You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Catherine Pinatiello <ca...@injuryfree.com> on 2003/07/23 00:35:25 UTC
[users@httpd] SSLengine Error on Apachectl restart
Hi -
When trying to restart apache (without first stopping it) with apachectl
I get this error:
Syntax error on line 662 of /etc/httpd/conf/httpd.conf:
Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module
not included in the server configuration
I have done some research on this issue and double checked my mod_ssl,
openssl installation and made sure that the LoadModule statement was
correct in httpd.conf. Everything is as it should be.
As a matter of fact, despite this error, apache starts and stops just
fine without using apachectl, and my SSL certificates come through
properly when using https. So the server acts just like it should,
except that I cannot start, or restart it using the apachectl script.
Any idea why apachectl would be causing this error?
Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod_ssl expert needed
Posted by Steve Lane <sl...@moyergroup.com>.
On 8/11/03 10:12 PM, "Aaron Morris" <aa...@mindspring.com> wrote:
> Are you using self-signed certificates?
The initial failure wasn't with a SSC. I started using one to try to ferret
out the problem. The SSC failed in IE, until I figured out how to encode a
CA in DER format and download it in the browser. After I did that, the SSC
worked fine.
I think at this point my problem is mostly solved. Rolling back to slightly
older OpenSSl and mod_ssl *seems* to have been the fix.
-- sgl
=======================================================
Steve Lane
Vice President
The Moyer Group
14 North Peoria St Suite 2H
Chicago, IL 60607
Voice: (312) 433-2421 Email: slane@moyergroup.com
Fax: (312) 850-3930 Web: http://www.moyergroup.com
=======================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod_ssl expert needed
Posted by Aaron Morris <aa...@mindspring.com>.
Are you using self-signed certificates?
Steve Lane wrote:
> Hello all:
>
> I've been wrestling, for what seems like forever, with a
> mod_ssl/OpenSSL/HTTPS problem that apparently affects only Internet Explorer
> for the Mac. The problem and its reasons are well known and widely
> documented. My problem is that even after reading all the docs and trying
> all the fixes, nothing works. Still get IE Mac dying with "data decryption
> error".
>
> I'm at the point where I'm willing to pay someone to help me sort this out.
> If you are an expert (I need an expert -- I'm not entirely dim and I'm
> completely baffled by this) and have some availability quite soon to help,
> drop me a line. I'm serious, and very much in need. Preferably you know
> mod_ssl and OpenSSL extremely well, and even better would be if you have
> seen and fixed this problem before.
>
> -- sgl
>
>
> =======================================================
> Steve Lane
>
> Vice President
> The Moyer Group
> 14 North Peoria St Suite 2H
> Chicago, IL 60607
>
> Voice: (312) 433-2421 Email: slane@moyergroup.com
> Fax: (312) 850-3930 Web: http://www.moyergroup.com
> =======================================================
>
--
Aaron W Morris <aa...@mindspring.com> (decep)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod_ssl expert needed
Posted by Steve Lane <sl...@moyergroup.com>.
On 8/10/03 1:40 AM, "Arthur Chan" <ac...@saysit.com.hk> wrote:
> no need - I know the pain!
> for Mac-kers, check out
> www.mail-archive.com/modssl-users@modssl.org/msg16108.html
> also, remember to do this :
> (httpd.conf)
> SetEnvIf User-Agent ".*MSIE.*"\
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> Hope that helps and cheer up ;-)
Thanks! I put together a page on this that pulls together a lot of different
angles on the problem. It's not pretty, but can be found at
http://www.moyergroup.com/ie5bug/ie5SSLbug.html
As far as I can tell, recent Apache has all the necessary config elements to
work around these bugs. So I think my issue, which I tentatively believe is
fixed, must have been somewhere else.
-- sgl
=======================================================
Steve Lane
Vice President
The Moyer Group
14 North Peoria St Suite 2H
Chicago, IL 60607
Voice: (312) 433-2421 Email: slane@moyergroup.com
Fax: (312) 850-3930 Web: http://www.moyergroup.com
=======================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Mod_ssl expert needed
Posted by Arthur Chan <ac...@saysit.com.hk>.
no need - I know the pain!
for Mac-kers, check out
www.mail-archive.com/modssl-users@modssl.org/msg16108.html
also, remember to do this :
(httpd.conf)
SetEnvIf User-Agent ".*MSIE.*"\
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
Hope that helps and cheer up ;-)
Arthur Chan
(WHO certified HongKong SARS free !)
