[EMAIL PROTECTED] wrote:
Trying to set up ssl for an intranet. There is no FQDN, just an IP address.
Is this possible?
Yes. The only important thing is that the hostname used by clients to
find your machine must match the Common Name in the certificate. So, if
your other machines use https://intranet.localdomain/ to view web pages,
the Common Name must be intranet.localdomain. The server itself doesn't
even need to know it's being called intranet.localdomain (unless you're
using name-based virtual hosts).
I've create the certificate keys as X.X.X.X.key
instead of www.example.com.key
The name of the key doesn't matter, it's just used in path
specifications (and of course, sometimes the OS gives the extension
special meaning)>
I'm able to run the startssl command (see below)
It asks for the pass phrase, and says it logs in, but the
error log (list below too), shows some problems which
I don't understand.
Any ideas?
It looks like an apache configuration problem.
this is the log file after running:
nycupa4:/usr/local/bin >sudo /usr/local/apache2/bin/apachectl startssl
Apache/2.0.54 mod_ssl/2.0.54 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server 192.33.175.160:443 (RSA)
Enter pass phrase:
Ok: Pass Phrase Dialog successful.
This isn't robust. Strip the passphrase from your key, and make it
readable by root only.
log file below - it shows Child 19200 returned a Fatal error
is there
207361 [Wed Aug 10 09:07:58 2005] [notice] Digest: generating secret for digest
authentication ...
207362 [Wed Aug 10 09:07:58 2005] [notice] Digest: done
207363 [Wed Aug 10 09:08:00 2005] [warn] pid file /var/run/httpd.pid
overwritten -- Unclean shutdown of previous Apache run?
207364 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: unable
to set group id to Group 4294967295
207365 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: unable
to set group id to Group 4294967295
207366 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: unable
to set group id to Group 4294967295
207367 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: unable
to set group id to Group 4294967295
207368 [Wed Aug 10 09:08:00 2005] [notice] Apache/2.0.54 (Unix) mod_ssl/2.0.54
OpenSSL/0.9.7d DAV/2 configured -- resuming normal operations
207369 [Wed Aug 10 09:08:00 2005] [alert] Child 19200 returned a Fatal
error... Apache is exiting!
207370 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: unable
to set group id to Group 4294967295
Is there a way to see which process might be Child 19200?
Not likely to matter.
also looking into (22)Invalid argument: setgid: unable to set group id to
Group 4294967295
This is your real problem. Check your Group setting in your apache
configuration. You probably just need to get your permissions and
ownerships correct.
also the following command
openssl s_client -connect 193.44.23.34:443 -debug
returns
Connection Refused
Err= 146
Any ideas?
Can't work if apache's not running. ;)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
