CA.pl -sign finally worked. - the other method's of making certificates seemed to work, but I'm not sure if they were actually good certificates.
When CA.pl -sign finally worked, the https did too. Thanks for all the helpful responses. -----Original Message----- From: Jorey Bump <[EMAIL PROTECTED]> Sent: Aug 10, 2005 5:43 PM To: openssl-users@openssl.org Subject: Re: apachectl startssl started, but viewing https in browser does not [EMAIL PROTECTED] wrote: > Thanks for the response. > > The .key and .crt file have been moved to the defaut directories in the > ssl.conf files. > which are /usr/local/apache2/conf/ssl.crt and > /usr/local/apache2/conf/ssl.key That's better. > $ openssl s_client -connect localhost:443 -state -debug > GET / HTTP/1.0 > > I ran this command and it displays the connection info from before. > It does say that verify failed. But if GET is typed, > it displays the contents of index.html > > Does this indicate anything? Something is working. :) Don't expect completely successful verification with self-signed certs. You need to satisfy a lot of requirements. It doesn't necessarily mean that you're not getting encryption. > running netstat -na |grep LISTEN shows that 443 is open. Good. > If it is open, what might be the reason that https://ipaddress does not show > up? You may need a trailing slash: https://ipaddress/ If that doesn't work, check your logs for error messages. It might be related to how you've configured your VirtualHost. Or maybe your browser is crap. > SSLVerifyClient require > SSLVerifyDepth 10 > > these are both commented out in ssl.conf. > > Do they need to be set? Do *you* require this? If you don't know the answer, you probably don't. > The other document changed this line ssl.conf > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > to > > SSLCipherSuite HIGH:MEDIUM > > any suggestions on setting this? Well, I, umm, sometimes put things back together and have a few leftover screws, so the answer is... 12? But, seriously, this setting affects the security of your server, so read up: http://httpd.apache.org/docs/2.0/ko/mod/mod_ssl.html#sslciphersuite then back away slowly... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
