You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Justin Williams <ju...@naturalwebs.com> on 2002/11/15 17:30:03 UTC
[users@httpd] HTTPS?
This may or may not be the right place to post this; I think it is but,
please tell me if not.
I have two IPs on the same NIC. .13 and .18
.18 (on eth0:1) is reserved for an IP-based virtual domain, which is set up
in the conf listening only on :443.
.13 (on eth0) is everything else.
I have gotten my CRT from Verisign and placed that into the directory where
I want it to be.
I have the cert and key referenced in the conf file.
If I go to http://IP.18, the most recently configured domain on .13 pops up.
If I go to https://IP.18, I get page could not be displayed.
Bummin' and tryin' to figure out what I am missing. From what I have been
reading, I have done all the right stuff, but, obviously, I am forgetting or
missing *something* Can somebody point me in the right distraction?
Thanks!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
Excellent! Thank you!
----- Original Message -----
From: "Jacob Coby" <jc...@listingbook.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 12:31 PM
Subject: Re: [users@httpd] HTTPS?
> > When I try apachectl startssl, I get an error regarding usage.
> > netstat -an | grep 443 returns nothing at all.
> > no firewall rules to prevent 443.
> >
> > I remember reading about apachectl startssl, and I cannot figure out why
I
> > get the response I do... It's apache 1.3.26, if that makes a
> difference...
>
> Well, there is your problem. You need to have a version of apache built
> with mod_ssl, and start it using apachectl startssl.
>
> Until you get something in the netstat for port 443, you will never be
able
> to access https from a web browser.
>
> When you get it right, there should be a line that reads:
> tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
>
> -Jacob
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
When I look at a list of modules Apache supposedly knows about, mod_ssl is
one of them. So, now I can't figure out why Apache is being argumentative
about startssl...
----- Original Message -----
From: "Justin Williams" <ju...@naturalwebs.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 1:11 PM
Subject: Re: [users@httpd] HTTPS?
> Kinda what I figured, but, too many years with winblows... ;-)
> So, I stopped apache, and tried apachectl startssl; still got a response
of
> how to use apachectl. Doesn't like startssl...
> So, I started nosing around in httpd.conf, and found:
> <IfDefine HAVE_SSL>
> AddModule mod_ssl.c
> </IfDefine>
> How do I define HAVE_SSL?? Shouldn't this be automatic, like PHP was?
>
> ----- Original Message -----
> From: "Jacob Coby" <jc...@listingbook.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, November 15, 2002 1:09 PM
> Subject: Re: [users@httpd] HTTPS?
>
>
> > > Now, I've been doing all of the above via Mandrake 8.2. mod_ssl was
> > > installed via RPM, as was Apache. Just upgraded mod_ssl, and then
> > rebooted
> > > the server altogether...
> > > Do I need to stop apache, and then use apachectl startssl?
> >
> > Dunno; depends on how Mandrake packages their RPMs. Can't hurt :)
> >
> > BTW, you didn't need to restart linux after upgrading/installing
mod_ssl.
> > Just when you upgrade kernels.
> >
> > -Jacob
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
OK,
So, this big issue now is that one domain is being pointed to the wrong
directory.
Relevant parts of VHosts.conf:
#This one points to another domain
<VirtualHost 206.28.133.18:443>
DocumentRoot /home/securesite/www
ServerName securesite.pshift.com
ServerAdmin jwilliams@pshift.com
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /home/securesite/securesite.pshift.com.crt
SSLCertificateKeyFile /home/securesite/securesite.pshift.com.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RewriteEngine On
RewriteOptions inherit
<Directory /home/securesite/www>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
NameVirtualHost 206.28.133.13
#This one works
<VirtualHost 206.28.133.13>
DocumentRoot /home/dinnersdunn/www
ServerName www.dinnersdunn.com
ServerAlias dinnersdunn.com
AliasMatch ^/~([^/]+)(/(.*))? /home/dinnersdunn/users/$1/www/$3
AliasMatch ^/users/([^/]+)(/(.*))? /home/dinnersdunn/users/$1/www/$3
ScriptAlias /cgi-bin/ /home/dinnersdunn/www/cgi-bin/
LogLevel emerg
LogFormat "combined"
</VirtualHost>
----- Original Message -----
From: "Jacob Coby" <jc...@listingbook.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, November 19, 2002 4:40 PM
Subject: Re: [users@httpd] HTTPS?
> > > ping has nothing to do with ssl. Only whether or not the TCP stack is
> > alive
> > > and the computer can be reached.
> >
> > But does not the fact that I am pinging securesite (as opposed to one of
> the
> > other domains on .13) and getting a response from the correct IP
indicate
> > something good?
>
> No, not really. Pinging the .18 ip and getting a response only means that
> the .18 interface is up and running. You still have to have something
> waiting for a connection. In this case, you want apache to listen on port
> 443 for ssl connections. That's where netstat -an | grep LISTEN comes
into
> play. You can also portscan (i use nmap from insecure.org) your server
from
> another to see what ports are open to connections.
>
> I guess you could think of IP addresses and ports as an office building
(the
> IP address) and offices (the port). The mail you send to office 80 goes
to
> a totally different person than to office 443, even though they are at the
> same building.
