Hello,
I've upgraded to Apache 2.2.0 from 2.0.x. It didn't accept the old
signatures I used with 2.0.x for https. I was told that this cert can't
be a cacert anymore, thus I've generated a separate cert and a cacert to
sign with. Now, I have these lines in the configuration for SSL:
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
#SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
#NameVirtualHost 217.20.133.7:443
#SSLEngine optional
SSLCertificateFile /usr/local/etc/apache22/cert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/key.pem
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache/httpd-ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
If I set here (globally) SSLEngine optional or on, Apache didn't even
start, and I get this in the error log:
[Thu Feb 02 17:35:06 2006] [info] mod_unique_id: using ip addr 217.20.133.7
[Thu Feb 02 17:35:07 2006] [info] Init: Seeding PRNG with 0 bytes of entropy
[Thu Feb 02 17:35:07 2006] [info] Loading certificate & private key of
SSL-aware server
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_pphrase.c(469):
unencrypted RSA private key - pass phrase not required
[Thu Feb 02 17:35:07 2006] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[Thu Feb 02 17:35:07 2006] [info] Init: Generating temporary DH
parameters (512/1024 bits)
[Thu Feb 02 17:35:07 2006] [debug] ssl_scache_dbm.c(409): Inter-Process
Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Thu Feb 02 17:35:07 2006] [info] Init: Initializing (virtual) servers
for SSL
[Thu Feb 02 17:35:07 2006] [info] Configuring server for SSL protocol
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(405): Creating new
SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(729): Configuring
RSA server certificate
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(768): Configuring
RSA server private key
If I set SSLEngine on only in a VirtualHost block, it starts, but https
still doesn't work. I get in the error log when try to browse that
virtualhost via SSL:
[Thu Feb 02 17:51:21 2006] [debug] prefork.c(991): AcceptMutex: flock
(default: flock)
[Thu Feb 02 17:51:25 2006] [error] [client 80.98.231.227] Invalid method
in request \x80U\x01\x03\x01
[Thu Feb 02 17:51:25 2006] [error] [client 80.98.231.227] Invalid method
in request \x80U\x01\x03
Could somebody help me to fix this?
Thanks in advance,
Gabor Kovesdan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
