How to "start" mod ssl?

Hello all

I just built from source apache 2 on RedHat 8 with this config:
$->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --enable-mods-shared=all --enable-so --with-mpm=worker
--enable-ssl --with-ssl=/usr/include/openssl
--libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
--sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
--disable-imap --disable-dav --disable-dav_fs --disable-speling
--disable-autoindex

and it went smoothly, as did make and make install.

I tried to startssl, but it complained about the cert and key file, so I
built those using the makefile that RedHat provides to build dummy certs
and
keys, and that went smoothly. It then complained about the DocumentRoot,
so
I fixed that, and now it doesn't complain, but nothing happens.

#->/usr/sbin/apachectl startssl
#->ps -eaf | grep httpd
root 19590 19172 0 13:53 pts/1 00:00:00 grep httpd

#->/usr/sbin/httpd -DSSL
#->ps -eaf | grep httpd
root 19594 19172 0 13:53 pts/1 00:00:00 grep httpd

I figured it was a weird situation so I tore out everything, and rebuilt
from
scratch. Twice, and yes, both times I md5summed the tarball.

However, each time, if I don't start ssl, it works:

#->/usr/sbin/httpd -k start
#->ps -eaf | grep httpd
root 19597 1 0 13:56 ? 00:00:00 /usr/sbin/httpd -k start
nobody 19598 19597 0 13:56 ? 00:00:00 /usr/sbin/httpd -k start
nobody 19599 19597 0 13:56 ? 00:00:00 /usr/sbin/httpd -k start
nobody 19600 19597 1 13:56 ? 00:00:00 /usr/sbin/httpd -k start
root 19658 19172 0 13:56 pts/1 00:00:00 grep httpd

and then, I can connect to localhost, but not to port 443, even though I
have
no firewall at all.

#->/sbin/iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

#->/usr/bin/openssl s_client -connect localhost:80
CONNECTED(00000003)
19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:

#->/usr/bin/openssl s_client -connect localhost:443
connect: Connection refused
connect:errno=29

The syntax seems to be OK; I haven't changed anything but what I mentioned
above -

#->/usr/sbin/httpd -t
Syntax OK
#->/usr/sbin/httpd -S
VirtualHost configuration:
Syntax OK

I'm (obviously) new to this whole thing, so I'd be grateful if anyone who's
been through this before can steer me in the right direction.

Thanks for your time

E

-------------------------------------------------------
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: How to "start" mod ssl?

Did you add any directories to be served over SSL? e.g. for CGI,



SSLOptions +StdEnvVars



-a

Mitchell, Edmund said:
> Hello all
>
> I just built from source apache 2 on RedHat 8 with this config:
> $->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> --sbindir=/usr/sbin --enable-mods-shared=all --enable-so
> --with-mpm=worker --enable-ssl --with-ssl=/usr/include/openssl
> --libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
> --sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
> --disable-imap --disable-dav --disable-dav_fs --disable-speling
> --disable-autoindex
>
> and it went smoothly, as did make and make install.
>
> I tried to startssl, but it complained about the cert and key file, so
> I
> built those using the makefile that RedHat provides to build dummy
> certs
> and
> keys, and that went smoothly. It then complained about the
> DocumentRoot,
> so
> I fixed that, and now it doesn't complain, but nothing happens.
>
> #->/usr/sbin/apachectl startssl
> #->ps -eaf | grep httpd
> root 19590 19172 0 13:53 pts/1 00:00:00 grep httpd
>
> #->/usr/sbin/httpd -DSSL
> #->ps -eaf | grep httpd
> root 19594 19172 0 13:53 pts/1 00:00:00 grep httpd
>
> I figured it was a weird situation so I tore out everything, and
> rebuilt from
> scratch. Twice, and yes, both times I md5summed the tarball.
>
> However, each time, if I don't start ssl, it works:
>
> #->/usr/sbin/httpd -k start
> #->ps -eaf | grep httpd
> root 19597 1 0 13:56 ? 00:00:00 /usr/sbin/httpd -k
> start nobody 19598 19597 0 13:56 ? 00:00:00 /usr/sbin/httpd
> -k start nobody 19599 19597 0 13:56 ? 00:00:00
> /usr/sbin/httpd -k start nobody 19600 19597 1 13:56 ?
> 00:00:00 /usr/sbin/httpd -k start root 19658 19172 0 13:56 pts/1
> 00:00:00 grep httpd
>
> and then, I can connect to localhost, but not to port 443, even though
> I have
> no firewall at all.
>
> #->/sbin/iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> #->/usr/bin/openssl s_client -connect localhost:80
> CONNECTED(00000003)
> 19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:460:
>
> #->/usr/bin/openssl s_client -connect localhost:443
> connect: Connection refused
> connect:errno=29
>
> The syntax seems to be OK; I haven't changed anything but what I
> mentioned above -
>
> #->/usr/sbin/httpd -t
> Syntax OK
> #->/usr/sbin/httpd -S
> VirtualHost configuration:
> Syntax OK
>
> I'm (obviously) new to this whole thing, so I'd be grateful if anyone
> who's been through this before can steer me in the right direction.
>
> Thanks for your time
>
> E
>
> -------------------------------------------------------
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org