>
> ping would be analagous to having someone drive by and make sure that the
> building exists and then drops off a piece of mail to send back to you.
If
> you get the mail back, the building exists, is ready for more mail, and
you
> can now send packages to specific offices (and they can send packages back
> to you).
>
> netstat -an | grep 443 would be walking over to office 443 and making sure
> that there is someone there waiting for packages.
>
> > > Sounds like you have some VirtualHost problems if you are getting the
> .13
> > > site on .18.
> >
> > If it helps, I'll post the relevant parts of the VHosts.conf file... I
> > honestly don't see anything squirrely, but I'd be happy for more
> experienced
> > eyes to show me the light!
> >
> > > usage: /usr/local/apache/bin/apachectl
> > > (start|stop|restart|fullstatus|status|graceful|configtest|help)
> >
> > Here is where it ends. I don't get the other lines.
>
> Doesn't look like you need the startssl option as mod_ssl and SSL configs
> are always getting loaded. All the startssl option does is pass -DSSL so
> that the <IfDefine SSL> tags are parsed.
>
> > > netstat -an | grep 443; Do you see anything? Until you do, apache
> isn't
> > > listening on port 443, the SSL port.
> >
> > nothing... Until I uncommented Listen 443 from the mod_ssl.conf file...
> > Then I got exactly as typed below, and https://securesite brings up the
> > default page for http://freesites, after first complaining that the cert
> was
> > for the wrong domain.
>
> Ok, good, you now have ssl working, its down to VHost config problems.
The
> cert warning is from not having a valid cert for the securesite domain.
>
> > In nosing through all the FAQs I can find, as well as the chapter on SSL
> in
> > Linux System Administration (from Craig Hunt Library), I think I have
the
> > directives in there as I am supposed to, but, again, I will be happy to
> post
> > them if that will help...
>
> If you can't figure out why you're getting the results that you are, go
> ahead and post the problem along with the relevant configurations and any
> errors/warning you get when starting apache. I'm not the best with
> VirtualHosts, but several on this list will be able to help you. There
was
> a really good thread explaining them last week or the week before, you
might
> want to check out the archives.
>
> > Just in case I haven't said it yet, THANKS!!
>
> No problem :-)
>
> -Jacob
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Jacob Coby <jc...@listingbook.com>.
> > ping has nothing to do with ssl. Only whether or not the TCP stack is
> alive
> > and the computer can be reached.
>
> But does not the fact that I am pinging securesite (as opposed to one of
the
> other domains on .13) and getting a response from the correct IP indicate
> something good?
No, not really. Pinging the .18 ip and getting a response only means that
the .18 interface is up and running. You still have to have something
waiting for a connection. In this case, you want apache to listen on port
443 for ssl connections. That's where netstat -an | grep LISTEN comes into
play. You can also portscan (i use nmap from insecure.org) your server from
another to see what ports are open to connections.
I guess you could think of IP addresses and ports as an office building (the
IP address) and offices (the port). The mail you send to office 80 goes to
a totally different person than to office 443, even though they are at the
same building.
ping would be analagous to having someone drive by and make sure that the
building exists and then drops off a piece of mail to send back to you. If
you get the mail back, the building exists, is ready for more mail, and you
can now send packages to specific offices (and they can send packages back
to you).
netstat -an | grep 443 would be walking over to office 443 and making sure
that there is someone there waiting for packages.
> > Sounds like you have some VirtualHost problems if you are getting the
.13
> > site on .18.
>
> If it helps, I'll post the relevant parts of the VHosts.conf file... I
> honestly don't see anything squirrely, but I'd be happy for more
experienced
> eyes to show me the light!
>
> > usage: /usr/local/apache/bin/apachectl
> > (start|stop|restart|fullstatus|status|graceful|configtest|help)
>
> Here is where it ends. I don't get the other lines.
Doesn't look like you need the startssl option as mod_ssl and SSL configs
are always getting loaded. All the startssl option does is pass -DSSL so
that the <IfDefine SSL> tags are parsed.
> > netstat -an | grep 443; Do you see anything? Until you do, apache
isn't
> > listening on port 443, the SSL port.
>
> nothing... Until I uncommented Listen 443 from the mod_ssl.conf file...
> Then I got exactly as typed below, and https://securesite brings up the
> default page for http://freesites, after first complaining that the cert
was
> for the wrong domain.
Ok, good, you now have ssl working, its down to VHost config problems. The
cert warning is from not having a valid cert for the securesite domain.
> In nosing through all the FAQs I can find, as well as the chapter on SSL
in
> Linux System Administration (from Craig Hunt Library), I think I have the
> directives in there as I am supposed to, but, again, I will be happy to
post
> them if that will help...
If you can't figure out why you're getting the results that you are, go
ahead and post the problem along with the relevant configurations and any
errors/warning you get when starting apache. I'm not the best with
VirtualHosts, but several on this list will be able to help you. There was
a really good thread explaining them last week or the week before, you might
want to check out the archives.
> Just in case I haven't said it yet, THANKS!!
No problem :-)
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
> ping has nothing to do with ssl. Only whether or not the TCP stack is
alive
> and the computer can be reached.
But does not the fact that I am pinging securesite (as opposed to one of the
other domains on .13) and getting a response from the correct IP indicate
something good?
