You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by LuKreme <kr...@kreme.com> on 2009/08/04 02:16:24 UTC
[users@httpd] Secure and unsecure apache
I have a FreeBSD-6.2 server with apache-2.2.4 which unly runs an
instance of the webmail client Squirrelmail
so, I have the server name set to
ServerName webmail.example.com
and I have
DocumentRoot "/usr/local/www/squirrelmail"
and then I have:
Listen 80
Listen 443
NameVirtualHost *:443
NameVirtualHost *:80
then I have:
<VirtualHost *:443>
ServerName securemail.example.com
SSLCertificateFile /usr/local/etc/apache22/server.pem
SSLCertificateKeyFile /usr/local/etc/apache22/server.key
ServerAdmin admin@example.com
DocumentRoot /usr/local/www/squirrelmail/
ErrorLog /var/log/httpd-error.log
CustomLog /var/log/httpd-access.log combined
DirectoryIndex secure.html
</VirtualHost>
If I go to webmail.example.com, it all works perfectly, but over http.
If I go to https://securemail.example.com I get:
An error occurred during a connection to securemail.example.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
However, nothing is logged to /var/log/httpd-error.log
I can ping securemail.example.com and it gets to the right IP address.
I can list the .key and .pem files:
--
So here's us, on the raggedy edge. Don't push me. And
I won't push you.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Secure and unsecure apache
Posted by LuKreme <kr...@kreme.com>.
On 3-Aug-2009, at 18:39, Eric Covener wrote:
> On Mon, Aug 3, 2009 at 8:16 PM, LuKreme<kr...@kreme.com> wrote:
>> <VirtualHost *:443>
>> ServerName securemail.example.com
>> SSLCertificateFile /usr/local/etc/apache22/server.pem
>> SSLCertificateKeyFile /usr/local/etc/apache22/server.key
>> ServerAdmin admin@example.com
>> DocumentRoot /usr/local/www/squirrelmail/
>> ErrorLog /var/log/httpd-error.log
>> CustomLog /var/log/httpd-access.log combined
>> DirectoryIndex secure.html
>> </VirtualHost>
>
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslengine
OK, now at least I get something in the error log (added SSLEngine on):
[Thu Aug 06 02:08:38 2009] [notice] caught SIGTERM, shutting down
[Thu Aug 06 02:08:45 2009] [error] Init: Unable to read server
certificate from file /usr/local/etc/apache22/server.pem
[Thu Aug 06 02:08:45 2009] [error] SSL Library Error: 218529960 error:
0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Aug 06 02:08:45 2009] [error] SSL Library Error: 218595386 error:
0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Remember, server.pem is there.
$ ls -ls /usr/local/etc/apache22/server.pem
2 -rw-r--r-- 1 root wheel 891 May 3 2007 /usr/local/etc/apache22/
server.pem
I can recreate the pem and key files I suppose, I was just using self-
signed ones anyway. Is that what I need to do?
--
You think you can catch Keyser Soze? You think a guy like that
comes this close to getting caught, and sticks his head out? If
he comes up for anything it'll be to get rid of me. After that
my guess is you'll never hear from him again.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Secure and unsecure apache
Posted by Eric Covener <co...@gmail.com>.
On Mon, Aug 3, 2009 at 8:16 PM, LuKreme<kr...@kreme.com> wrote:
> <VirtualHost *:443>
> ServerName securemail.example.com
> SSLCertificateFile /usr/local/etc/apache22/server.pem
> SSLCertificateKeyFile /usr/local/etc/apache22/server.key
> ServerAdmin admin@example.com
> DocumentRoot /usr/local/www/squirrelmail/
> ErrorLog /var/log/httpd-error.log
> CustomLog /var/log/httpd-access.log combined
> DirectoryIndex secure.html
> </VirtualHost>
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslengine
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Secure and unsecure apache
Posted by LuKreme <kr...@kreme.com>.
[Sorry, premature send]
On 3-Aug-2009, at 18:16, LuKreme wrote:
> I can list the .key and .pem files:
$ ls -ls /usr/local/etc/apache22/server.key
0 lrwxr-xr-x 1 root wheel 17 May 3 2007 /usr/local/etc/apache22/
server.key -> server.key.nopass
$ ls -ls /usr/local/etc/apache22/server.key.nopass
2 -rw-r--r-- 1 root wheel 887 May 3 2007 /usr/local/etc/apache22/
server.key.nopass
$ ls -ls /usr/local/etc/apache22/server.pem
2 -rw-r--r-- 1 root wheel 891 May 3 2007 /usr/local/etc/apache22/
server.pem
--
If a pig loses its voice, is it disgruntled?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org