You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bill Parker <do...@netnevada.net> on 2003/01/03 05:58:50 UTC
[users@httpd] Apache HTTPS
Hi All,
I need to know how to get apache 1.3.23 working so it can service HTTPS
requests properly. I have a Caldera OpenLinux 3.1.1 box which works fine with
https://<ip addr> so I know it should NOT be that hard on SuSE 8.0
Here is what I have installed:
billp@nermal:~> rpm -q apache
apache-1.3.23-142
billp@nermal:~> rpm -q openssl
openssl-0.9.6c-80
billp@nermal:~> rpm -q mod_ssl
mod_ssl-2.8.7-110
Now I have added the the following lines to /etc/httpd/httpd.conf:
after line 316 I inserted:
AddModule mod_ssl.c
This is the section which contains all the AddModule directives
after line 267 I inserted:
LoadModule ssl_module /usr/lib/apache/libssl.so
Now in starting up apache with /etc/init.d/apache start, I see no LISTEN
requests
on port 443 (https/TCP), but in the /var/log/httpd/ssl_engine_log I get the
info
listed below:
[02/Jan/2003 14:49:36 18296] [info] Server: Apache/1.3.23, Interface:
mod_ssl/2.8.7, Library: OpenSSL/0.9.6c
[02/Jan/2003 14:49:36 18296] [info] Init: 1st startup round (still not
detached)
[02/Jan/2003 14:49:36 18296] [info] Init: Initializing OpenSSL library
[02/Jan/2003 14:49:36 18296] [info] Init: Seeding PRNG with 136 bytes of
entropy
[02/Jan/2003 14:49:36 18296] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[02/Jan/2003 14:49:37 18296] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[02/Jan/2003 14:49:38 18297] [info] Init: 2nd startup round (already detached)
[02/Jan/2003 14:49:38 18297] [info] Init: Reinitializing OpenSSL library
[02/Jan/2003 14:49:38 18297] [info] Init: Seeding PRNG with 136 bytes of
entropy
[02/Jan/2003 14:49:38 18297] [info] Init: Configuring temporary RSA
private keys (512/1024 bits)
[02/Jan/2003 14:49:38 18297] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[02/Jan/2003 14:49:38 18297] [info] Init: Initializing (virtual) servers
for SSL
Can someone tell me what I am doing wrong, it shouldn't be so hard to get
apache
under SuSE 8.0 to process https://<some IP>
Also, will SuSE be upgrading Apache to 1.3.27, since apache.org states that
this
should be done to close all security issues? Or does keeping everything
patched
via Online Update in 'Yast2' cover apache 1.3.23 effectively?
-Bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache HTTPS
Posted by JDeSalle <jd...@earthlink.net>.
Bill,
I think you should upgrade openssl to openssl-0.9.6g or better for
security reasons also.
jd
Bill Parker wrote:
> Hi All,
>
> I need to know how to get apache 1.3.23 working so it can service
> HTTPS
> requests properly. I have a Caldera OpenLinux 3.1.1 box which works
> fine with
> https://<ip addr> so I know it should NOT be that hard on SuSE 8.0
>
> Here is what I have installed:
>
> billp@nermal:~> rpm -q apache
> apache-1.3.23-142
>
> billp@nermal:~> rpm -q openssl
> openssl-0.9.6c-80
>
> billp@nermal:~> rpm -q mod_ssl
> mod_ssl-2.8.7-110
>
> Now I have added the the following lines to /etc/httpd/httpd.conf:
>
> after line 316 I inserted:
>
> AddModule mod_ssl.c
>
> This is the section which contains all the AddModule directives
>
> after line 267 I inserted:
>
> LoadModule ssl_module /usr/lib/apache/libssl.so
>
> Now in starting up apache with /etc/init.d/apache start, I see no
> LISTEN requests
> on port 443 (https/TCP), but in the /var/log/httpd/ssl_engine_log I
> get the info
> listed below:
>
> [02/Jan/2003 14:49:36 18296] [info] Server: Apache/1.3.23, Interface:
> mod_ssl/2.8.7, Library: OpenSSL/0.9.6c
> [02/Jan/2003 14:49:36 18296] [info] Init: 1st startup round (still
> not detached)
> [02/Jan/2003 14:49:36 18296] [info] Init: Initializing OpenSSL library
> [02/Jan/2003 14:49:36 18296] [info] Init: Seeding PRNG with 136 bytes
> of entropy
> [02/Jan/2003 14:49:36 18296] [info] Init: Generating temporary RSA
> private keys (512/1024 bits)
> [02/Jan/2003 14:49:37 18296] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info] Init: 2nd startup round (already
> detached)
> [02/Jan/2003 14:49:38 18297] [info] Init: Reinitializing OpenSSL library
> [02/Jan/2003 14:49:38 18297] [info] Init: Seeding PRNG with 136 bytes
> of entropy
> [02/Jan/2003 14:49:38 18297] [info] Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info] Init: Initializing (virtual)
> servers for SSL
>
> Can someone tell me what I am doing wrong, it shouldn't be so hard to
> get apache
> under SuSE 8.0 to process https://<some IP>
>
> Also, will SuSE be upgrading Apache to 1.3.27, since apache.org states
> that this
> should be done to close all security issues? Or does keeping
> everything patched
> via Online Update in 'Yast2' cover apache 1.3.23 effectively?