> Sounds like you have some VirtualHost problems if you are getting the .13
> site on .18.
If it helps, I'll post the relevant parts of the VHosts.conf file... I
honestly don't see anything squirrely, but I'd be happy for more experienced
eyes to show me the light!
> You get something similar to:
>
> usage: /usr/local/apache/bin/apachectl
> (start|stop|restart|fullstatus|status|graceful|configtest|help)
Here is where it ends. I don't get the other lines.
>
> How are you looking up system information?
>
Via netcraft.com (What is this system running) and also via apachectl
extendedstatus
> > If I start apache normally (apachectl start), it screams about the first
> > SSL-related line in the SSLed domain directive.
>
> That's because SSL directives aren't valid if you don't have mod_ssl
> running. Your SSL stuff should be inside <IfDefine SSL></IfDefine>
blocks.
In there is:
LoadModule ssl_module extramodules/libssl.so
AddModule mod_ssl.c
AddModule mod_vhost_alias.c
> netstat -an | grep 443; Do you see anything? Until you do, apache isn't
> listening on port 443, the SSL port.
nothing... Until I uncommented Listen 443 from the mod_ssl.conf file...
Then I got exactly as typed below, and https://securesite brings up the
default page for http://freesites, after first complaining that the cert was
for the wrong domain.
> tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
>
> > If I type in httpd -DSSL, it screams about the first line for the SSLed
> > domain... Same error as if I type in apachectl startssl
>
> You've got a syntax error. You should probably fix it.
In nosing through all the FAQs I can find, as well as the chapter on SSL in
Linux System Administration (from Craig Hunt Library), I think I have the
directives in there as I am supposed to, but, again, I will be happy to post
them if that will help...
Just in case I haven't said it yet, THANKS!!
>
> -Jacob
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Jacob Coby <jc...@listingbook.com>.
> The SSL is on .18
> If I ping the SSLed domain from that specific machine, I get a reply from
> .18. This would indicate to me that Apache knows what IP it is supposed
to
> be on.
> If I ping the SSLed domain from any other machine, I get a reply from .13.
ping has nothing to do with ssl. Only whether or not the TCP stack is alive
and the computer can be reached.
> If I go to http://ssled domain, I get the most recently added name-based
> virtual domain.
> If I go to https://ssled domain, I get "cannot be found."
> If I go to http://.18, I get the default site on .13.
> If I go to https://.18, I get cannot be found.
> If I go to http://ssled domain:443, I get site cannot be found
Sounds like you have some VirtualHost problems if you are getting the .13
site on .18.
> Anybody else confused yet?
> I type in as root "apachectl startssl", and I get a response for apachectl
> usage, with no option for startssl.
You get something similar to:
usage: /usr/local/apache/bin/apachectl
(start|stop|restart|fullstatus|status|graceful|configtest|help)
start - start httpd
startssl - start httpd with SSL enabled
(more options)
Correct?
> I look up system information, asking Apache what it knows about, and it
> shows mod_ssl. This *should* mean that I have access to the startssl
option
> for apachectl, but that blows up.
How are you looking up system information?
> If I start apache normally (apachectl start), it screams about the first
> SSL-related line in the SSLed domain directive.
That's because SSL directives aren't valid if you don't have mod_ssl
running. Your SSL stuff should be inside <IfDefine SSL></IfDefine> blocks.
> So, at this point, I am wondering if the mod_ssl was correctly added, and
> whether or not Apache *really* knows how to serve up anything on :443.
Can
> anybody confirm?
netstat -an | grep 443; Do you see anything? Until you do, apache isn't
listening on port 443, the SSL port.
You MUST have a line that reads before SSL has a chance of working from a
browser:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
> If I type in httpd -DSSL, it screams about the first line for the SSLed
> domain... Same error as if I type in apachectl startssl
You've got a syntax error. You should probably fix it.
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
Interestingly enough, when I look through apachectl, I see nothing
about -DSSL anywhere in there.
I see no function for startssl, so, where do I put the code mentioned by
Jacob?
----- Original Message -----
From: "Justin Williams" <ju...@naturalwebs.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, November 19, 2002 3:45 PM
Subject: Re: [users@httpd] HTTPS?
> Before I start tinkering on a production machine, here's a bit more info:
>
> Here's where it gets weird...
> eth0 has IP .13
> eth0:1 has IP .18
>
> The SSL is on .18
> If I ping the SSLed domain from that specific machine, I get a reply from
> .18. This would indicate to me that Apache knows what IP it is supposed
to
> be on.
> If I ping the SSLed domain from any other machine, I get a reply from .13.
>
> If I go to http://ssled domain, I get the most recently added name-based
> virtual domain.
> If I go to https://ssled domain, I get "cannot be found."
> If I go to http://.18, I get the default site on .13.
> If I go to https://.18, I get cannot be found.
> If I go to http://ssled domain:443, I get site cannot be found
>
> Anybody else confused yet?
> I type in as root "apachectl startssl", and I get a response for apachectl
> usage, with no option for startssl.
>
> I look up system information, asking Apache what it knows about, and it
> shows mod_ssl. This *should* mean that I have access to the startssl
option
> for apachectl, but that blows up.
