You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Cohen, Laurence" <La...@sra.com> on 2006/08/08 15:31:05 UTC

[users@httpd] MOD_SSL not working

Hi,

 

I'm having trouble getting SSL to work on my apache 2.055 webserver,
running on Solaris 8.  When I start the server up, everthing looks OK in
the error_log.

 

start child 21965

rpc_server 21964 started by 21953

[Tue Aug 08 09:14:31 2006] [info] Init: Initializing OpenSSL library

[Tue Aug 08 09:14:31 2006] [info] Init: Seeding PRNG with 136 bytes of
entropy

[Tue Aug 08 09:14:31 2006] [info] Loading certificate & private key of
SSL-awar

e server

[Tue Aug 08 09:14:31 2006] [info] Init: Generating temporary RSA private
keys (

512/1024 bits)

[Tue Aug 08 09:14:32 2006] [info] Init: Generating temporary DH
parameters (512

/1024 bits)

[Tue Aug 08 09:14:32 2006] [info] Init: Initializing (virtual) servers
for SSL

[Tue Aug 08 09:14:32 2006] [info] Configuring server for SSL protocol

[Tue Aug 08 09:14:32 2006] [info] Server: Apache/2.0.55, Interface:
mod_ssl/2.0

.55, Library: OpenSSL/0.9.8b

AceShutdown try to kill process 21964

signal 15 received

start child 21980

[Tue Aug 08 09:14:33 2006] [notice] Digest: generating secret for digest
authen

tication ...

[Tue Aug 08 09:14:33 2006] [notice] Digest: done

[Tue Aug 08 09:14:33 2006] [info] Init: Initializing OpenSSL library

[Tue Aug 08 09:14:33 2006] [info] Init: Seeding PRNG with 136 bytes of
entropy

[Tue Aug 08 09:14:33 2006] [info] Loading certificate & private key of
SSL-awar

e server

[Tue Aug 08 09:14:33 2006] [info] Init: Generating temporary RSA private
keys (

512/1024 bits)

[Tue Aug 08 09:14:34 2006] [info] Init: Generating temporary DH
parameters (512

/1024 bits)

[Tue Aug 08 09:14:34 2006] [info] Init: Initializing (virtual) servers
for SSL

[Tue Aug 08 09:14:34 2006] [info] Configuring server for SSL protocol

[Tue Aug 08 09:14:34 2006] [info] Server: Apache/2.0.55, Interface:
mod_ssl/2.0

.55, Library: OpenSSL/0.9.8b

[Tue Aug 08 09:14:34 2006] [notice] Apache configured -- resuming normal
operat

ions

[Tue Aug 08 09:14:34 2006] [info] Server built: Jun  5 2006 13:35:49

 

Then when I try to connect using IE 6.0 I get the following in the
error_log.

 

 

[Tue Aug 08 09:17:08 2006] [info] Connection to child 0 established
(server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)

[Tue Aug 08 09:17:08 2006] [info] Seeding PRNG with 136 bytes of entropy

[Tue Aug 08 09:17:08 2006] [info] (70014)End of file found: SSL input
filter read failed.

[Tue Aug 08 09:17:08 2006] [info] Connection to child 0 closed with
standard shutdown(server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)

[Tue Aug 08 09:17:09 2006] [info] Connection to child 3 established
(server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)

[Tue Aug 08 09:17:09 2006] [info] Seeding PRNG with 136 bytes of entropy

 

If I try to connect using Firefox, I don't get the "End of file found"
error, and I get the following entries.

 

 

[Tue Aug 08 09:18:01 2006] [info] Connection to child 2 established
(server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)

[Tue Aug 08 09:18:01 2006] [info] Seeding PRNG with 136 bytes of entropy

 

Neither browser ever connects to the website.  The website comes up just
fine if I go through port 8443, which is actually connecting to a
content management server which is java based.  Also, the browser is
supposed to be starting the RSA Webagent which will bring up a login
using a SecureID token.  If I look at the log in debug mode, I do see it
trying to start the RSA Webagent, but it just stops there.  Any ideas
what I could be doing wrong?  Oh, and just in case anyone was wondering
about the firewall ports,  port 443 is open on the firewall and I can
telnet to this port when the webserver is running.

 

Thanks in advance!

 

Laurence H Cohen

SRA International

Re: [users@httpd] MOD_SSL not working

Posted by Christian Folini <ch...@netnea.com>.

Hi Laurence,

I propose you try to isolate your problem.
Try to get an ssl-setup without the authentication, rsa
and securid stuff working. If mod_ssl still does
not work, then you know where to dig further. Right now, it
is difficult to tell where the problem actually lies.

