Stronghold and Apache/mod_ssl certificate compatibility

We are planning to replace an outdated copy of Stronghold (Stronghold/2.4.2
Apache/1.3.6 C2NetEU/2410) with Apache 1.3.27/mod_ssl/2.8.12.

I created what appears to be a workable httpd.conf for Apache. Accessing
http: URLS under Apache works fine. But when trying to access an
Apache/modssl https URL I get this repeated in the error_log:

Invalid method in request \x80L\x01\x03
Invalid method in request \x80L\x01\x03

Do I need a different certificate type for Apache/modssl as opposed to
Stronghold? I know earlier versions of Stronghold didn't use the modssl code
but I want to make sure before I spend the $100 to get a replacement cert
(thanks, Verisign!)

Emily Witcher - emily@crytech.com
Developer and System Administrator
Crytech - 406-655-0501/1-888-CRYTECH


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Stronghold and Apache/mod_ssl certificate compatibility

We were able to pull off this switch this summer SH2.4.2 to Apache
1.3.x-Mod-SSL-2.8.x-OpenSSL-0.9.x
using our old certificate/keys

Grab the sources and compile, make sure you are using --with-crt
and --with-key directives correctly though. It would appear though that you
do not have something configured correctly, the requests are coming in
encrypted, but the server is not decrypting. You can't transfer your
httpd.conf directly though, copy over your virtual hosts and any special
handlers/rules to a default apache config and see how that works.

John Darin Holloway
Web Developer and System Administrator, Bluegrass Network, LLC
jdholloway@blue.net --- http://www.blue.net

----- Original Message -----
From: "Emily Eileen Witcher"
To:
Sent: Monday, October 28, 2002 02:46 PM
Subject: Stronghold and Apache/mod_ssl certificate compatibility


> We are planning to replace an outdated copy of Stronghold
(Stronghold/2.4.2
> Apache/1.3.6 C2NetEU/2410) with Apache 1.3.27/mod_ssl/2.8.12.
>
> I created what appears to be a workable httpd.conf for Apache. Accessing
> http: URLS under Apache works fine. But when trying to access an
> Apache/modssl https URL I get this repeated in the error_log:
>
> Invalid method in request \x80L\x01\x03
> Invalid method in request \x80L\x01\x03
>
> Do I need a different certificate type for Apache/modssl as opposed to
> Stronghold? I know earlier versions of Stronghold didn't use the modssl
code
> but I want to make sure before I spend the $100 to get a replacement cert
> (thanks, Verisign!)
>
> Emily Witcher - emily@crytech.com
> Developer and System Administrator
> Crytech - 406-655-0501/1-888-CRYTECH
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Stronghold and Apache/mod_ssl certificate compatibility

Hi,

On Monday 28 Oct 2002 2:46 pm, Emily Eileen Witcher wrote:
> We are planning to replace an outdated copy of Stronghold
> (Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2410) with Apache
> 1.3.27/mod_ssl/2.8.12.
>
> I created what appears to be a workable httpd.conf for Apache.
> Accessing http: URLS under Apache works fine. But when trying to access
> an Apache/modssl https URL I get this repeated in the error_log:
>
> Invalid method in request \x80L\x01\x03
> Invalid method in request \x80L\x01\x03

Have you turned SSL *on* for the address/port that you want https to
work on? I think the directive is SSLEngine but can't recall off-hand -
I recommend you start by compiling and installing 1.3.27 into a test
directory with the default configuration files and what-not - verify
that it works as you expect (it will configure to listen HTTP on port
8080 and HTTPS on port 8443). Ie;

http://localhost:8080/
https://localhost:8443/

If that works, use it as a reference when setting-up and migrating your
Stronghold stuff. As mentioned, I suspect the particular problem you
were hitting was a failure to turn SSL on in the config file - the
default config file installed by modssl should provide a reference to
compare against.

Cheers,
Geoff

--
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Stronghold and Apache/mod_ssl certificate compatibility

Thanks - It was a missing "SSLEngine On" directive. I had been using the
default Apache configuration file but copied over the virtual hosts
verbatim, and Stronghold used "SSLFlag On" instead. Problem solved!

Emily Witcher - emily@crytech.com
Developer and System Administrator
Crytech - 406-655-0501/1-888-CRYTECH
----- Original Message -----
From: "Geoff Thorpe"
To:
Cc: "Emily Eileen Witcher"
Sent: Monday, October 28, 2002 2:39 PM
Subject: Re: Stronghold and Apache/mod_ssl certificate compatibility


> Hi,
>
> On Monday 28 Oct 2002 2:46 pm, Emily Eileen Witcher wrote:
> > We are planning to replace an outdated copy of Stronghold
> > (Stronghold/2.4.2 Apache/1.3.6 C2NetEU/2410) with Apache
> > 1.3.27/mod_ssl/2.8.12.
> >
> > I created what appears to be a workable httpd.conf for Apache.
> > Accessing http: URLS under Apache works fine. But when trying to access
> > an Apache/modssl https URL I get this repeated in the error_log:
> >
> > Invalid method in request \x80L\x01\x03
> > Invalid method in request \x80L\x01\x03
>
> Have you turned SSL *on* for the address/port that you want https to
> work on? I think the directive is SSLEngine but can't recall off-hand -
> I recommend you start by compiling and installing 1.3.27 into a test
> directory with the default configuration files and what-not - verify
> that it works as you expect (it will configure to listen HTTP on port
> 8080 and HTTPS on port 8443). Ie;
>
> http://localhost:8080/
> https://localhost:8443/
>
> If that works, use it as a reference when setting-up and migrating your
> Stronghold stuff. As mentioned, I suspect the particular problem you
> were hitting was a failure to turn SSL on in the config file - the
> default config file installed by modssl should provide a reference to
> compare against.
>
> Cheers,
> Geoff
>
> --
> Geoff Thorpe
> geoff@geoffthorpe.net
> http://www.geoffthorpe.net/
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org