http://www.apache-ssl.org/#mod_ssl
cheers,
Adam
samuel C wrote:
>
> Hi there.. I (like most humans) have some problems in my life.. I'm not
> expecting you to help me solve all of them, but surely will do with this
> one:
>
> I'm using
> Linux RedHat6.1
> apache 1.3.12
> open-SSL 0.9.5a
> mod_ssl-2.6.2-1.3.12
>
> all compiled, installed and apparently working fine.
>
> I generate the server certs:
>
> openssl genrsa -des3 (-rand /dev/random) -out php.key 1024
> openssl req -new -key php.key -out php.csr
> openssl x509 -req -days 30 -in php.csr -signkey php.key -out php.crt
>
> I include the paths to certificate and key in the apache httpd.conf
> inside a ssl virtual host definition.. but the whole thing doesn't work
> at all..
> I restart httpd, and all goes ok
>
> I get this in the apache error log:
>
> [notice] Apache/1.3.12 (Unix) PHP/4.0b3 mod_ssl/2.6.2 OpenSSL/0.9.5a
> configured -- resuming normal operations
> [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
>
> and this in the ssl_engine log:
>
> [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.2, Library:
> OpenSSL/0.9.5a
> [info] Init: 1st startup round (still not detached)
> [info] Init: Initializing OpenSSL library
> [info] Init: Seeding PRNG with 136 bytes of entropy
> [info] Init: Generating temporary RSA private keys (512/1024 bits)
> [info] Init: Configuring temporary DH parameters (512/1024 bits)
> [info] Init: 2nd startup round (already detached)
> [info] Init: Reinitializing OpenSSL library
> [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0,
> removed: 0
> [info] Init: Seeding PRNG with 136 bytes of entropy
> [info] Init: Configuring temporary RSA private keys (512/1024 bits)
> [info] Init: Configuring temporary DH parameters (512/1024 bits)
> [info] Init: Initializing (virtual) servers for SSL
>
> this is what I have in the SSL section of my httpd.conf:
>
> <IfDefine SSL>
> <VirtualHost php:443>
> DocumentRoot "/home/http/php/"
> ServerName php
> ServerAdmin root@localhost
> ErrorLog logs/securephp_error_log
> TransferLog logs/securephp_access_log
>
> SSLEngine on
>
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/httpd/conf/ssl.crt/php.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/php.key
>
> SSLVerifyClient 0
> #SSLVerifyDepth 10
>
> SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
>
> <Files ~ "\.(cgi|shtml)$">
> SSLOptions +StdEnvVars
> </Files>
>
> <Directory "/home/http/php/">
> SSLOptions +StdEnvVars +FakeBasicAuth +ExportCertData
> +CompatEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
> </IfDefine>
>
> when I try co connect from a browser to https://php or http://php:443 I
> get no response from server..
>
> I have a standard apache virtual host definition of the site php, and
> another one inside SSL part called as you may have seen above php_:443.
> Is this correct? can I do this? (a secure and not secure virtual host
> called the same way and pointing to the same directory tree)
>
> I have: SSLVerifyClient 0 in my httpd.conf so that a client cert it's
> not required ,, Am I wrong?
> maybe the problem is that I have no client cert.. how can I generate and
> install it in my browsers (netscape navigator and iexplorer)
>
> but I think if the problem were that, I would obtain some output in my
> http/ssl log files..
>
> Can you please help me?
>
> Thanks very much
>
> Sam at igmweb dot com
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:[EMAIL PROTECTED]
UNITED KINGDOM PGP key on keyservers
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
