I am trying to run httpd 2.2.22 with open_ssl built in and mod_jk. It does not appear that my SSL is working. Using Firefox and the following httpd.conf and ssl.conf files, I can access my site https://shibboleth-dev.XXXX.com:8397/osp and my request is routed through mod_jk and the application runs. The application is known as a discovery page and allows me to redirect a browser to a institution where they can log in using the institution's credentials (basic SAML authentication). Once they log in they send a redirect to my browser that is supposed to go to my web application and continue. However, I am always getting an SSL error at that point. If I try to use Internet Explorer or Chrome, I never even get to my discovery page. I get an SSL error right at the beginning.
The error_log gives me the following error:
Invalid method in request \x16\x03
The access_log gives me the following:
"\x16\x03" 501 214
(The XXXX in this document replace the actual site name)
Can anybody tell me how to get ssl working on 2.2.22?
If I move the JKWorkersFile, JKLogFile, JKLogLevel, JKLogStampFormat, and JKMount commands into the VirtualHost, then I am told that /osp/ cannot be found on the server.
Running httpd -l give me the following output:
Compiled in modules:
core.c
mod_authn_file.c
mod_authn_default.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_default.c
mod_auth_basic.c
mod_include.c
mod_filter.c
mod_log_config.c
mod_env.c
mod_setenvif.c
mod_version.c
mod_ssl.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
My error_log gives me the following startup messages:
[Mon Sep 10 14:24:42 2012] [warn] No JkShmFile defined in httpd.conf. Using default /o/r/rlaw/openat
hens/http/logs/jk-runtime-status
[Mon Sep 10 14:24:42 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Sep 10 14:24:42 2012] [warn] No JkShmFile defined in httpd.conf. Using default /o/r/rlaw/openat
hens/http/logs/jk-runtime-status
[Mon Sep 10 14:24:43 2012] [notice] Apache/2.2.22 (Unix) mod_jk/1.2.37 mod_ssl/2.2.22 OpenSSL/1.0.0g
configured -- resuming normal operations
The log files for ssl are never created.
Here are my httpd.conf and ssl.conf files.
httpd.conf
ServerRoot "/o/r/rlaw/openathens/http"
Listen 10.200.209.145:8397
Listen 10.200.209.145:8398
LoadModule jk_module libexec/mod_jk.so
JkWorkersFile /o/r/rlaw/openathens/tomcat/conf/workers.properties
JkLogFile /o/r/rlaw/openathens/tomcat/logs/mod_jk.log
JKLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /osp/* ajp13
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User nobody
Group #-1
</IfModule>
</IfModule>
ServerAdmin you@xxxxxxxxxxx
ServerName shibbooleth-dev.XXXX.com
DocumentRoot "/o/r/rlaw/openathens/http/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
#Order deny,allow
#Deny from all
</Directory>
<Directory "/o/r/rlaw/openathens/http/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
#Order allow,deny
#Deny from all
#Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/o/r/rlaw/openathens/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/o/r/rlaw/openathens/http/cgi-bin">
AllowOverride None
Options None
#Order allow,deny
#Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
Include conf/ssl.conf
ssl.conf
--------
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/o/r/rlaw/openathens/http/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/o/r/rlaw/openathens/http/logs/ssl_mutex
NameVirtualHost 10.200.209.145:8398
NameVirtualHost 10.200.209.145:8397
<VirtualHost 10.200.209.145:8398>
ServerName shibboleth-dev.XXXX.com
DocumentRoot /o/r/rlaw/openathens/http/htdocs
ErrorLog /o/r/rlaw/openathens/http/logs/error_log
CustomLog /o/r/rlaw/openathens/http/logs/access_log combined
</VirtualHost>
<VirtualHost 10.200.209.145:8397>
DocumentRoot "/o/r/rlaw/openathens/http/htdocs"
ServerName shibboleth-dev.XXXX.com
ServerAdmin info@xxxxxxxxxxxx
ErrorLog /o/r/rlaw/openathens/http/logs/ssl_shibboleth.XXXX.com.error_log
CustomLog /o/r/rlaw/openathens/http/logs/ssl-shibboleth.XXXX.com-access_log combined
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /online/shibboleth/ssl/certs/shibboleth.XXXX.com.crt
SSLCertificateKeyFile /online/shibboleth/ssl/private/shibboleth.XXXX.com.key
SSLCertificateChainFile /online/shibboleth/ssl/certs/verisign.crt
SSLVerifyClient optional_no_ca
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/o/r/rlaw/openathens/http/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /o/r/rlaw/openathens/http/logs/ssl_request_shibboleth_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
Thanks for your help.
Robert Law
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|