>
> If I start apache normally (apachectl start), it screams about the first
> SSL-related line in the SSLed domain directive.
>
> So, at this point, I am wondering if the mod_ssl was correctly added, and
> whether or not Apache *really* knows how to serve up anything on :443.
Can
> anybody confirm?
>
> If I type in httpd -DSSL, it screams about the first line for the SSLed
> domain... Same error as if I type in apachectl startssl
>
> ----- Original Message -----
> From: "Jacob Coby" <jc...@listingbook.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, November 15, 2002 1:20 PM
> Subject: Re: [users@httpd] HTTPS?
>
>
> > > Kinda what I figured, but, too many years with winblows... ;-)
> > > So, I stopped apache, and tried apachectl startssl; still got a
response
> > of
> > > how to use apachectl. Doesn't like startssl...
> > > So, I started nosing around in httpd.conf, and found:
> > > <IfDefine HAVE_SSL>
> > > AddModule mod_ssl.c
> > > </IfDefine>
> > > How do I define HAVE_SSL?? Shouldn't this be automatic, like PHP was?
> >
> > HAVE_SSL is defined when you start a copy of apache that is SSL-enabled.
> >
> > You may have to upgrade your apachectl package to one that includes the
> > startssl option. In the meantime, you can manually start apache with
with
> > SSL by running:
> >
> > httpd -DSSL
> >
> > I've included the pertinant startssl lines from my copy of apachectl if
> you
> > want to modify your copy. Add them to right after the fi ;; lines in
the
> > start) block.
> >
> > -Jacob
> >
> > -- modified apachectl lines follow --
> > -- this goes on line 78 in my copy, yours may be different.
> > startssl|sslstart|start-SSL)
> > if [ $RUNNING -eq 1 ]; then
> > echo "$0 $ARG: httpd (pid $PID) already running"
> > continue
> > fi
> > if $HTTPD -DSSL; then
> > echo "$0 $ARG: httpd started"
> > else
> > echo "$0 $ARG: httpd could not be started"
> > ERROR=3
> > fi
> > ;;
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
Before I start tinkering on a production machine, here's a bit more info:
Here's where it gets weird...
eth0 has IP .13
eth0:1 has IP .18
The SSL is on .18
If I ping the SSLed domain from that specific machine, I get a reply from
.18. This would indicate to me that Apache knows what IP it is supposed to
be on.
If I ping the SSLed domain from any other machine, I get a reply from .13.
If I go to http://ssled domain, I get the most recently added name-based
virtual domain.
If I go to https://ssled domain, I get "cannot be found."
If I go to http://.18, I get the default site on .13.
If I go to https://.18, I get cannot be found.
If I go to http://ssled domain:443, I get site cannot be found
Anybody else confused yet?
I type in as root "apachectl startssl", and I get a response for apachectl
usage, with no option for startssl.
I look up system information, asking Apache what it knows about, and it
shows mod_ssl. This *should* mean that I have access to the startssl option
for apachectl, but that blows up.
If I start apache normally (apachectl start), it screams about the first
SSL-related line in the SSLed domain directive.
So, at this point, I am wondering if the mod_ssl was correctly added, and
whether or not Apache *really* knows how to serve up anything on :443. Can
anybody confirm?
If I type in httpd -DSSL, it screams about the first line for the SSLed
domain... Same error as if I type in apachectl startssl
----- Original Message -----
From: "Jacob Coby" <jc...@listingbook.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 1:20 PM
Subject: Re: [users@httpd] HTTPS?
> > Kinda what I figured, but, too many years with winblows... ;-)
> > So, I stopped apache, and tried apachectl startssl; still got a response
> of
> > how to use apachectl. Doesn't like startssl...
> > So, I started nosing around in httpd.conf, and found:
> > <IfDefine HAVE_SSL>
> > AddModule mod_ssl.c
> > </IfDefine>
> > How do I define HAVE_SSL?? Shouldn't this be automatic, like PHP was?
>
> HAVE_SSL is defined when you start a copy of apache that is SSL-enabled.
>
> You may have to upgrade your apachectl package to one that includes the
> startssl option. In the meantime, you can manually start apache with with
> SSL by running:
>
> httpd -DSSL
>
> I've included the pertinant startssl lines from my copy of apachectl if
you
> want to modify your copy. Add them to right after the fi ;; lines in the
> start) block.
>
> -Jacob
>
> -- modified apachectl lines follow --
> -- this goes on line 78 in my copy, yours may be different.
> startssl|sslstart|start-SSL)
> if [ $RUNNING -eq 1 ]; then
> echo "$0 $ARG: httpd (pid $PID) already running"
> continue
> fi
> if $HTTPD -DSSL; then
> echo "$0 $ARG: httpd started"
> else
> echo "$0 $ARG: httpd could not be started"
> ERROR=3
> fi
> ;;
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Jacob Coby <jc...@listingbook.com>.
> Kinda what I figured, but, too many years with winblows... ;-)
> So, I stopped apache, and tried apachectl startssl; still got a response
of
> how to use apachectl. Doesn't like startssl...
> So, I started nosing around in httpd.conf, and found:
> <IfDefine HAVE_SSL>
> AddModule mod_ssl.c
> </IfDefine>
> How do I define HAVE_SSL?? Shouldn't this be automatic, like PHP was?
