Thanks for the response. Not sure if this post issue is similar - but once the connect works, https works
http://groups-beta.google.com/group/alt.apache.configuration/browse_thread/thread/e2ce8cc2db458885/3337e78d29ad78db?lnk=st&q=how+to+set+up+apache2+ssl.conf&rnum=2&hl=en#3337e78d29ad78db Something is working. :) Don't expect completely successful verification with self-signed certs. You need to satisfy a lot of requirements. It doesn't necessarily mean that you're not getting encryption. is there a bare bones list of requirements? the access_log and ssl_request_log only seem to be written too when using a openssl connect command. Nothing happens within the browser Ifmight be related to how you've configured your VirtualHost. Could you say a little more about how the Virutal host needs to be set? Or maybe your browser is crap. how could one tell? Anything ssl specific? does this doc make sense? http://docdb.fnal.gov/doc/sslconf.html Is it possible to set the ssl.conf file initially will as little security as possible just to see https working? -----Original Message----- From: Jorey Bump <[EMAIL PROTECTED]> Sent: Aug 10, 2005 5:43 PM To: openssl-users@openssl.org Subject: Re: apachectl startssl started, but viewing https in browser does not [EMAIL PROTECTED] wrote: > Thanks for the response. > > The .key and .crt file have been moved to the defaut directories in the > ssl.conf files. > which are /usr/local/apache2/conf/ssl.crt and > /usr/local/apache2/conf/ssl.key That's better. > $ openssl s_client -connect localhost:443 -state -debug > GET / HTTP/1.0 > > I ran this command and it displays the connection info from before. > It does say that verify failed. But if GET is typed, > it displays the contents of index.html > > Does this indicate anything? Something is working. :) Don't expect completely successful verification with self-signed certs. You need to satisfy a lot of requirements. It doesn't necessarily mean that you're not getting encryption. > running netstat -na |grep LISTEN shows that 443 is open. Good. > If it is open, what might be the reason that https://ipaddress does not show > up? You may need a trailing slash: https://ipaddress/ If that doesn't work, check your logs for error messages. It might be related to how you've configured your VirtualHost. Or maybe your browser is crap. > SSLVerifyClient require > SSLVerifyDepth 10 > > these are both commented out in ssl.conf. > > Do they need to be set? Do *you* require this? If you don't know the answer, you probably don't. > The other document changed this line ssl.conf > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > to > > SSLCipherSuite HIGH:MEDIUM > > any suggestions on setting this? Well, I, umm, sometimes put things back together and have a few leftover screws, so the answer is... 12? But, seriously, this setting affects the security of your server, so read up: http://httpd.apache.org/docs/2.0/ko/mod/mod_ssl.html#sslciphersuite then back away slowly... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
