You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Bill Parker <do...@netnevada.net> on 2003/01/03 05:58:50 UTC

[users@httpd] Apache HTTPS

Hi All,

	I need to know how to get apache 1.3.23 working so it can service HTTPS
requests properly.  I have a Caldera OpenLinux 3.1.1 box which works fine with
https://<ip addr> so I know it should NOT be that hard on SuSE 8.0

Here is what I have installed:

billp@nermal:~> rpm -q apache
apache-1.3.23-142

billp@nermal:~> rpm -q openssl
openssl-0.9.6c-80

billp@nermal:~> rpm -q mod_ssl
mod_ssl-2.8.7-110

Now I have added the the following lines to /etc/httpd/httpd.conf:

after line 316 I inserted:

AddModule mod_ssl.c

This is the section which contains all the AddModule directives

after line 267 I inserted:

LoadModule ssl_module         /usr/lib/apache/libssl.so

Now in starting up apache with /etc/init.d/apache start, I see no LISTEN 
requests
on port 443 (https/TCP), but in the /var/log/httpd/ssl_engine_log I get the 
info
listed below:

[02/Jan/2003 14:49:36 18296] [info]  Server: Apache/1.3.23, Interface: 
mod_ssl/2.8.7, Library: OpenSSL/0.9.6c
[02/Jan/2003 14:49:36 18296] [info]  Init: 1st startup round (still not 
detached)
[02/Jan/2003 14:49:36 18296] [info]  Init: Initializing OpenSSL library
[02/Jan/2003 14:49:36 18296] [info]  Init: Seeding PRNG with 136 bytes of 
entropy
[02/Jan/2003 14:49:36 18296] [info]  Init: Generating temporary RSA private 
keys (512/1024 bits)
[02/Jan/2003 14:49:37 18296] [info]  Init: Configuring temporary DH 
parameters (512/1024 bits)
[02/Jan/2003 14:49:38 18297] [info]  Init: 2nd startup round (already detached)
[02/Jan/2003 14:49:38 18297] [info]  Init: Reinitializing OpenSSL library
[02/Jan/2003 14:49:38 18297] [info]  Init: Seeding PRNG with 136 bytes of 
entropy
[02/Jan/2003 14:49:38 18297] [info]  Init: Configuring temporary RSA 
private keys (512/1024 bits)
[02/Jan/2003 14:49:38 18297] [info]  Init: Configuring temporary DH 
parameters (512/1024 bits)
[02/Jan/2003 14:49:38 18297] [info]  Init: Initializing (virtual) servers 
for SSL

Can someone tell me what I am doing wrong, it shouldn't be so hard to get 
apache
under SuSE 8.0 to process https://<some IP>

Also, will SuSE be upgrading Apache to 1.3.27, since apache.org states that 
this
should be done to close all security issues?  Or does keeping everything 
patched
via Online Update in 'Yast2' cover apache 1.3.23 effectively?

-Bill


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache HTTPS

Posted by JDeSalle <jd...@earthlink.net>.

Bill,

I think you should upgrade openssl to openssl-0.9.6g or better for 
security reasons also.

jd



Bill Parker wrote:

> Hi All,
>
>     I need to know how to get apache 1.3.23 working so it can service 
> HTTPS
> requests properly.  I have a Caldera OpenLinux 3.1.1 box which works 
> fine with
> https://<ip addr> so I know it should NOT be that hard on SuSE 8.0
>
> Here is what I have installed:
>
> billp@nermal:~> rpm -q apache
> apache-1.3.23-142
>
> billp@nermal:~> rpm -q openssl
> openssl-0.9.6c-80
>
> billp@nermal:~> rpm -q mod_ssl
> mod_ssl-2.8.7-110
>
> Now I have added the the following lines to /etc/httpd/httpd.conf:
>
> after line 316 I inserted:
>
> AddModule mod_ssl.c
>
> This is the section which contains all the AddModule directives
>
> after line 267 I inserted:
>
> LoadModule ssl_module         /usr/lib/apache/libssl.so
>
> Now in starting up apache with /etc/init.d/apache start, I see no 
> LISTEN requests
> on port 443 (https/TCP), but in the /var/log/httpd/ssl_engine_log I 
> get the info
> listed below:
>
> [02/Jan/2003 14:49:36 18296] [info]  Server: Apache/1.3.23, Interface: 
> mod_ssl/2.8.7, Library: OpenSSL/0.9.6c
> [02/Jan/2003 14:49:36 18296] [info]  Init: 1st startup round (still 
> not detached)
> [02/Jan/2003 14:49:36 18296] [info]  Init: Initializing OpenSSL library
> [02/Jan/2003 14:49:36 18296] [info]  Init: Seeding PRNG with 136 bytes 
> of entropy
> [02/Jan/2003 14:49:36 18296] [info]  Init: Generating temporary RSA 
> private keys (512/1024 bits)
> [02/Jan/2003 14:49:37 18296] [info]  Init: Configuring temporary DH 
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info]  Init: 2nd startup round (already 
> detached)
> [02/Jan/2003 14:49:38 18297] [info]  Init: Reinitializing OpenSSL library
> [02/Jan/2003 14:49:38 18297] [info]  Init: Seeding PRNG with 136 bytes 
> of entropy
> [02/Jan/2003 14:49:38 18297] [info]  Init: Configuring temporary RSA 
> private keys (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info]  Init: Configuring temporary DH 
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info]  Init: Initializing (virtual) 
> servers for SSL
>
> Can someone tell me what I am doing wrong, it shouldn't be so hard to 
> get apache
> under SuSE 8.0 to process https://<some IP>
>
> Also, will SuSE be upgrading Apache to 1.3.27, since apache.org states 
> that this
> should be done to close all security issues?  Or does keeping 
> everything patched
> via Online Update in 'Yast2' cover apache 1.3.23 effectively?
>
> -Bill
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Apache HTTPS