>
> -Bill
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Apache HTTPS
Posted by Jeff Cohen <ap...@gej-it.com>.
You can either, create a VirtualHost or add the line:
Listen 443
To your conf file, or add the following line:
<IfModule mod_ssl.c>
Include /etc/httpd/ssl.conf
</IfModule>
and in that ssl.conf file add any configuration for the SSL, such as
Listen <port> , <VirtualHost>, AuthType and etc.
All the best,
Jeff Cohen
> -----Original Message-----
> From: Bill Parker [mailto:dogbert@netnevada.net]
> Sent: Thursday, January 02, 2003 11:59 PM
> To: suse-linux-e@suse.com
> Cc: users@httpd.apache.org
> Subject: [users@httpd] Apache HTTPS
>
> Hi All,
>
> I need to know how to get apache 1.3.23 working so it can
service
> HTTPS
> requests properly. I have a Caldera OpenLinux 3.1.1 box which works
fine
> with
> https://<ip addr> so I know it should NOT be that hard on SuSE 8.0
>
> Here is what I have installed:
>
> billp@nermal:~> rpm -q apache
> apache-1.3.23-142
>
> billp@nermal:~> rpm -q openssl
> openssl-0.9.6c-80
>
> billp@nermal:~> rpm -q mod_ssl
> mod_ssl-2.8.7-110
>
> Now I have added the the following lines to /etc/httpd/httpd.conf:
>
> after line 316 I inserted:
>
> AddModule mod_ssl.c
>
> This is the section which contains all the AddModule directives
>
> after line 267 I inserted:
>
> LoadModule ssl_module /usr/lib/apache/libssl.so
>
> Now in starting up apache with /etc/init.d/apache start, I see no
LISTEN
> requests
> on port 443 (https/TCP), but in the /var/log/httpd/ssl_engine_log I
get
> the
> info
> listed below:
>
> [02/Jan/2003 14:49:36 18296] [info] Server: Apache/1.3.23, Interface:
> mod_ssl/2.8.7, Library: OpenSSL/0.9.6c
> [02/Jan/2003 14:49:36 18296] [info] Init: 1st startup round (still
not
> detached)
> [02/Jan/2003 14:49:36 18296] [info] Init: Initializing OpenSSL
library
> [02/Jan/2003 14:49:36 18296] [info] Init: Seeding PRNG with 136 bytes
of
> entropy
> [02/Jan/2003 14:49:36 18296] [info] Init: Generating temporary RSA
> private
> keys (512/1024 bits)
> [02/Jan/2003 14:49:37 18296] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info] Init: 2nd startup round (already
> detached)
> [02/Jan/2003 14:49:38 18297] [info] Init: Reinitializing OpenSSL
library
> [02/Jan/2003 14:49:38 18297] [info] Init: Seeding PRNG with 136 bytes
of
> entropy
> [02/Jan/2003 14:49:38 18297] [info] Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info] Init: Initializing (virtual)
servers
> for SSL
>
> Can someone tell me what I am doing wrong, it shouldn't be so hard to
get
> apache
> under SuSE 8.0 to process https://<some IP>
>
> Also, will SuSE be upgrading Apache to 1.3.27, since apache.org states
> that
> this
> should be done to close all security issues? Or does keeping
everything
> patched
> via Online Update in 'Yast2' cover apache 1.3.23 effectively?
>
> -Bill
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org