----- Original Message -----
From: "Steve Lane" <sl...@moyergroup.com>
To: <us...@httpd.apache.org>
Sent: Monday, August 11, 2003 02:09 PM
Subject: [users@httpd] Mod_ssl expert needed
> Hello all:
>
> I've been wrestling, for what seems like forever, with a
> mod_ssl/OpenSSL/HTTPS problem that apparently affects only Internet
Explorer
> for the Mac. The problem and its reasons are well known and widely
> documented. My problem is that even after reading all the docs and trying
> all the fixes, nothing works. Still get IE Mac dying with "data decryption
> error".
>
> I'm at the point where I'm willing to pay someone to help me sort this
out.
> If you are an expert (I need an expert -- I'm not entirely dim and I'm
> completely baffled by this) and have some availability quite soon to help,
> drop me a line. I'm serious, and very much in need. Preferably you know
> mod_ssl and OpenSSL extremely well, and even better would be if you have
> seen and fixed this problem before.
>
> -- sgl
>
>
> =======================================================
> Steve Lane
>
> Vice President
> The Moyer Group
> 14 North Peoria St Suite 2H
> Chicago, IL 60607
>
> Voice: (312) 433-2421 Email: slane@moyergroup.com
> Fax: (312) 850-3930 Web: http://www.moyergroup.com
> =======================================================
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Mod_ssl expert needed
Posted by Steve Lane <sl...@moyergroup.com>.
Hello all:
I've been wrestling, for what seems like forever, with a
mod_ssl/OpenSSL/HTTPS problem that apparently affects only Internet Explorer
for the Mac. The problem and its reasons are well known and widely
documented. My problem is that even after reading all the docs and trying
all the fixes, nothing works. Still get IE Mac dying with "data decryption
error".
I'm at the point where I'm willing to pay someone to help me sort this out.
If you are an expert (I need an expert -- I'm not entirely dim and I'm
completely baffled by this) and have some availability quite soon to help,
drop me a line. I'm serious, and very much in need. Preferably you know
mod_ssl and OpenSSL extremely well, and even better would be if you have
seen and fixed this problem before.
-- sgl
=======================================================
Steve Lane
Vice President
The Moyer Group
14 North Peoria St Suite 2H
Chicago, IL 60607
Voice: (312) 433-2421 Email: slane@moyergroup.com
Fax: (312) 850-3930 Web: http://www.moyergroup.com
=======================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSLengine Error on Apachectl restart
Posted by Catherine Pinatiello <ca...@injuryfree.com>.
Line 662 is :
SSLEngine On
The error logs have nothing relevant.
Jeff Cohen wrote:
> What do you have at line 662??
> What does the error log say??
>
> Jeff Cohen
> Support@GEJ-IT.com
> Tel. (416) 917-2324
> www.GEJ-IT.com
> GEJ-IT Networks!
>
>
>
>
>>-----Original Message-----
>>From: Catherine Pinatiello [mailto:cathy@injuryfree.com]
>>Sent: Tuesday, July 22, 2003 6:35 PM
>>To: users@httpd.apache.org
>>Subject: [users@httpd] SSLengine Error on Apachectl restart
>>
>>Hi -
>>
>>When trying to restart apache (without first stopping it) with apachectl
>> I get this error:
>>
>>Syntax error on line 662 of /etc/httpd/conf/httpd.conf:
>>Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module
>>not included in the server configuration
>>
>>I have done some research on this issue and double checked my mod_ssl,
>>openssl installation and made sure that the LoadModule statement was
>>correct in httpd.conf. Everything is as it should be.
>>
>>As a matter of fact, despite this error, apache starts and stops just
>>fine without using apachectl, and my SSL certificates come through
>>properly when using https. So the server acts just like it should,
>>except that I cannot start, or restart it using the apachectl script.
>>
>>Any idea why apachectl would be causing this error?
>>
>>Thanks.
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] SSLengine Error on Apachectl restart
Posted by Jeff Cohen <su...@gej-it.com>.
What do you have at line 662??
What does the error log say??
Jeff Cohen
Support@GEJ-IT.com
Tel. (416) 917-2324
www.GEJ-IT.com
GEJ-IT Networks!
> -----Original Message-----
> From: Catherine Pinatiello [mailto:cathy@injuryfree.com]
> Sent: Tuesday, July 22, 2003 6:35 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] SSLengine Error on Apachectl restart
>
> Hi -
>
> When trying to restart apache (without first stopping it) with apachectl
> I get this error:
>
> Syntax error on line 662 of /etc/httpd/conf/httpd.conf:
> Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module
> not included in the server configuration
>
> I have done some research on this issue and double checked my mod_ssl,
> openssl installation and made sure that the LoadModule statement was
> correct in httpd.conf. Everything is as it should be.
>
> As a matter of fact, despite this error, apache starts and stops just
> fine without using apachectl, and my SSL certificates come through
> properly when using https. So the server acts just like it should,
> except that I cannot start, or restart it using the apachectl script.
>
> Any idea why apachectl would be causing this error?
>
> Thanks.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org