newbie request for assistance

newbie request for assistance

am 03.02.2003 15:49:28 von kurtb

I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris 8,
and can't get an https connection to the box. Http works just fine.
Any suggestions on how to proceed would be greatly appreciated.

I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
I've created a certificate and key:
/usr/local/apache2/conf/ssl.crt/server.crt
/usr/local/apache2/conf/ssl.key/server.key
I've downloaded, compiled, & made Apache with --enable-ssl

Here's Apache's ssl.conf file, which is called from Apache's httpd.conf
file:

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300

SSLMutex file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/urandom 512



DocumentRoot "/usr/local/apache2/htdocs"
ServerName new.host.name:443
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key


SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



=20
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: newbie request for assistance

am 03.02.2003 17:41:42 von dufresne

If I recall, apache on sun boxen requires some additional work to get
/dev/urandome PRNG to work ccorrectly. This is a common question,
and is other covered in the archives, or might well be in the FAQ.

If this is incorrect, or not the issue at hand, others will step in to
spank me into clued space .


Thanks,

Ron DuFresne


On Mon, 3 Feb 2003, Kurt A. Buckardt wrote:

> I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris 8,
> and can't get an https connection to the box. Http works just fine.
> Any suggestions on how to proceed would be greatly appreciated.
>
> I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
> I've created a certificate and key:
> /usr/local/apache2/conf/ssl.crt/server.crt
> /usr/local/apache2/conf/ssl.key/server.key
> I've downloaded, compiled, & made Apache with --enable-ssl
>
> Here's Apache's ssl.conf file, which is called from Apache's httpd.conf
> file:
>
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLPassPhraseDialog builtin
>
> SSLSessionCache dbm:logs/ssl_scache
> SSLSessionCacheTimeout 300
>
> SSLMutex file:logs/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLRandomSeed startup file:/dev/urandom 512
>
>
>
> DocumentRoot "/usr/local/apache2/htdocs"
> ServerName new.host.name:443
> ServerAdmin you@your.address
> ErrorLog logs/error_log
> TransferLog logs/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
>
> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
>
> SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
>
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: newbie request for assistance

am 03.02.2003 17:58:14 von Omar TANTAOUI

Have you added the line
"Listen 443"
in your httpd.conf file ? If no, make a search on "Listen 80" and copy
"Listen 443" under.

Omar.

> -----Message d'origine-----
> De : owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]De la part de Kurt A. Buckardt
> Envoye : lundi 3 fevrier 2003 15:49
> A : modssl-users@modssl.org
> Objet : newbie request for assistance
>
>
> I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris 8,
> and can't get an https connection to the box. Http works just fine.
> Any suggestions on how to proceed would be greatly appreciated.
>
> I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
> I've created a certificate and key:
> /usr/local/apache2/conf/ssl.crt/server.crt
> /usr/local/apache2/conf/ssl.key/server.key
> I've downloaded, compiled, & made Apache with --enable-ssl
>
> Here's Apache's ssl.conf file, which is called from Apache's httpd.conf
> file:
>
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLPassPhraseDialog builtin
>
> SSLSessionCache dbm:logs/ssl_scache
> SSLSessionCacheTimeout 300
>
> SSLMutex file:logs/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLRandomSeed startup file:/dev/urandom 512
>
>
>
> DocumentRoot "/usr/local/apache2/htdocs"
> ServerName new.host.name:443
> ServerAdmin you@your.address
> ErrorLog logs/error_log
> TransferLog logs/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
>
> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
>
> SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
>
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org