Hi,
It is not clear that SSL is actually working so concentrate on that
first. Forget about proxying (where are your Proxy directives, by the
way?) and try to get a local file via HTTPS. So point the DocumentRoot
at a local path (is /opt/bea/domains/optdomain/servers/AdminServer/stage
local?) Then just try https://server-name/ and see what you get...
Look also in the error-log when you start-up; mod_ssl usually prints a
lot of diagnostics during startup...
Finally, bear in mind that switching on SSL is really about setting up a
port-based virtual host. So it is an *additional* virtual host rather
than something you add to an existing VH. So it won't necessarily
inherit features of the "main" site (you have to make that happen).
Post back if you need more info...
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
________________________________
From: Vasanth Kumar ravi [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2008 3:37 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Issue with SSL configuration.
Operation System : Redhat Linux.
Apache Version : 2.0.63
Folks,
I have installed apache as a web proxy server to redirect all
the client requests to the
weblogic application server.This works perfectly for the non ssl
connection.
Now I need to setup SSL for apache alone and not for the
Weblogic.
As we are setting up SSO at the web server level, we need to
have the apache running on SSL.
So I had installed the module mod_ssl to the apache and
configured the ssl.conf and virtual hosts as follows.
****************************
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/home/apache/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/home/apache/logs/ssl_mutex
<VirtualHost *:443>
DocumentRoot
"/opt/bea/domains/optdomain/servers/AdminServer/stage"
ServerName (ip address>:443
ErrorLog /home/apache/logs/error_log
TransferLog /home/apache/logs/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/share/ssl/certs/server.crt/
SSLCertificateKeyFile /usr/share/ssl/certs/server.key/
CustomLog /home/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
**************************************
I created the certificates and key files using the following
command options of openssl.
openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes
-keyout server.key -out server.crt -subj
'/O=Company/OU=Department/CN=www.example.com'
I had copied the certs to the openssl certs directory and
created hashlinks for them.
I verified the certs using the openssl command as follows.
[EMAIL PROTECTED] logs]# openssl s_client -host 43.65.9.6 -port 443
CONNECTED(00000003)
22951:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
But when I try to access the url with https, it give the
following error messages.
At the browser.
<Host> has sent an incorrent or unexpected message Error
code :-12263
At the apache logs.
[Tue Oct 28 10:20:00 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
[Tue Oct 28 10:20:10 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
[Tue Oct 28 10:20:20 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
[Tue Oct 28 10:23:22 2008] [error] [client HOST] Invalid
method in request \x80\x8c\x01\x03\x01
[Tue Oct 28 10:29:41 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
Can you help me out , if there is something wrong with config
settings.
I did google with the error messages obtained in log, they were
pointing out a configuration problem with ssl.
Can you point out specifically which i need to address.
--
Regards&Thanks,
Vasanth Kumar Ravi
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