Posted by Jeff Cohen <ap...@gej-it.com>.

You can either, create a VirtualHost or add the line:
Listen 443
To your conf file, or add the following line:
<IfModule mod_ssl.c>
    Include /etc/httpd/ssl.conf
</IfModule>
and in that ssl.conf file add any configuration for the SSL, such as
Listen <port> , <VirtualHost>, AuthType and etc.

All the best,

Jeff Cohen


> -----Original Message-----
> From: Bill Parker [mailto:dogbert@netnevada.net]
> Sent: Thursday, January 02, 2003 11:59 PM
> To: suse-linux-e@suse.com
> Cc: users@httpd.apache.org
> Subject: [users@httpd] Apache HTTPS
> 
> Hi All,
> 
> 	I need to know how to get apache 1.3.23 working so it can
service
> HTTPS
> requests properly.  I have a Caldera OpenLinux 3.1.1 box which works
fine
> with
> https://<ip addr> so I know it should NOT be that hard on SuSE 8.0
> 
> Here is what I have installed:
> 
> billp@nermal:~> rpm -q apache
> apache-1.3.23-142
> 
> billp@nermal:~> rpm -q openssl
> openssl-0.9.6c-80
> 
> billp@nermal:~> rpm -q mod_ssl
> mod_ssl-2.8.7-110
> 
> Now I have added the the following lines to /etc/httpd/httpd.conf:
> 
> after line 316 I inserted:
> 
> AddModule mod_ssl.c
> 
> This is the section which contains all the AddModule directives
> 
> after line 267 I inserted:
> 
> LoadModule ssl_module         /usr/lib/apache/libssl.so
> 
> Now in starting up apache with /etc/init.d/apache start, I see no
LISTEN
> requests
> on port 443 (https/TCP), but in the /var/log/httpd/ssl_engine_log I
get
> the
> info
> listed below:
> 
> [02/Jan/2003 14:49:36 18296] [info]  Server: Apache/1.3.23, Interface:
> mod_ssl/2.8.7, Library: OpenSSL/0.9.6c
> [02/Jan/2003 14:49:36 18296] [info]  Init: 1st startup round (still
not
> detached)
> [02/Jan/2003 14:49:36 18296] [info]  Init: Initializing OpenSSL
library
> [02/Jan/2003 14:49:36 18296] [info]  Init: Seeding PRNG with 136 bytes
of
> entropy
> [02/Jan/2003 14:49:36 18296] [info]  Init: Generating temporary RSA
> private
> keys (512/1024 bits)
> [02/Jan/2003 14:49:37 18296] [info]  Init: Configuring temporary DH
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info]  Init: 2nd startup round (already
> detached)
> [02/Jan/2003 14:49:38 18297] [info]  Init: Reinitializing OpenSSL
library
> [02/Jan/2003 14:49:38 18297] [info]  Init: Seeding PRNG with 136 bytes
of
> entropy
> [02/Jan/2003 14:49:38 18297] [info]  Init: Configuring temporary RSA
> private keys (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info]  Init: Configuring temporary DH
> parameters (512/1024 bits)
> [02/Jan/2003 14:49:38 18297] [info]  Init: Initializing (virtual)
servers
> for SSL
> 
> Can someone tell me what I am doing wrong, it shouldn't be so hard to
get
> apache
> under SuSE 8.0 to process https://<some IP>
> 
> Also, will SuSE be upgrading Apache to 1.3.27, since apache.org states
> that
> this
> should be done to close all security issues?  Or does keeping
everything
> patched
> via Online Update in 'Yast2' cover apache 1.3.23 effectively?
> 
> -Bill
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org