RE: How to "start" mod ssl?

> -----Original Message-----
> From: Aaron Stromas [mailto:ams@izoard.com]
> Did you add any directories to be served over SSL? e.g. for CGI,

No, it is almost untouched. The only changes are to give it the path
to the key file, the cert file, and the Document Root.

Was I supposed to do something like that?

Thanks

Edmund

> Mitchell, Edmund said:
> > Hello all
> >
> > I just built from source apache 2 on RedHat 8 with this config:
> > $->./configure --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> > --sbindir=/usr/sbin --enable-mods-shared=all --enable-so
> > --with-mpm=worker --enable-ssl --with-ssl=/usr/include/openssl
> > --libexecdir=/usr/lib/httpd/modules --mandir=/usr/share/man
> > --sysconfdir=/etc/httpd/conf --datadir=/var/www --localstatedir=/var
> > --disable-imap --disable-dav --disable-dav_fs --disable-speling
> > --disable-autoindex
> >
> > and it went smoothly, as did make and make install.
> >
> > I tried to startssl, but it complained about the cert and
> key file, so
> > I
> > built those using the makefile that RedHat provides to build dummy
> > certs
> > and
> > keys, and that went smoothly. It then complained about the
> > DocumentRoot,
> > so
> > I fixed that, and now it doesn't complain, but nothing happens.
> >
> > #->/usr/sbin/apachectl startssl
> > #->ps -eaf | grep httpd
> > root 19590 19172 0 13:53 pts/1 00:00:00 grep httpd
> >
> > #->/usr/sbin/httpd -DSSL
> > #->ps -eaf | grep httpd
> > root 19594 19172 0 13:53 pts/1 00:00:00 grep httpd
> >
> > I figured it was a weird situation so I tore out everything, and
> > rebuilt from
> > scratch. Twice, and yes, both times I md5summed the tarball.
> >
> > However, each time, if I don't start ssl, it works:
> >
> > #->/usr/sbin/httpd -k start
> > #->ps -eaf | grep httpd
> > root 19597 1 0 13:56 ? 00:00:00 /usr/sbin/httpd -k
> > start nobody 19598 19597 0 13:56 ? 00:00:00
> /usr/sbin/httpd
> > -k start nobody 19599 19597 0 13:56 ? 00:00:00
> > /usr/sbin/httpd -k start nobody 19600 19597 1 13:56 ?
> > 00:00:00 /usr/sbin/httpd -k start root 19658 19172 0
> 13:56 pts/1
> > 00:00:00 grep httpd
> >
> > and then, I can connect to localhost, but not to port 443,
> even though
> > I have
> > no firewall at all.
> >
> > #->/sbin/iptables --list
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > #->/usr/bin/openssl s_client -connect localhost:80
> > CONNECTED(00000003)
> > 19856:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > protocol:s23_clnt.c:460:
> >
> > #->/usr/bin/openssl s_client -connect localhost:443
> > connect: Connection refused
> > connect:errno=29
> >
> > The syntax seems to be OK; I haven't changed anything but what I
> > mentioned above -
> >
> > #->/usr/sbin/httpd -t
> > Syntax OK
> > #->/usr/sbin/httpd -S
> > VirtualHost configuration:
> > Syntax OK
> >
> > I'm (obviously) new to this whole thing, so I'd be grateful
> if anyone
> > who's been through this before can steer me in the right direction.
> >
> > Thanks for your time
> >
> > E
> >
> > -------------------------------------------------------
> >
> ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org


--
Aaron Stromas | "Tik-tik-tik!!!... ja, Pantani is weg..."
ams@izoard.com | BRTN commentator
+1 (301) 493 4933 | L'Alpe d'Huez
http://www.izoard.com | 1995 Tour de France



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org