod_ssl

am 18.06.2007 17:33:40 von ohannet

Do you have tags surrounding all
SSL directives in your configuration file? For example:


SSLPassPhraseDialog builtin
# etc.


Saikat Saha wrote:_module>
> Apache was compiled as below
>
> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
> disk_cache" --prefix=/opt/apache-2.2.4
>
> Httpd -l gives below
> [root@rh4_109 bin]# httpd -l
> Compiled in modules:
> core.c
> prefork.c
> http_core.c
> mod_so.c
>
> How do I compile so that it does not load mod_ssl automatically and
> loads only if httpd.conf is configured.
>
> Surprisingly there are no error logs even at debug level.
>
> Thank you so very much for the kind help.
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: Friday, June 15, 2007 4:13 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache with mod_ssl
>
> Saikat Saha wrote:
>> We have apache 2.2.4 compiled with all modules but commented out all
>> load modules. Do not have anything in httpd.conf file to state that
> this
>> is https. But when I start apache, it tries to goto https and prompts
>> for pass phrase. How does apache determine that this is https whereas
>> this is actually a http server.
>
> Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check this.
>
>> After I enter a passphrase, it shows
>> successful but the server never starts up. Can someone please help?
>
> The reason probably can be found in Apache's error_log file.
>
>> Also can apache support both http and https at different ports at the
>> same time?
>
> Yes. The defaults are port 80 for http and port 443 for https.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Apache with mod_ssl

am 19.06.2007 02:15:34 von Saikat Saha

Sorry for late response on this one. This is what we have in httpd.conf
which is generated at compile time. This problem does not go away even
if I comment out last four lines and restart apache. Could you please
advise what else could be leading apache to think it is https rather
than http?



# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin



With above commented out, when I try to start apache, I get following
passphrase prompt and apache does not start even after saying passphrase
successful, no logs in logs directory although log level is "debug"

]# ./apachectl start
httpd: Could not reliably determine the server's fully qualified domain
name, using 10.3.110.109 for ServerName
Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server 10.3.110.109:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[root@rh4_109 bin]#

Thanks you very much for your help.


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
Sent: Monday, June 18, 2007 8:34 AM
To: modssl-users@modssl.org
Subject: Re: Apache with mod_ssl

Do you have tags surrounding all
SSL directives in your configuration file? For example:


SSLPassPhraseDialog builtin
# etc.


Saikat Saha wrote:_module>
> Apache was compiled as below
>=20
> ./configure --with-ldap --enable-mods-shared=3D"all ssl ldap cache =
proxy
> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
> disk_cache" --prefix=3D/opt/apache-2.2.4
>=20
> Httpd -l gives below
> [root@rh4_109 bin]# httpd -l
> Compiled in modules:
> core.c
> prefork.c
> http_core.c
> mod_so.c
>=20
> How do I compile so that it does not load mod_ssl automatically and
> loads only if httpd.conf is configured.
>=20
> Surprisingly there are no error logs even at debug level.
>=20
> Thank you so very much for the kind help.
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: Friday, June 15, 2007 4:13 PM
> To: modssl-users@modssl.org
> Subject: Re: Apache with mod_ssl
>=20
> Saikat Saha wrote:
>> We have apache 2.2.4 compiled with all modules but commented out all=20
>> load modules. Do not have anything in httpd.conf file to state that
> this=20
>> is https. But when I start apache, it tries to goto https and prompts

>> for pass phrase. How does apache determine that this is https whereas

>> this is actually a http server.
>=20
> Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check
this.
>=20
>> After I enter a passphrase, it shows=20
>> successful but the server never starts up. Can someone please help?
>=20
> The reason probably can be found in Apache's error_log file.
>=20
>> Also can apache support both http and https at different ports at the

>> same time?
>=20
> Yes. The defaults are port 80 for http and port 443 for https.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache with mod_ssl

am 19.06.2007 19:35:21 von ohannet

Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask: the output from 'apachectl start'
which you provided below shows 'mod_ssl/2.2.4'.

In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
'Apache/2.2.4' and 'configured -- resuming normal operations', do
you see 'mod_ssl/2.2.4'? If so, it is still being loaded from somewhere
in your configuration.

