reverse that - accidently changed the wrong file - changing the group to nobody stopped the error_log errors
Many Thanks! What is next required to see https://ipaddress:443/index.html ? using netstat -na |grep LISTEN displays 443 when typing https://ipaddress:443/index.html into a browser it cannot find the page and goes back to https://ipaddress When trying this command: openssl s_client -connect ipaddress:443 -state -debug -bugs it seems to write out the certificate and then: --- No client certificate CA names sent --- SSL handshake has read 2519 bytes and written 304 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : shows string here Session-ID: showsid here Session-ID-ctx: Master-Key: shows key here Key-Arg : None Start Time: 1123688834 Timeout : 300 (sec) Verify return code: 7 (certificate signature failure) any ideas? tia, dk -----Original Message----- From: [EMAIL PROTECTED] Sent: Aug 10, 2005 11:28 AM To: openssl-users@openssl.org Subject: Re: Can SSL work with IP Address instead of FQDN? Try: Group nobody Of course, you need to have the nobody group on your system (many already do). Another popular choice for User/Group is apache (again, it must be present, don't mess with this until you understand the implications of creating a special user for Apache). again, thanks very much for the response. I believe it is unix/solaris system. The unix admin compiled apache. Is there a way to check users and groups? Are these groups and users unix accounts, or accounts under apache? Before trying to implement ssl (when there was no ssl.conf and a smaller version of httpd.conf was used, the apache server worked correctly (using apachectl start not startssl - is apachectl startssl the correct way to start the server?). Since then, an upgrade was performed from apache 1.3 to apache2 - some libraries were missing, and they were patched, but there may still be missing libraries. The Group was changed to nobody, and the error_log still produced: 207401 [Wed Aug 10 11:11:10 2005] [notice] Digest: generating secret for digest authentication ... 207402 [Wed Aug 10 11:11:10 2005] [notice] Digest: done 207403 [Wed Aug 10 11:11:13 2005] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run? 207404 [Wed Aug 10 11:11:13 2005] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 207405 [Wed Aug 10 11:11:13 2005] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 207406 [Wed Aug 10 11:11:13 2005] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 207407 [Wed Aug 10 11:11:13 2005] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 207408 [Wed Aug 10 11:11:13 2005] [notice] Apache/2.0.54 (Unix) mod_ssl/2.0.54 OpenSSL/0.9.7d DAV/2 configured -- resuming normal operations 207409 [Wed Aug 10 11:11:13 2005] [alert] Child 22341 returned a Fatal error... Apache is exiting! 207410 [Wed Aug 10 11:11:13 2005] [alert] (22)Invalid argument: setgid: unable to set group id to Group 4294967295 tia, dk -----Original Message----- From: Jorey Bump <[EMAIL PROTECTED]> Sent: Aug 10, 2005 11:07 AM To: openssl-users@openssl.org Subject: Re: Can SSL work with IP Address instead of FQDN? [EMAIL PROTECTED] wrote: >>also looking into (22)Invalid argument: setgid: unable to set group id to > > Group 4294967295 > > This is your real problem. Check your Group setting in your apache > configuration. You probably just need to get your permissions and > ownerships correct. > > Thanks very much for your response. Any idea what the Group setting needs to > be in httpd.conf? In theory, only you know this. :) What's your platform? The de facto standard varies, and it's anyone's guess if you compiled apache yourself. > this is how it looks now > > User nobody > Group #-1 Try: Group nobody Of course, you need to have the nobody group on your system (many already do). Another popular choice for User/Group is apache (again, it must be present, don't mess with this until you understand the implications of creating a special user for Apache). ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