--
Aaron Stromas | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com | BRTN commentator
+1 (301) 493 4933 | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: How to "start" mod ssl?

it looks as though ssl might not be enabled in the httpd.conf file.

do you have these statements included there:

LoadModule ssl_module libexec/libssl.so
AddModule mod_ssl.c



Thanks,

Ron DuFresne

On Mon, 17 Mar 2003, Mitchell, Edmund wrote:

> Hello all
>
> I just built from source apache 2 on RedHat 8 with this config:
> $->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> --sbindir=/usr/sbin --enable-mods-shared=all --enable-so --with-mpm=worker
> --enable-ssl --with-ssl=/usr/include/openssl
> --libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
> --sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
> --disable-imap --disable-dav --disable-dav_fs --disable-speling
> --disable-autoindex
>
> and it went smoothly, as did make and make install.
>
> I tried to startssl, but it complained about the cert and key file, so I
> built those using the makefile that RedHat provides to build dummy certs
> and
> keys, and that went smoothly. It then complained about the DocumentRoot,
> so
> I fixed that, and now it doesn't complain, but nothing happens.
>
> #->/usr/sbin/apachectl startssl
> #->ps -eaf | grep httpd
> root 19590 19172 0 13:53 pts/1 00:00:00 grep httpd
>
> #->/usr/sbin/httpd -DSSL
> #->ps -eaf | grep httpd
> root 19594 19172 0 13:53 pts/1 00:00:00 grep httpd
>
> I figured it was a weird situation so I tore out everything, and rebuilt
> from
> scratch. Twice, and yes, both times I md5summed the tarball.
>
> However, each time, if I don't start ssl, it works:
>
> #->/usr/sbin/httpd -k start
> #->ps -eaf | grep httpd
> root 19597 1 0 13:56 ? 00:00:00 /usr/sbin/httpd -k start
> nobody 19598 19597 0 13:56 ? 00:00:00 /usr/sbin/httpd -k start
> nobody 19599 19597 0 13:56 ? 00:00:00 /usr/sbin/httpd -k start
> nobody 19600 19597 1 13:56 ? 00:00:00 /usr/sbin/httpd -k start
> root 19658 19172 0 13:56 pts/1 00:00:00 grep httpd
>
> and then, I can connect to localhost, but not to port 443, even though I
> have
> no firewall at all.
>
> #->/sbin/iptables --list
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> #->/usr/bin/openssl s_client -connect localhost:80
> CONNECTED(00000003)
> 19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:460:
>
> #->/usr/bin/openssl s_client -connect localhost:443
> connect: Connection refused
> connect:errno=29
>
> The syntax seems to be OK; I haven't changed anything but what I mentioned
> above -
>
> #->/usr/sbin/httpd -t
> Syntax OK
> #->/usr/sbin/httpd -S
> VirtualHost configuration:
> Syntax OK
>
> I'm (obviously) new to this whole thing, so I'd be grateful if anyone who's
> been through this before can steer me in the right direction.
>
> Thanks for your time
>
> E
>
> -------------------------------------------------------
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org