Hi, a while back i had a working setup for webmail(squirrelmail) over SSL. I basically forced http and https over port 9000 so everthing was going over SSL. These are the components: apache 1.3.31-1 apache-common 1.3.31-1 php4 4.3.4-4 squirrelmail 1.5.0-1 openssl 0.9.7d-3 libssl-dev 0.9.7d-2 libssl0.9.7 0.9.7d-2
Since then i added a config for a webmail.domain virtualhost to apache and if made a new certificate to test setting up a CA. After running great for a while, i started having problems in that https connections didn't work anymore. After a restart, all was fine. Now, even after a reboot the https. Doesn't work anymore. If have added my configs below. Note that since those problems started, i've installed the latest versions of the aformentioned softwares so this could have something to do with it. Anyway, here are some results: http://domain.ddts.net:9000/~benedict/index.html, works https://domain.ddts.net:9000/~benedict/index.html, doesn't work http://domain.ddts.net:9000/cgi-bin/man/man2html, only works if i comment the mod_rewrite.c part. https://domain.ddts.net:9000/mail doesn't get found (that's what the error message tells me). This point to squirrelmail https://webmail.domain.ddts.net:9000 doesn't work either. I made a simple php file in ~benedict and taht works so it seems that my php config is correct. Excerpt from acces.log with <IfModule mod_rewrite.c> enabled ============================================================ 192.168.1.10 - - [29/May/2004:00:25:30 +0200] "GET /cgi-bin/man/man2html HTTP/1.1" 302 242 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1" 192.168.1.10 - - [29/May/2004:00:25:30 +0200] "\x80g\x01\x03" 302 - "-" "-" -> the last line is when i try via https Excerpt from acces.log with <IfModule mod_rewrite.c> disabled ============================================================= 192.168.1.10 - - [29/May/2004:00:42:26 +0200] "\x80g\x01\x03" 200 361 "-" "-" -> the last line is when i try via https and more specifically https://domain.ddts.net:9000/mail Matching error message from error.log [Sat May 29 00:41:25 2004] [error] [client 81.xxx.xxx.xxx] File does not exist: /var/www/mail Check with openssl ================== [EMAIL PROTECTED]:/var/log/apache[00:56:35]# openssl s_client -connect localhost:9000 -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 080B06E8 [080B0D78] (142 bytes => 142 (0x8E)) 0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...........@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`....... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 78 11 ..............x. 0070 - 01 4a be 89 a6 c1 31 04-2e a6 78 c1 79 cc 06 92 .J....1...x.y... 0080 - f1 e7 ab 5e 66 0c 4d 67-60 d6 54 d5 94 dd ...^f.Mg`.T... SSL_connect:SSLv2/v3 write client hello A read from 080B06E8 [080B62D8] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 <!DOCTY SSL_connect:error in SSLv2/v3 read server hello A 7155:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475: [EMAIL PROTECTED]:/var/log/apache[00:57:09]# This seems rather weird! It seems to have problems with my certificate? My httpd.conf ============= ServerType standalone ServerRoot /etc/apache LockFile /var/lock/apache.lock PidFile /var/run/apache.pid ScoreBoardFile /var/run/apache.scoreboard Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 100 Include /etc/apache/modules.conf <IfModule mod_status.c> ExtendedStatus On </IfModule> Port 9000 User www-data Group www-data ServerAdmin [EMAIL PROTECTED] ServerName localhost DocumentRoot /var/www <Directory /> Options SymLinksIfOwnerMatch AllowOverride None </Directory> <Directory /var/www/> Options Indexes Includes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <IfModule mod_userdir.c> UserDir public_html </IfModule> <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Order deny,allow Deny from all </Limit> </Directory> <IfModule mod_dir.c> DirectoryIndex index.html index.php3 index.php index.htm index.shtml index.cgi </IfModule> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> UseCanonicalName On TypesConfig /etc/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile /usr/share/misc/file/magic.mime </IfModule> HostnameLookups Off ErrorLog /var/log/apache/error.log LogLevel debug LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %T %v" full LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %P %T" debug LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog /var/log/apache/access.log combined ServerSignature Off Alias /icons/ /usr/share/apache/icons/ <Directory /usr/share/apache/icons> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory /usr/lib/cgi-bin/> AllowOverride None Options ExecCGI -MultiViews Order allow,deny Allow from all </Directory> <IfModule mod_autoindex.c> IndexOptions FancyIndexing NameWidth=* AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/deb.gif .deb AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README HeaderName HEADER IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t </IfModule> <IfModule mod_mime.c> AddEncoding x-compress Z AddEncoding x-gzip gz tgz AddLanguage da .dk AddLanguage nl .nl AddLanguage en .en AddLanguage et .ee AddLanguage fr .fr AddLanguage de .de AddLanguage el .el AddLanguage it .it AddLanguage ja .ja AddCharset ISO-2022-JP .jis AddLanguage pl .po AddCharset ISO-8859-2 .iso-pl AddLanguage pt .pt AddLanguage pt-br .pt-br AddLanguage lb .lu AddLanguage ca .ca AddLanguage es .es AddLanguage sv .se AddLanguage cs .cz <IfModule mod_negotiation.c> LanguagePriority en da nl et fr de el it ja pl pt pt-br lb ca es sv </IfModule> AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps AddType application/x-tar .tgz AddType image/bmp .bmp AddType text/x-hdml .hdml </IfModule> AddDefaultCharset on <IfModule mod_setenvif.c> BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 </IfModule> <IfModule mod_perl.c> Alias /perl/ /var/www/perl/ <Location /perl> SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI </Location> </IfModule> Alias /doc/ /usr/share/doc/ <Location /doc> order deny,allow deny from all allow from 127.0.0.0/255.0.0.0 Options Indexes FollowSymLinks MultiViews </Location> Alias /www /var/www <Directory /var/www> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS PROPFIND> Order allow,deny Allow from all </Limit> <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Order deny,allow Deny from all </Limit> </Directory> <IfModule mod_proxy.c> </IfModule> <IfModule mod_rewrite.c> <IfModule mod_ssl.c> RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L] </IfModule> </IfModule> NameVirtualHost domain.ddts.net:9000 <VirtualHost domain.ddts.net:9000> SSLEngine On SSLCertificateFile /etc/apache/apache.crt SSLCertificateKeyFile /etc/apache/apache.key DocumentRoot /var/www DirectoryIndex index.php index.php3 index.html ServerName domain.ddts.net Alias /www /var/www Alias /mail /usr/share/squirrelmail ErrorLog /var/log/apache/domain.ddts.net-error.log CustomLog /var/log/apache/host.domain.ddts.net.log debug </VirtualHost> <VirtualHost webmail.domain.ddts.net:9000> SSLEngine On SSLCertificateFile /etc/apache/apache.crt SSLCertificateKeyFile /etc/apache/apache.key DocumentRoot /usr/share/squirrelmail DirectoryIndex index.php index.php3 index.html ServerName webmail.domain.ddts.net </VirtualHost> Include /etc/apache/conf.d My modules.conf from apache =========================== # Autogenerated file - do not edit! # This file is maintained by the apache package. # To update it, run the command: # /usr/sbin/apache-modconf apache ClearModuleList AddModule mod_so.c AddModule mod_macro.c LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so LoadModule status_module /usr/lib/apache/1.3/mod_status.so LoadModule info_module /usr/lib/apache/1.3/mod_info.so LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so LoadModule rewrite_module /usr/lib/apache/1.3/mod_rewrite.so LoadModule access_module /usr/lib/apache/1.3/mod_access.so LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so LoadModule php4_module /usr/lib/apache/1.3/libphp4.so Any ideas or better ways to debug are appreciated. If set "LogLevel debug" in the httpd.conf but that doesn't seem to help that much. Regards, Benedict -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