HAVE_SSL is defined when you start a copy of apache that is SSL-enabled.
You may have to upgrade your apachectl package to one that includes the
startssl option. In the meantime, you can manually start apache with with
SSL by running:
httpd -DSSL
I've included the pertinant startssl lines from my copy of apachectl if you
want to modify your copy. Add them to right after the fi ;; lines in the
start) block.
-Jacob
-- modified apachectl lines follow --
-- this goes on line 78 in my copy, yours may be different.
startssl|sslstart|start-SSL)
if [ $RUNNING -eq 1 ]; then
echo "$0 $ARG: httpd (pid $PID) already running"
continue
fi
if $HTTPD -DSSL; then
echo "$0 $ARG: httpd started"
else
echo "$0 $ARG: httpd could not be started"
ERROR=3
fi
;;
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
Kinda what I figured, but, too many years with winblows... ;-)
So, I stopped apache, and tried apachectl startssl; still got a response of
how to use apachectl. Doesn't like startssl...
So, I started nosing around in httpd.conf, and found:
<IfDefine HAVE_SSL>
AddModule mod_ssl.c
</IfDefine>
How do I define HAVE_SSL?? Shouldn't this be automatic, like PHP was?
----- Original Message -----
From: "Jacob Coby" <jc...@listingbook.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 1:09 PM
Subject: Re: [users@httpd] HTTPS?
> > Now, I've been doing all of the above via Mandrake 8.2. mod_ssl was
> > installed via RPM, as was Apache. Just upgraded mod_ssl, and then
> rebooted
> > the server altogether...
> > Do I need to stop apache, and then use apachectl startssl?
>
> Dunno; depends on how Mandrake packages their RPMs. Can't hurt :)
>
> BTW, you didn't need to restart linux after upgrading/installing mod_ssl.
> Just when you upgrade kernels.
>
> -Jacob
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Jacob Coby <jc...@listingbook.com>.
> Now, I've been doing all of the above via Mandrake 8.2. mod_ssl was
> installed via RPM, as was Apache. Just upgraded mod_ssl, and then
rebooted
> the server altogether...
> Do I need to stop apache, and then use apachectl startssl?
Dunno; depends on how Mandrake packages their RPMs. Can't hurt :)
BTW, you didn't need to restart linux after upgrading/installing mod_ssl.
Just when you upgrade kernels.
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
Now, I've been doing all of the above via Mandrake 8.2. mod_ssl was
installed via RPM, as was Apache. Just upgraded mod_ssl, and then rebooted
the server altogether...
Do I need to stop apache, and then use apachectl startssl?
----- Original Message -----
From: "Jacob Coby" <jc...@listingbook.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 12:31 PM
Subject: Re: [users@httpd] HTTPS?
> > When I try apachectl startssl, I get an error regarding usage.
> > netstat -an | grep 443 returns nothing at all.
> > no firewall rules to prevent 443.
> >
> > I remember reading about apachectl startssl, and I cannot figure out why
I
> > get the response I do... It's apache 1.3.26, if that makes a
> difference...
>
> Well, there is your problem. You need to have a version of apache built
> with mod_ssl, and start it using apachectl startssl.
>
> Until you get something in the netstat for port 443, you will never be
able
> to access https from a web browser.
>
> When you get it right, there should be a line that reads:
> tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
>
> -Jacob
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Jacob Coby <jc...@listingbook.com>.
> When I try apachectl startssl, I get an error regarding usage.
> netstat -an | grep 443 returns nothing at all.
> no firewall rules to prevent 443.
>
> I remember reading about apachectl startssl, and I cannot figure out why I
> get the response I do... It's apache 1.3.26, if that makes a
difference...
Well, there is your problem. You need to have a version of apache built
with mod_ssl, and start it using apachectl startssl.
Until you get something in the netstat for port 443, you will never be able
to access https from a web browser.
When you get it right, there should be a line that reads:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
When I try apachectl startssl, I get an error regarding usage.
netstat -an | grep 443 returns nothing at all.
no firewall rules to prevent 443.
I remember reading about apachectl startssl, and I cannot figure out why I
get the response I do... It's apache 1.3.26, if that makes a difference...
----- Original Message -----
From: "Jacob Coby" <jc...@listingbook.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 12:04 PM
Subject: Re: [users@httpd] HTTPS?
> > If I go to http://IP.18, the most recently configured domain on .13 pops
> up.
> > If I go to https://IP.18, I get page could not be displayed.
>
> Humor me, are you using `apachectl startssl`?
>
> Does `netstat -an | grep 443` show anything?
>
> Do you have any ipchains/iptables/firewall rules that would prevent
traffic
> to port 443?
>
> -Jacob
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Jacob Coby <jc...@listingbook.com>.
> If I go to http://IP.18, the most recently configured domain on .13 pops
up.
> If I go to https://IP.18, I get page could not be displayed.
Humor me, are you using `apachectl startssl`?
Does `netstat -an | grep 443` show anything?
Do you have any ipchains/iptables/firewall rules that would prevent traffic
to port 443?
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Jacob Coby <jc...@listingbook.com>.
> Does this mean that every time I host a new company with its own SSL, I am
> going to need to install a new copy of Apache for them? Seems kind of
> odd...
No, that's a bad solution. You can run as many https sites as you want with
a single apache, as long as each listens on a unique ip.
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
Does this mean that every time I host a new company with its own SSL, I am
going to need to install a new copy of Apache for them? Seems kind of
odd...
----- Original Message -----
From: "Remo Mattei" <re...@italy1.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 12:04 PM
Subject: RE: [users@httpd] HTTPS?
> I am talking about a second apache not a nic, apache does not care if
> that ip is virtual.
>
> REMO
>
> -----Original Message-----
> From: Justin Williams [mailto:justin@naturalwebs.com]
> Sent: Friday, November 15, 2002 10:00 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] HTTPS?
>
> I *do* have a second NIC that I could configure to be .18. Would that
> change anything??
> ----- Original Message -----
> From: "Remo Mattei" <re...@italy1.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, November 15, 2002 12:01 PM
> Subject: RE: [users@httpd] HTTPS?
>
>
> > What's your server listen to?
> > There other thing you can do which may be even better for you is to
> run
> > a second apache just for ssl. This option is one that I have done many
> > times.
> >
> > Remo
> >
> > -----Original Message-----
> > From: Justin Williams [mailto:justin@naturalwebs.com]
> > Sent: Friday, November 15, 2002 9:56 AM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] HTTPS?
> >
> > I'm not sure that I understand
> >
> > there are a number of name-based virtual domains for .13
> > .18 is the only IP based. Do I need to create an ip-based .13 as
> well?
> >
> > Then, in the following:
> > <VirtualHost 206.28.133.18:443>
> > DocumentRoot /home/securesite/www
> > ServerName ***
> > SSLEngine on
> > SSLCertificateFile /home/securesite/securesite.pshift.com.crt
> > SSLCertificateKeyFile /home/securesite/securesite.pshift.com.key
> > DirectoryIndex index.html
> > </VirtualHost>
> >
> > What include am I putting in? There is an include to
> > Include conf/ssl/mod_ssl.conf
> > Include conf/ssl/ssl.default-vhost.conf
> > in httpd.conf, already.
> > The second include has the default ssl information. Do I need to
> create
> > *another* Virtual Host in there?
> >
> > ----- Original Message -----
> > From: "Remo Mattei" <re...@italy1.com>
> > To: <us...@httpd.apache.org>
> > Sent: Friday, November 15, 2002 11:35 AM
> > Subject: RE: [users@httpd] HTTPS?
> >
> >
> > > Did you try to create a virtual domain for the 13? And then for the
> > 18?
> > > You need to copy the ssl portion and use the include in the ssl for
> > the
> > > 18.
> > >
> > > Remo
> > >
> > > -----Original Message-----
> > > From: Justin Williams [mailto:justin@naturalwebs.com]
> > > Sent: Friday, November 15, 2002 9:30 AM
> > > To: users@httpd.apache.org
> > > Subject: [users@httpd] HTTPS?
> > >
> > > This may or may not be the right place to post this; I think it is
> > but,
> > > please tell me if not.
> > >
> > > I have two IPs on the same NIC. .13 and .18
> > > .18 (on eth0:1) is reserved for an IP-based virtual domain, which is
> > set
> > > up
> > > in the conf listening only on :443.
> > > .13 (on eth0) is everything else.
> > >
> > > I have gotten my CRT from Verisign and placed that into the
> directory
> > > where
> > > I want it to be.
> > > I have the cert and key referenced in the conf file.
> > >
> > > If I go to http://IP.18, the most recently configured domain on .13
> > pops
> > > up.
> > > If I go to https://IP.18, I get page could not be displayed.
> > >
> > > Bummin' and tryin' to figure out what I am missing. From what I
> have
> > > been
> > > reading, I have done all the right stuff, but, obviously, I am
> > > forgetting or
> > > missing *something* Can somebody point me in the right distraction?
> > > Thanks!
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
> > > Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] HTTPS?
Posted by Remo Mattei <re...@italy1.com>.
I am talking about a second apache not a nic, apache does not care if
that ip is virtual.
REMO
-----Original Message-----
From: Justin Williams [mailto:justin@naturalwebs.com]
Sent: Friday, November 15, 2002 10:00 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] HTTPS?
I *do* have a second NIC that I could configure to be .18. Would that
change anything??
----- Original Message -----
From: "Remo Mattei" <re...@italy1.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 12:01 PM
Subject: RE: [users@httpd] HTTPS?
> What's your server listen to?
> There other thing you can do which may be even better for you is to
run
> a second apache just for ssl. This option is one that I have done many
> times.
>
> Remo
>
> -----Original Message-----
> From: Justin Williams [mailto:justin@naturalwebs.com]
> Sent: Friday, November 15, 2002 9:56 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] HTTPS?
>
> I'm not sure that I understand
>
> there are a number of name-based virtual domains for .13
> .18 is the only IP based. Do I need to create an ip-based .13 as
well?
>
> Then, in the following:
> <VirtualHost 206.28.133.18:443>
> DocumentRoot /home/securesite/www
> ServerName ***
> SSLEngine on
> SSLCertificateFile /home/securesite/securesite.pshift.com.crt
> SSLCertificateKeyFile /home/securesite/securesite.pshift.com.key
> DirectoryIndex index.html
> </VirtualHost>
>
> What include am I putting in? There is an include to
> Include conf/ssl/mod_ssl.conf
> Include conf/ssl/ssl.default-vhost.conf
> in httpd.conf, already.
