You can certainly try it: www.smsticketing.com.au I do https://www.smsticketing.com.au With 'FW', do you mean forward? We don't do a forward or redirect. We have an A-Record in the root DNS server of the hosting company. Regards, Vance > -----Original Message----- > From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx] > Sent: Wednesday, 29 June 2005 8:07 PM > To: users@xxxxxxxxxxxxxxxx > Subject: RE: [users@httpd] Help with Apache and SSL > > > -----Original Message----- > > From: Vance Karimi [mailto:vance.karimi@xxxxxxxxxxxx] > > Sent: Mittwoch, 29. Juni 2005 07:41 > > To: users@xxxxxxxxxxxxxxxx > > Subject: [users@httpd] Help with Apache and SSL > > > > > > Hi list, > > > > With the number of threads regarding Apache and SSL, you'd > > think I would > > find a solution...sigh...I feel I'm missing something trivial. > > > > I appologise for the long post. > > > > I performed a build of 2.0.54 with mod_ssl and installed on > > Fedora core 3. > > I built with the following configure options: > > % ./configure --prefix=/usr/local/apache2 --enable-ssl --enable-so > > All is well and I can get to the default apache page using IE/Mozilla. > > > > I created the cert and cert request, created my own CA and > > signed my csr > > according to: > > http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html > > Copied server.key to conf/ssl.key/. > > Copied server.crt to conf/ssl.crt/. > > > > > > Configuration files: > > conf/httpd.conf is stock standard and includes conf/ssl.conf, > > however I > > changed the log level to 'info'. > > > > conf/ssl.conf looks like so (without comments): > > > > SSLRandomSeed startup builtin > > SSLRandomSeed connect builtin > > > > <IfDefine SSL> > > Listen 443 > > AddType application/x-x509-ca-cert .crt > > AddType application/x-pkcs7-crl .crl > > SSLPassPhraseDialog builtin > > SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache > > SSLSessionCacheTimeout 300 > > SSLMutex file:/usr/local/apache2/logs/ssl_mutex > > > > <VirtualHost _default_:443> > > DocumentRoot /usr/local/apache2/htdocs > > ServerName www.mydomain.com.au > > ServerAdmin admin@xxxxxxxxxxxxxxx > > ErrorLog /usr/local/apache2/logs/error_log > > TransferLog /usr/local/apache2/logs/access_log > > SSLEngine on > > SSLCipherSuite > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt > > SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key > > > > <Files ~ "\.(cgi|shtml|phtml|php3?)$"> > > SSLOptions +StdEnvVars > > </Files> > > <Directory "/usr/local/apache2/cgi-bin"> > > SSLOptions +StdEnvVars > > </Directory> > > > > SetEnvIf User-Agent ".*MSIE.*" \ > > nokeepalive ssl-unclean-shutdown \ > > downgrade-1.0 force-response-1.0 > > CustomLog /usr/local/apache2/logs/ssl_request_log \ > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > </VirtualHost> > > > > </IfDefine> > > > > > > I start up apache: > > ./apachectl startssl > > > > error_log reads: > > > > [Wed Jun 29 13:00:12 2005] [info] Init: Initializing OpenSSL library > > [Wed Jun 29 13:00:12 2005] [info] Init: Seeding PRNG with 136 bytes of > > entropy > > [Wed Jun 29 13:00:12 2005] [info] Loading certificate & private key of > > SSL-aware server > > [Wed Jun 29 13:00:12 2005] [info] Init: Requesting pass > > phrase via builtin > > terminal dialog > > [Wed Jun 29 13:00:18 2005] [info] Init: Wiped out the queried > > pass phrases > > from memory > > [Wed Jun 29 13:00:18 2005] [info] Init: Generating temporary > > RSA private > > keys (512/1024 bits) > > [Wed Jun 29 13:00:19 2005] [info] Init: Generating temporary > > DH parameters > > (512/1024 bits) > > [Wed Jun 29 13:00:19 2005] [info] Init: Initializing > > (virtual) servers for > > SSL > > [Wed Jun 29 13:00:19 2005] [info] Configuring server for SSL protocol > > [Wed Jun 29 13:00:19 2005] [info] Server: Apache/2.0.54, Interface: > > mod_ssl/2.0.54, Library: OpenSSL/0.9.7a > > [Wed Jun 29 13:00:19 2005] [info] Init: Initializing OpenSSL library > > [Wed Jun 29 13:00:19 2005] [info] Init: Seeding PRNG with 136 bytes of > > entropy > > [Wed Jun 29 13:00:19 2005] [info] Loading certificate & private key of > > SSL-aware server > > [Wed Jun 29 13:00:19 2005] [info] www.mydomain.com.au:443 > > reusing existing > > RSA private key on restart > > [Wed Jun 29 13:00:19 2005] [info] Init: Generating temporary > > RSA private > > keys (512/1024 bits) > > [Wed Jun 29 13:00:19 2005] [info] Init: Generating temporary > > DH parameters > > (512/1024 bits) > > [Wed Jun 29 13:00:19 2005] [info] Init: Initializing > > (virtual) servers for > > SSL > > [Wed Jun 29 13:00:19 2005] [info] Configuring server for SSL protocol > > [Wed Jun 29 13:00:19 2005] [info] Server: Apache/2.0.54, Interface: > > mod_ssl/2.0.54, Library: OpenSSL/0.9.7a > > [Wed Jun 29 13:00:19 2005] [notice] Apache/2.0.54 (Unix) > > mod_ssl/2.0.54 > > OpenSSL/0.9.7a configured -- resuming normal operations > > [Wed Jun 29 13:00:19 2005] [info] Server built: Jun 29 2005 01:50:33 > > > > > > To do the basic test: > > $ openssl s_client -connect localhost:443 > > > > I get the