When you are locking down the problem, you can
try to run but a single serving apache process (in
prefork mode) and then truss/strace on that process
and see what he does before the request dies.

just 2 cents,

Christian

On Tue, Aug 08, 2006 at 09:31:05AM -0400, Cohen, Laurence wrote:
> Hi,
> 
>  
> 
> I'm having trouble getting SSL to work on my apache 2.055 webserver,
> running on Solaris 8.  When I start the server up, everthing looks OK in
> the error_log.
> 
>  
> 
> start child 21965
> 
> rpc_server 21964 started by 21953
> 
> [Tue Aug 08 09:14:31 2006] [info] Init: Initializing OpenSSL library
> 
> [Tue Aug 08 09:14:31 2006] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> 
> [Tue Aug 08 09:14:31 2006] [info] Loading certificate & private key of
> SSL-awar
> 
> e server
> 
> [Tue Aug 08 09:14:31 2006] [info] Init: Generating temporary RSA private
> keys (
> 
> 512/1024 bits)
> 
> [Tue Aug 08 09:14:32 2006] [info] Init: Generating temporary DH
> parameters (512
> 
> /1024 bits)
> 
> [Tue Aug 08 09:14:32 2006] [info] Init: Initializing (virtual) servers
> for SSL
> 
> [Tue Aug 08 09:14:32 2006] [info] Configuring server for SSL protocol
> 
> [Tue Aug 08 09:14:32 2006] [info] Server: Apache/2.0.55, Interface:
> mod_ssl/2.0
> 
> .55, Library: OpenSSL/0.9.8b
> 
> AceShutdown try to kill process 21964
> 
> signal 15 received
> 
> start child 21980
> 
> [Tue Aug 08 09:14:33 2006] [notice] Digest: generating secret for digest
> authen
> 
> tication ...
> 
> [Tue Aug 08 09:14:33 2006] [notice] Digest: done
> 
> [Tue Aug 08 09:14:33 2006] [info] Init: Initializing OpenSSL library
> 
> [Tue Aug 08 09:14:33 2006] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> 
> [Tue Aug 08 09:14:33 2006] [info] Loading certificate & private key of
> SSL-awar
> 
> e server
> 
> [Tue Aug 08 09:14:33 2006] [info] Init: Generating temporary RSA private
> keys (
> 
> 512/1024 bits)
> 
> [Tue Aug 08 09:14:34 2006] [info] Init: Generating temporary DH
> parameters (512
> 
> /1024 bits)
> 
> [Tue Aug 08 09:14:34 2006] [info] Init: Initializing (virtual) servers
> for SSL
> 
> [Tue Aug 08 09:14:34 2006] [info] Configuring server for SSL protocol
> 
> [Tue Aug 08 09:14:34 2006] [info] Server: Apache/2.0.55, Interface:
> mod_ssl/2.0
> 
> .55, Library: OpenSSL/0.9.8b
> 
> [Tue Aug 08 09:14:34 2006] [notice] Apache configured -- resuming normal
> operat
> 
> ions
> 
> [Tue Aug 08 09:14:34 2006] [info] Server built: Jun  5 2006 13:35:49
> 
>  
> 
> Then when I try to connect using IE 6.0 I get the following in the
> error_log.
> 
>  
> 
>  
> 
> [Tue Aug 08 09:17:08 2006] [info] Connection to child 0 established
> (server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)
> 
> [Tue Aug 08 09:17:08 2006] [info] Seeding PRNG with 136 bytes of entropy
> 
> [Tue Aug 08 09:17:08 2006] [info] (70014)End of file found: SSL input
> filter read failed.
> 
> [Tue Aug 08 09:17:08 2006] [info] Connection to child 0 closed with
> standard shutdown(server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)
> 
> [Tue Aug 08 09:17:09 2006] [info] Connection to child 3 established
> (server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)
> 
> [Tue Aug 08 09:17:09 2006] [info] Seeding PRNG with 136 bytes of entropy
> 
>  
> 
> If I try to connect using Firefox, I don't get the "End of file found"
> error, and I get the following entries.
> 
>  
> 
>  
> 
> [Tue Aug 08 09:18:01 2006] [info] Connection to child 2 established
> (server sniffy.cnttr.dtra.mil:443, client 204.44.136.2)
> 
> [Tue Aug 08 09:18:01 2006] [info] Seeding PRNG with 136 bytes of entropy
> 
>  
> 
> Neither browser ever connects to the website.  The website comes up just
> fine if I go through port 8443, which is actually connecting to a
> content management server which is java based.  Also, the browser is
> supposed to be starting the RSA Webagent which will bring up a login
> using a SecureID token.  If I look at the log in debug mode, I do see it
> trying to start the RSA Webagent, but it just stops there.  Any ideas
> what I could be doing wrong?  Oh, and just in case anyone was wondering
> about the firewall ports,  port 443 is open on the firewall and I can
> telnet to this port when the webserver is running.
> 
>  
> 
> Thanks in advance!
> 
>  
> 
> Laurence H Cohen
> 
> SRA International
> 
>  
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org