Hi there.. I (like most humans) have some problems in my life.. I'm not
expecting you to help me solve all of them, but surely will do with this
one:
I'm using
Linux RedHat6.1
apache 1.3.12
open-SSL 0.9.5a
mod_ssl-2.6.2-1.3.12
all compiled, installed and apparently working fine.
I generate the server certs:
openssl genrsa -des3 (-rand /dev/random) -out php.key 1024
openssl req -new -key php.key -out php.csr
openssl x509 -req -days 30 -in php.csr -signkey php.key -out php.crt
I include the paths to certificate and key in the apache httpd.conf
inside a ssl virtual host definition.. but the whole thing doesn't work
at all..
I restart httpd, and all goes ok
I get this in the apache error log:
[notice] Apache/1.3.12 (Unix) PHP/4.0b3 mod_ssl/2.6.2 OpenSSL/0.9.5a
configured -- resuming normal operations
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
and this in the ssl_engine log:
[info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.2, Library:
OpenSSL/0.9.5a
[info] Init: 1st startup round (still not detached)
[info] Init: Initializing OpenSSL library
[info] Init: Seeding PRNG with 136 bytes of entropy
[info] Init: Generating temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
[info] Init: 2nd startup round (already detached)
[info] Init: Reinitializing OpenSSL library
[trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0,
removed: 0
[info] Init: Seeding PRNG with 136 bytes of entropy
[info] Init: Configuring temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
[info] Init: Initializing (virtual) servers for SSL
this is what I have in the SSL section of my httpd.conf:
<IfDefine SSL>
<VirtualHost php:443>
DocumentRoot "/home/http/php/"
ServerName php
ServerAdmin root@localhost
ErrorLog logs/securephp_error_log
TransferLog logs/securephp_access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/php.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/php.key
SSLVerifyClient 0
#SSLVerifyDepth 10
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/home/http/php/">
SSLOptions +StdEnvVars +FakeBasicAuth +ExportCertData
+CompatEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
when I try co connect from a browser to https://php or http://php:443 I
get no response from server..
I have a standard apache virtual host definition of the site php, and
another one inside SSL part called as you may have seen above php_:443.
Is this correct? can I do this? (a secure and not secure virtual host
called the same way and pointing to the same directory tree)
I have: SSLVerifyClient 0 in my httpd.conf so that a client cert it's
not required ,, Am I wrong?
maybe the problem is that I have no client cert.. how can I generate and
install it in my browsers (netscape navigator and iexplorer)
but I think if the problem were that, I would obtain some output in my
http/ssl log files..
Can you please help me?
Thanks very much
Sam at igmweb dot com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