> The second include has the default ssl information. Do I need to
create
> *another* Virtual Host in there?
>
> ----- Original Message -----
> From: "Remo Mattei" <re...@italy1.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, November 15, 2002 11:35 AM
> Subject: RE: [users@httpd] HTTPS?
>
>
> > Did you try to create a virtual domain for the 13? And then for the
> 18?
> > You need to copy the ssl portion and use the include in the ssl for
> the
> > 18.
> >
> > Remo
> >
> > -----Original Message-----
> > From: Justin Williams [mailto:justin@naturalwebs.com]
> > Sent: Friday, November 15, 2002 9:30 AM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] HTTPS?
> >
> > This may or may not be the right place to post this; I think it is
> but,
> > please tell me if not.
> >
> > I have two IPs on the same NIC. .13 and .18
> > .18 (on eth0:1) is reserved for an IP-based virtual domain, which is
> set
> > up
> > in the conf listening only on :443.
> > .13 (on eth0) is everything else.
> >
> > I have gotten my CRT from Verisign and placed that into the
directory
> > where
> > I want it to be.
> > I have the cert and key referenced in the conf file.
> >
> > If I go to http://IP.18, the most recently configured domain on .13
> pops
> > up.
> > If I go to https://IP.18, I get page could not be displayed.
> >
> > Bummin' and tryin' to figure out what I am missing. From what I
have
> > been
> > reading, I have done all the right stuff, but, obviously, I am
> > forgetting or
> > missing *something* Can somebody point me in the right distraction?
> > Thanks!
> >
> >
> >
---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> >
---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
I *do* have a second NIC that I could configure to be .18. Would that
change anything??
----- Original Message -----
From: "Remo Mattei" <re...@italy1.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 12:01 PM
Subject: RE: [users@httpd] HTTPS?
> What's your server listen to?
> There other thing you can do which may be even better for you is to run
> a second apache just for ssl. This option is one that I have done many
> times.
>
> Remo
>
> -----Original Message-----
> From: Justin Williams [mailto:justin@naturalwebs.com]
> Sent: Friday, November 15, 2002 9:56 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] HTTPS?
>
> I'm not sure that I understand
>
> there are a number of name-based virtual domains for .13
> .18 is the only IP based. Do I need to create an ip-based .13 as well?
>
> Then, in the following:
> <VirtualHost 206.28.133.18:443>
> DocumentRoot /home/securesite/www
> ServerName ***
> SSLEngine on
> SSLCertificateFile /home/securesite/securesite.pshift.com.crt
> SSLCertificateKeyFile /home/securesite/securesite.pshift.com.key
> DirectoryIndex index.html
> </VirtualHost>
>
> What include am I putting in? There is an include to
> Include conf/ssl/mod_ssl.conf
> Include conf/ssl/ssl.default-vhost.conf
> in httpd.conf, already.
> The second include has the default ssl information. Do I need to create
> *another* Virtual Host in there?
>
> ----- Original Message -----
> From: "Remo Mattei" <re...@italy1.com>
> To: <us...@httpd.apache.org>
> Sent: Friday, November 15, 2002 11:35 AM
> Subject: RE: [users@httpd] HTTPS?
>
>
> > Did you try to create a virtual domain for the 13? And then for the
> 18?
> > You need to copy the ssl portion and use the include in the ssl for
> the
> > 18.
> >
> > Remo
> >
> > -----Original Message-----
> > From: Justin Williams [mailto:justin@naturalwebs.com]
> > Sent: Friday, November 15, 2002 9:30 AM
> > To: users@httpd.apache.org
> > Subject: [users@httpd] HTTPS?
> >
> > This may or may not be the right place to post this; I think it is
> but,
> > please tell me if not.
> >
> > I have two IPs on the same NIC. .13 and .18
> > .18 (on eth0:1) is reserved for an IP-based virtual domain, which is
> set
> > up
> > in the conf listening only on :443.
> > .13 (on eth0) is everything else.
> >
> > I have gotten my CRT from Verisign and placed that into the directory
> > where
> > I want it to be.
> > I have the cert and key referenced in the conf file.
> >
> > If I go to http://IP.18, the most recently configured domain on .13
> pops
> > up.
> > If I go to https://IP.18, I get page could not be displayed.
> >
> > Bummin' and tryin' to figure out what I am missing. From what I have
> > been
> > reading, I have done all the right stuff, but, obviously, I am
> > forgetting or
> > missing *something* Can somebody point me in the right distraction?
> > Thanks!
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] HTTPS?
Posted by Remo Mattei <re...@italy1.com>.
What's your server listen to?
There other thing you can do which may be even better for you is to run
a second apache just for ssl. This option is one that I have done many
times.
Remo
-----Original Message-----
From: Justin Williams [mailto:justin@naturalwebs.com]
Sent: Friday, November 15, 2002 9:56 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] HTTPS?
I'm not sure that I understand
there are a number of name-based virtual domains for .13
.18 is the only IP based. Do I need to create an ip-based .13 as well?