following to stdout: > > ..... > > No client certificate CA names sent > > --- > > SSL handshake has read 1357 bytes and written 340 bytes > > --- > > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > > Server public key is 1024 bit > > SSL-Session: > > Protocol : TLSv1 > > Cipher : DHE-RSA-AES256-SHA > > Session-ID: > > C883239FD990EC30F05A3E127968FD62D08A2D0B17D468965FFDB3989B7ECE7D > > Session-ID-ctx: > > Master-Key: > > 978C61CA859767E541F22D7828FEE851D636AB35A3E1F04F2172214E9DCF8C > > 673FAE3427454B > > FF0769033382A7FD18DC > > Key-Arg : None > > Krb5 Principal: None > > Start Time: 1120022013 > > Timeout : 300 (sec) > > Verify return code: 21 (unable to verify the first certificate) > > > > I then enter: > > $ GET / HTTP/1.0 > > $ <CR> > > > > And receive the html headers and response as expected. > > > > Error_log shows: > > > > [Wed Jun 29 13:13:33 2005] [info] Connection to child 2 > > established (server > > www.mydomain.com.au:443, client 127.0.0.1) > > [Wed Jun 29 13:13:33 2005] [info] Seeding PRNG with 136 bytes > > of entropy > > [Wed Jun 29 13:16:00 2005] [info] Initial (No.1) HTTPS > > request received for > > child 2 (server www.smsticketing.com.au:443) > > [Wed Jun 29 13:16:00 2005] [info] Connection to child 2 > > closed with standard > > shutdown(server www.mydomain.com.au:443, client 127.0.0.1) > > > > > > When I run curl: > > $ curl --insecure https://www.mydomain.com.au/ > > produces the same result above. > > > > $ curl https://www.mydomain.com.au/ > > > > I get the following to stdout (I presume as expected since I > > was my own CA) > > > > curl: (60) SSL certificate problem, verify that the CA cert > > is OK. Details: > > error:14090086:SSL > > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > > failed > > More details here: http://curl.haxx.se/docs/sslcerts.html > > > > curl performs SSL certificate verification by default, using > > a "bundle" > > of Certificate Authority (CA) public keys (CA certs). The default > > bundle is named curl-ca-bundle.crt; you can specify an alternate file > > using the --cacert option. > > If this HTTPS server uses a certificate signed by a CA represented in > > the bundle, the certificate verification probably failed due to a > > problem with the certificate (it might be expired, or the name might > > not match the domain name in the URL). > > If you'd like to turn off curl's verification of the certificate, use > > the -k (or --insecure) option. > > > > > > Error_log shows: > > > > [Wed Jun 29 13:25:55 2005] [info] Connection to child 0 > > established (server > > www.smsticketing.com.au:443, client 10.1.3.120) > > [Wed Jun 29 13:25:55 2005] [info] Seeding PRNG with 136 bytes > > of entropy > > [Wed Jun 29 13:25:55 2005] [info] SSL library error 1 in > > handshake (server > > www.mydomain.com.au:443, client 10.1.3.120) > > [Wed Jun 29 13:25:55 2005] [info] SSL Library Error: 336151576 > > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > > [Wed Jun 29 13:25:55 2005] [info] Connection to child 0 > > closed with abortive > > shutdown(server www.mydomain.com.au:443, client 10.1.3.120) > > So curl looks OK... > > > > > > > In the browser: > > In IE, I get the 'The page cannot be displayed' page. > > In Firefox I get an alert stating "The operation timed out > > when attempting > > to contact www.mydomain.com.au". > > - Are you sure you're putting "https" in the protocol part of the URL? > - Is there a FW between the browser and server? > - If you post your real domain-name, we can test it... > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > > Neither produce entries in the logs. > > > > > > I feel my self signed cert may be the cause. > > If anyone has any suggestions, please let me know. > > > > Thanks, > > Vance > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat > keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e- > mail is of a private and personal nature. It is not related to the > exchange or business activities of the SWX Group. Le présent e-mail est un > message privé et personnel, sans rapport avec l'activité boursière du > Groupe SWX. > > > This message is for the named person's use only. It may contain > confidential, proprietary or legally privileged information. No > confidentiality or privilege is waived or lost by any mistransmission. If > you receive this message in error, please notify the sender urgently and > then immediately delete the message and any copies of it from your system. > Please also immediately destroy any hardcopies of the message. You must > not, directly or indirectly, use, disclose, distribute, print, or copy any > part of this message if you are not the intended recipient. The sender's > company reserves the right to monitor all e-mail communications through > their networks. Any views expressed in this message are those of the > individual sender, except where the message states otherwise and the > sender is authorised to state them to be the views of the sender's > company. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx