[users@httpd] SSL in Apache 2.2.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
I've upgraded to Apache 2.2.0 from 2.0.x. It didn't accept the old signatures I used with 2.0.x for https. I was told that this cert can't be a cacert anymore, thus I've generated a separate cert and a cacert to sign with. Now, I have these lines in the configuration for SSL: 

#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/run/ssl_scache
#SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex

#NameVirtualHost 217.20.133.7:443

#SSLEngine optional

SSLCertificateFile /usr/local/etc/apache22/cert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/key.pem

BrowserMatch ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0

CustomLog /var/log/apache/httpd-ssl_request.log \
         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
If I set here (globally) SSLEngine optional or on, Apache didn't even start, and I get this in the error log: 

[Thu Feb 02 17:35:06 2006] [info] mod_unique_id: using ip addr 217.20.133.7
[Thu Feb 02 17:35:07 2006] [info] Init: Seeding PRNG with 0 bytes of entropy
[Thu Feb 02 17:35:07 2006] [info] Loading certificate & private key of SSL-aware server [Thu Feb 02 17:35:07 2006] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required [Thu Feb 02 17:35:07 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Thu Feb 02 17:35:07 2006] [info] Init: Generating temporary DH parameters (512/1024 bits) [Thu Feb 02 17:35:07 2006] [debug] ssl_scache_dbm.c(409): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [Thu Feb 02 17:35:07 2006] [info] Init: Initializing (virtual) servers for SSL 
[Thu Feb 02 17:35:07 2006] [info] Configuring server for SSL protocol
[Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(729): Configuring RSA server certificate [Thu Feb 02 17:35:07 2006] [debug] ssl_engine_init.c(768): Configuring RSA server private key
If I set SSLEngine on only in a VirtualHost block, it starts, but https still doesn't work. I get in the error log when try to browse that virtualhost via SSL:
[Thu Feb 02 17:51:21 2006] [debug] prefork.c(991): AcceptMutex: flock (default: flock) [Thu Feb 02 17:51:25 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03\x01 [Thu Feb 02 17:51:25 2006] [error] [client 80.98.231.227] Invalid method in request \x80U\x01\x03 


Could somebody help me to fix this?

Thanks in advance,

Gabor Kovesdan

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux