[EMAIL PROTECTED] wrote:
Thanks for the response.
The .key and .crt file have been moved to the defaut directories in the
ssl.conf files.
which are /usr/local/apache2/conf/ssl.crt and
/usr/local/apache2/conf/ssl.key
That's better.
$ openssl s_client -connect localhost:443 -state -debug
GET / HTTP/1.0
I ran this command and it displays the connection info from before.
It does say that verify failed. But if GET is typed,
it displays the contents of index.html
Does this indicate anything?
Something is working. :) Don't expect completely successful verification
with self-signed certs. You need to satisfy a lot of requirements. It
doesn't necessarily mean that you're not getting encryption.
running netstat -na |grep LISTEN shows that 443 is open.
Good.
If it is open, what might be the reason that https://ipaddress does not show up?
You may need a trailing slash:
https://ipaddress/
If that doesn't work, check your logs for error messages. It might be
related to how you've configured your VirtualHost. Or maybe your browser
is crap.
SSLVerifyClient require
SSLVerifyDepth 10
these are both commented out in ssl.conf.
Do they need to be set?
Do *you* require this? If you don't know the answer, you probably don't.
The other document changed this line ssl.conf
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
to
SSLCipherSuite HIGH:MEDIUM
any suggestions on setting this?
Well, I, umm, sometimes put things back together and have a few leftover
screws, so the answer is... 12?
But, seriously, this setting affects the security of your server, so
read up:
http://httpd.apache.org/docs/2.0/ko/mod/mod_ssl.html#sslciphersuite
then back away slowly...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