Saikat Saha wrote:
> Sorry for late response on this one. This is what we have in httpd.conf
> which is generated at compile time. This problem does not go away even
> if I comment out last four lines and restart apache. Could you please
> advise what else could be leading apache to think it is https rather
> than http?
>
>
>
> # Secure (SSL/TLS) connections
> #Include conf/extra/httpd-ssl.conf
> #
> # Note: The following must must be present to support
> # starting without SSL on platforms with no /dev/random equivalent
> # but a statically compiled-in mod_ssl.
> #
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>
>
>
> With above commented out, when I try to start apache, I get following
> passphrase prompt and apache does not start even after saying passphrase
> successful, no logs in logs directory although log level is "debug"
>
> ]# ./apachectl start
> httpd: Could not reliably determine the server's fully qualified domain
> name, using 10.3.110.109 for ServerName
> Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide the pass phrases.
>
> Server 10.3.110.109:443 (RSA)
> Enter pass phrase:
>
> OK: Pass Phrase Dialog successful.
> [root@rh4_109 bin]#
>
> Thanks you very much for your help.
>
>
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
> Sent: Monday, June 18, 2007 8:34 AM
> To: modssl-users@modssl.org
> Subject: Re: Apache with mod_ssl
>
> Do you have tags surrounding all
> SSL directives in your configuration file? For example:
>
>
> SSLPassPhraseDialog builtin
> # etc.
>
>
> Saikat Saha wrote:_module>
>> Apache was compiled as below
>>
>> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
>> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
>> disk_cache" --prefix=/opt/apache-2.2.4
>>
>> Httpd -l gives below
>> [root@rh4_109 bin]# httpd -l
>> Compiled in modules:
>> core.c
>> prefork.c
>> http_core.c
>> mod_so.c
>>
>> How do I compile so that it does not load mod_ssl automatically and
>> loads only if httpd.conf is configured.
>>
>> Surprisingly there are no error logs even at debug level.
>>
>> Thank you so very much for the kind help.
>>
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>> Sent: Friday, June 15, 2007 4:13 PM
>> To: modssl-users@modssl.org
>> Subject: Re: Apache with mod_ssl
>>
>> Saikat Saha wrote:
>>> We have apache 2.2.4 compiled with all modules but commented out all
>>> load modules. Do not have anything in httpd.conf file to state that
>> this
>>> is https. But when I start apache, it tries to goto https and prompts
>
>>> for pass phrase. How does apache determine that this is https whereas
>
>>> this is actually a http server.
>> Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check
> this.
>>> After I enter a passphrase, it shows
>>> successful but the server never starts up. Can someone please help?
>> The reason probably can be found in Apache's error_log file.
>>
>>> Also can apache support both http and https at different ports at the
>
>>> same time?
>> Yes. The defaults are port 80 for http and port 443 for https.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache with mod_ssl

am 21.06.2007 20:13:05 von dufresne

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Even more revealing was the passphrase prompt, not required for plain
httpd...


Thanks,

Ron DuFresne


On Tue, 19 Jun 2007, Omar W. Hannet wrote:

> Are you quite certain that the LoadModule for mod_ssl has been
> commented out? The reason I ask: the output from 'apachectl start'
> which you provided below shows 'mod_ssl/2.2.4'.
>
> In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
> 'Apache/2.2.4' and 'configured -- resuming normal operations', do
> you see 'mod_ssl/2.2.4'? If so, it is still being loaded from somewhere
> in your configuration.
>
> Saikat Saha wrote:
>> Sorry for late response on this one. This is what we have in httpd.conf
>> which is generated at compile time. This problem does not go away even
>> if I comment out last four lines and restart apache. Could you please
>> advise what else could be leading apache to think it is https rather
>> than http?
>>
>>
>>
>> # Secure (SSL/TLS) connections
>> #Include conf/extra/httpd-ssl.conf
>> #
>> # Note: The following must must be present to support
>> # starting without SSL on platforms with no /dev/random equivalent
>> # but a statically compiled-in mod_ssl.
>> #
>>
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>>
>>
>>
>> With above commented out, when I try to start apache, I get following
>> passphrase prompt and apache does not start even after saying passphrase
>> successful, no logs in logs directory although log level is "debug"
>>
>> ]# ./apachectl start
>> httpd: Could not reliably determine the server's fully qualified domain
>> name, using 10.3.110.109 for ServerName
>> Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
>> Some of your private key files are encrypted for security reasons.
>> In order to read them you have to provide the pass phrases.
>>
>> Server 10.3.110.109:443 (RSA)
>> Enter pass phrase:
>>
>> OK: Pass Phrase Dialog successful.
>> [root@rh4_109 bin]#
>>
>> Thanks you very much for your help.
>>
>>
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>> Sent: Monday, June 18, 2007 8:34 AM
>> To: modssl-users@modssl.org
>> Subject: Re: Apache with mod_ssl
>>
>> Do you have tags surrounding all
>> SSL directives in your configuration file? For example:
>>
>>
>> SSLPassPhraseDialog builtin
>> # etc.
>>
>>
>> Saikat Saha wrote:_module>
>>> Apache was compiled as below
>>>
>>> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
>>> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
>>> disk_cache" --prefix=/opt/apache-2.2.4
>>>
>>> Httpd -l gives below
>>> [root@rh4_109 bin]# httpd -l
>>> Compiled in modules:
>>> core.c
>>> prefork.c
>>> http_core.c
>>> mod_so.c
>>>
>>> How do I compile so that it does not load mod_ssl automatically and
>>> loads only if httpd.conf is configured.
>>>
>>> Surprisingly there are no error logs even at debug level.
>>>
>>> Thank you so very much for the kind help.
>>>
>>> -----Original Message-----
>>> From: owner-modssl-users@modssl.org
>>> [mailto:owner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>>> Sent: Friday, June 15, 2007 4:13 PM
>>> To: modssl-users@modssl.org
>>> Subject: Re: Apache with mod_ssl
>>>
>>> Saikat Saha wrote:
>>>> We have apache 2.2.4 compiled with all modules but commented out all load
>>>> modules. Do not have anything in httpd.conf file to state that
>>> this
>>>> is https. But when I start apache, it tries to goto https and prompts
>>
>>>> for pass phrase. How does apache determine that this is https whereas
>>
>>>> this is actually a http server.
>>> Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check
>> this.
>>>> After I enter a passphrase, it shows successful but the server never
>>>> starts up. Can someone please help?
>>> The reason probably can be found in Apache's error_log file.
>>>
>>>> Also can apache support both http and https at different ports at the
>>
>>>> same time?
>>> Yes. The defaults are port 80 for http and port 443 for https.
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

....We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGer+zst+vzJSwZikRAlhnAJ4rLby4nNIlTNYwr0Vq2bQdI1TGmwCg wn1e
itrUfe7Vl+cuoIdY3KOVw8M=
=LeZD
-----END PGP SIGNATURE-----
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org