You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Bernie Durfee <be...@suny.edu> on 2006/03/28 20:44:06 UTC

[users@httpd] Apache 2.2.0 with SSL on AIX 5.3

I have been unable to get Apache 2.2.0 with SSL running on AIX 5.3. This is from "httpd -V"...

Server version: Apache/2.2.0
Server built:   Mar 28 2006 11:28:41
Server's Module Magic Number: 20051115:0
Architecture:   32-bit
Server MPM:     Prefork
   threaded:     no
     forked:     yes (variable process count)
Server compiled with....
  -D APACHE_MPM_DIR="server/mpm/prefork"
  -D APR_HAS_SENDFILE
  -D APR_HAS_MMAP
  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
  -D APR_USE_SYSVSEM_SERIALIZE
  -D APR_USE_PTHREAD_SERIALIZE
  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
  -D APR_HAS_OTHER_CHILD
  -D AP_HAVE_RELIABLE_PIPED_LOGS
  -D DYNAMIC_MODULE_LIMIT=128
  -D HTTPD_ROOT="/usr/local/apache2"
  -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
  -D DEFAULT_PIDLOG="logs/httpd.pid"
  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
  -D DEFAULT_LOCKFILE="logs/accept.lock"
  -D DEFAULT_ERRORLOG="logs/error_log"
  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
  -D SERVER_CONFIG_FILE="conf/httpd.conf"

...I compiled with...

env CC=gcc CCC=g++ ./configure --enable-mods-shared=most --enable-ssl=shared --with-ssl=/usr/local/ssl 
--with-berkeley-db=/usr/local/BerkeleyDB.4.3

...then...

gmake
gmake install

...to build and install. When I run "apachectl start" with debug logging I get...

[Tue Mar 28 13:33:42 2006] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue Mar 28 13:33:42 2006] [info] Loading certificate & private key of SSL-aware server
[Tue Mar 28 13:33:42 2006] [info] Init: Requesting pass phrase via builtin terminal dialog
[Tue Mar 28 13:33:47 2006] [debug] ssl_engine_pphrase.c(475): encrypted RSA private key - pass phrase requested
[Tue Mar 28 13:33:47 2006] [info] Init: Wiped out the queried pass phrases from memory
[Tue Mar 28 13:33:47 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Mar 28 13:33:47 2006] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Mar 28 13:33:47 2006] [info] Init: Initializing (virtual) servers for SSL
[Tue Mar 28 13:33:47 2006] [info] Configuring server for SSL protocol
[Tue Mar 28 13:33:47 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Mar 28 13:33:47 2006] [debug] ssl_engine_init.c(601): Configuring permitted SSL ciphers 
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Mar 28 13:33:47 2006] [debug] ssl_engine_init.c(729): Configuring RSA server certificate
[Tue Mar 28 13:33:47 2006] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Mar 28 13:33:47 2006] [warn] RSA server certificate CommonName (CN) `myserver.com' does NOT match server name!?
[Tue Mar 28 13:33:47 2006] [debug] ssl_engine_init.c(768): Configuring RSA server private key
[Tue Mar 28 13:33:47 2006] [info] Server: Apache/2.2.0, Interface: mod_ssl/2.2.0, Library: OpenSSL/0.9.8a

...which looks okay, but Apache seems to crash and never starts listening. I only get the following in the logs directory...

access_log       error_log        ssl_request_log

...the only modifications I made to the configuration files is to change the listening port to 8080, because I have an 
older Apache listening on 80, and uncommenting the line that imports the SSL configuration file in the extras directory. 
Also, I created a key and self-signed certificate with OpenSSL before running.

Any ideas why Apache is crashing silently? Is there another way to try to determine the cause of the crash?

Thanks,
Bernie

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache 2.2.0 with SSL on AIX 5.3

Posted by KNRao <kn...@gmail.com>.

Hi

Can you please help me to get rpm / binary of apache s/w to intall on AIX
5.3 ?If you have
any document for installation that will great help to me.

Appreciate your help.

Thank & Regards
Rao


Bernie Durfee wrote:
> 
> I found the problem. Apparently the directive "Listen 80" doesn't work, so
> I made it more specific to "Listen 
> 12.34.56.78:80", of course where 12.34.56.78 is my IP address and it
> worked like a charm.
> 
> Bernie
> 
> Bernie Durfee wrote:
>>>> ...which looks okay, but Apache seems to crash and never starts 
>>>> listening. I only get the following in the logs directory...
>>>
>>> "...seems to crash..." - that's a bit vague...
>> 
>> Sorry, it does crash or at least doesn't completely start.
>> 
>>> - is httpd running (ps -ef)?
>>> - what happens if you try to access the site?
>>> - what happens if you try "telnet <server> 8080"?
>> 
>> No, httpd is not running after executing "apachectl start"
>> 
>>> - what's in the tail of the error log?
>> 
>> Here's the entire error_log output, with debug turned on...
>> 
>> [Wed Mar 29 09:23:34 2006] [info] Init: Seeding PRNG with 136 bytes of 
>> entropy
>> [Wed Mar 29 09:23:34 2006] [info] Loading certificate & private key of 
>> SSL-aware server
>> [Wed Mar 29 09:23:34 2006] [info] Init: Requesting pass phrase via 
>> builtin terminal dialog
>> [Wed Mar 29 09:23:39 2006] [debug] ssl_engine_pphrase.c(475): encrypted 
>> RSA private key - pass phrase requested
>> [Wed Mar 29 09:23:39 2006] [info] Init: Wiped out the queried pass 
>> phrases from memory
>> [Wed Mar 29 09:23:39 2006] [info] Init: Generating temporary RSA private 
>> keys (512/1024 bits)
>> [Wed Mar 29 09:23:39 2006] [info] Init: Generating temporary DH 
>> parameters (512/1024 bits)
>> [Wed Mar 29 09:23:39 2006] [info] Init: Initializing (virtual) servers 
>> for SSL
>> [Wed Mar 29 09:23:39 2006] [info] Configuring server for SSL protocol
>> [Wed Mar 29 09:23:39 2006] [debug] ssl_engine_init.c(405): Creating new 
>> SSL context (protocols: SSLv2, SSLv3, TLSv1)
>> [Wed Mar 29 09:23:39 2006] [debug] ssl_engine_init.c(601): Configuring 
>> permitted SSL ciphers 
>> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
>> [Wed Mar 29 09:23:39 2006] [debug] ssl_engine_init.c(729): Configuring 
>> RSA server certificate
>> [Wed Mar 29 09:23:39 2006] [warn] RSA server certificate is a CA 
>> certificate (BasicConstraints: CA == TRUE !?)
>> [Wed Mar 29 09:23:39 2006] [warn] RSA server certificate CommonName (CN) 
>> `myserver.com' does NOT match server name!?
>> [Wed Mar 29 09:23:39 2006] [debug] ssl_engine_init.c(768): Configuring 
>> RSA server private key
>> [Wed Mar 29 09:23:39 2006] [info] Server: Apache/2.2.0, Interface: 
>> mod_ssl/2.2.0, Library: OpenSSL/0.9.8a
>> 
>>>
>>>> access_log       error_log        ssl_request_log
>>>>
>>>> ...the only modifications I made to the configuration files is to 
>>>> change the listening port to 8080, because I have an older Apache 
>>>> listening on 80, 
>>>
>>> And is this older apache also listening on port 443?
>> 
>> No, it was only listening on port 80. I tried again after shutting down 
>> the older Apache, with the same result.
>> 
>> Bernie
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Apache-2.2.0-with-SSL-on-AIX-5.3-tf1357410.html#a12817242
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org