> also looking into (22)Invalid argument: setgid: unable to set group id to Group 4294967295
This is your real problem. Check your Group setting in your apache configuration. You probably just need to get your permissions and ownerships correct. Thanks very much for your response. Any idea what the Group setting needs to be in httpd.conf? this is how it looks now User nobody Group #-1 tia, dk -----Original Message----- From: Jorey Bump <[EMAIL PROTECTED]> Sent: Aug 10, 2005 10:51 AM To: openssl-users@openssl.org Subject: Re: Can SSL work with IP Address instead of FQDN? [EMAIL PROTECTED] wrote: > Trying to set up ssl for an intranet. There is no FQDN, just an IP address. > > Is this possible? Yes. The only important thing is that the hostname used by clients to find your machine must match the Common Name in the certificate. So, if your other machines use https://intranet.localdomain/ to view web pages, the Common Name must be intranet.localdomain. The server itself doesn't even need to know it's being called intranet.localdomain (unless you're using name-based virtual hosts). > I've create the certificate keys as X.X.X.X.key > instead of www.example.com.key The name of the key doesn't matter, it's just used in path specifications (and of course, sometimes the OS gives the extension special meaning)> > I'm able to run the startssl command (see below) > It asks for the pass phrase, and says it logs in, but the > error log (list below too), shows some problems which > I don't understand. > > Any ideas? It looks like an apache configuration problem. > this is the log file after running: > > nycupa4:/usr/local/bin >sudo /usr/local/apache2/bin/apachectl startssl > Apache/2.0.54 mod_ssl/2.0.54 (Pass Phrase Dialog) > Some of your private key files are encrypted for security reasons. > In order to read them you have to provide us with the pass phrases. > > Server 192.33.175.160:443 (RSA) > Enter pass phrase: > > Ok: Pass Phrase Dialog successful. This isn't robust. Strip the passphrase from your key, and make it readable by root only. > log file below - it shows Child 19200 returned a Fatal error > is there > > 207361 [Wed Aug 10 09:07:58 2005] [notice] Digest: generating secret for > digest authentication ... > 207362 [Wed Aug 10 09:07:58 2005] [notice] Digest: done > 207363 [Wed Aug 10 09:08:00 2005] [warn] pid file /var/run/httpd.pid > overwritten -- Unclean shutdown of previous Apache run? > 207364 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > unable to set group id to Group 4294967295 > 207365 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > unable to set group id to Group 4294967295 > 207366 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > unable to set group id to Group 4294967295 > 207367 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > unable to set group id to Group 4294967295 > 207368 [Wed Aug 10 09:08:00 2005] [notice] Apache/2.0.54 (Unix) > mod_ssl/2.0.54 OpenSSL/0.9.7d DAV/2 configured -- resuming normal operations > 207369 [Wed Aug 10 09:08:00 2005] [alert] Child 19200 returned a Fatal > error... Apache is exiting! > 207370 [Wed Aug 10 09:08:00 2005] [alert] (22)Invalid argument: setgid: > unable to set group id to Group 4294967295 > > Is there a way to see which process might be Child 19200? Not likely to matter. > also looking into (22)Invalid argument: setgid: unable to set group id to > Group 4294967295 This is your real problem. Check your Group setting in your apache configuration. You probably just need to get your permissions and ownerships correct. > also the following command > > openssl s_client -connect 193.44.23.34:443 -debug > > returns > > Connection Refused > Err= 146 > > Any ideas? Can't work if apache's not running. ;) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