Then, in the following:
<VirtualHost 206.28.133.18:443>
DocumentRoot /home/securesite/www
ServerName ***
SSLEngine on
SSLCertificateFile /home/securesite/securesite.pshift.com.crt
SSLCertificateKeyFile /home/securesite/securesite.pshift.com.key
DirectoryIndex index.html
</VirtualHost>
What include am I putting in? There is an include to
Include conf/ssl/mod_ssl.conf
Include conf/ssl/ssl.default-vhost.conf
in httpd.conf, already.
The second include has the default ssl information. Do I need to create
*another* Virtual Host in there?
----- Original Message -----
From: "Remo Mattei" <re...@italy1.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 11:35 AM
Subject: RE: [users@httpd] HTTPS?
> Did you try to create a virtual domain for the 13? And then for the
18?
> You need to copy the ssl portion and use the include in the ssl for
the
> 18.
>
> Remo
>
> -----Original Message-----
> From: Justin Williams [mailto:justin@naturalwebs.com]
> Sent: Friday, November 15, 2002 9:30 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] HTTPS?
>
> This may or may not be the right place to post this; I think it is
but,
> please tell me if not.
>
> I have two IPs on the same NIC. .13 and .18
> .18 (on eth0:1) is reserved for an IP-based virtual domain, which is
set
> up
> in the conf listening only on :443.
> .13 (on eth0) is everything else.
>
> I have gotten my CRT from Verisign and placed that into the directory
> where
> I want it to be.
> I have the cert and key referenced in the conf file.
>
> If I go to http://IP.18, the most recently configured domain on .13
pops
> up.
> If I go to https://IP.18, I get page could not be displayed.
>
> Bummin' and tryin' to figure out what I am missing. From what I have
> been
> reading, I have done all the right stuff, but, obviously, I am
> forgetting or
> missing *something* Can somebody point me in the right distraction?
> Thanks!
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] HTTPS?
Posted by Justin Williams <ju...@naturalwebs.com>.
I'm not sure that I understand
there are a number of name-based virtual domains for .13
.18 is the only IP based. Do I need to create an ip-based .13 as well?
Then, in the following:
<VirtualHost 206.28.133.18:443>
DocumentRoot /home/securesite/www
ServerName ***
SSLEngine on
SSLCertificateFile /home/securesite/securesite.pshift.com.crt
SSLCertificateKeyFile /home/securesite/securesite.pshift.com.key
DirectoryIndex index.html
</VirtualHost>
What include am I putting in? There is an include to
Include conf/ssl/mod_ssl.conf
Include conf/ssl/ssl.default-vhost.conf
in httpd.conf, already.
The second include has the default ssl information. Do I need to create
*another* Virtual Host in there?
----- Original Message -----
From: "Remo Mattei" <re...@italy1.com>
To: <us...@httpd.apache.org>
Sent: Friday, November 15, 2002 11:35 AM
Subject: RE: [users@httpd] HTTPS?
> Did you try to create a virtual domain for the 13? And then for the 18?
> You need to copy the ssl portion and use the include in the ssl for the
> 18.
>
> Remo
>
> -----Original Message-----
> From: Justin Williams [mailto:justin@naturalwebs.com]
> Sent: Friday, November 15, 2002 9:30 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] HTTPS?
>
> This may or may not be the right place to post this; I think it is but,
> please tell me if not.
>
> I have two IPs on the same NIC. .13 and .18
> .18 (on eth0:1) is reserved for an IP-based virtual domain, which is set
> up
> in the conf listening only on :443.
> .13 (on eth0) is everything else.
>
> I have gotten my CRT from Verisign and placed that into the directory
> where
> I want it to be.
> I have the cert and key referenced in the conf file.
>
> If I go to http://IP.18, the most recently configured domain on .13 pops
> up.
> If I go to https://IP.18, I get page could not be displayed.
>
> Bummin' and tryin' to figure out what I am missing. From what I have
> been
> reading, I have done all the right stuff, but, obviously, I am
> forgetting or
> missing *something* Can somebody point me in the right distraction?
> Thanks!
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] HTTPS?
Posted by Remo Mattei <re...@italy1.com>.
Did you try to create a virtual domain for the 13? And then for the 18?
You need to copy the ssl portion and use the include in the ssl for the
18.
Remo
-----Original Message-----
From: Justin Williams [mailto:justin@naturalwebs.com]
Sent: Friday, November 15, 2002 9:30 AM
To: users@httpd.apache.org
Subject: [users@httpd] HTTPS?
This may or may not be the right place to post this; I think it is but,
please tell me if not.
I have two IPs on the same NIC. .13 and .18
.18 (on eth0:1) is reserved for an IP-based virtual domain, which is set
up
in the conf listening only on :443.
.13 (on eth0) is everything else.
I have gotten my CRT from Verisign and placed that into the directory
where
I want it to be.
I have the cert and key referenced in the conf file.
If I go to http://IP.18, the most recently configured domain on .13 pops
up.
If I go to https://IP.18, I get page could not be displayed.
Bummin' and tryin' to figure out what I am missing. From what I have
been
reading, I have done all the right stuff, but, obviously, I am
forgetting or
missing *something* Can somebody point me in the right distraction?
Thanks!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org