Thanks for the response. The .key and .crt file have been moved to the defaut directories in the ssl.conf files. which are /usr/local/apache2/conf/ssl.crt and /usr/local/apache2/conf/ssl.key
this document has instructions to manually connect to HTTPS http://www.modssl.org/docs/2.8/ssl_faq.html#cert-ownca (these are steps in doc above) for simple testing the HTTP protocol of Apache, it's not such easy for HTTPS because of the SSL protocol between TCP and HTTP. But with the help of OpenSSL's s_client command you can do a similar check even for HTTPS: $ openssl s_client -connect localhost:443 -state -debug GET / HTTP/1.0 I ran this command and it displays the connection info from before. It does say that verify failed. But if GET is typed, it displays the contents of index.html Does this indicate anything? running netstat -na |grep LISTEN shows that 443 is open. If it is open, what might be the reason that https://ipaddress does not show up? SSLVerifyClient require SSLVerifyDepth 10 these are both commented out in ssl.conf. Do they need to be set? The other document changed this line ssl.conf SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL to SSLCipherSuite HIGH:MEDIUM any suggestions on setting this? -----Original Message----- From: Jorey Bump <[EMAIL PROTECTED]> Sent: Aug 10, 2005 4:03 PM To: openssl-users@openssl.org Subject: Re: apachectl startssl started, but viewing https in browser does not [EMAIL PROTECTED] wrote: > Thanks for the response. Also this is a development server. > > the how-to document placed the .crt and .key files > in the following directories. > > cp mars-server.crt /etc/httpd/conf/ssl.crt > cp mars-server.key /etc/httpd/conf/ssl.key > cp my-ca.crt /etc/httpd/conf/ssl.crt > > These directories do not exist on this pc. > Is there a default location under Apache2 where > .crt and .key files need to be placed? You can organize your certificates as you see fit. I don't use those locations, either, even if they are present. As I mentioned, the important thing is that they are stored securely in a place accessible by apache. This can vary from platform to platform, depending on the type of access controls that are in place. I don't use Solaris, but I typically place all server certs/keys in a hierarchy under /etc/ssl/. Some programs are picky about the format, but you can share a key/certificate pair among many services, so I store them centrally. I run my CA on a workstation as an ordinary user and transfer the keys/certs as needed. Note that you don't need root privileges to run a CA, just to install the keys/certs on the destination. > There are backups of all of the conf files Good man. :) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
