Amazing what additional information can do. If you have Listen specified without an IP address, by default your Apache will listen on all addresses for that port. By adding the IP address you have restricted it to one. That probably took it out of conflict with another Apache server (which would cause it to "crash" or rather not start). I noticed below that you stated >>> ...the only modifications I made to the configuration files is to >>> change the listening port to 8080, because I have an older Apache >>> listening on 80, Anyway, I read your error log below and noticed that your Apache negotiates SSLv2. This version of SSL should not be used as it known to be susceptible to man-in-the-middle attacks. Just thought I'd let you know that. regards, tt -----Original Message----- From: Bernie Durfee [mailto:bernard.durfee@xxxxxxxx] Sent: Wednesday, March 29, 2006 11:28 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Apache 2.2.0 with SSL on AIX 5.3 I found the problem. Apparently the directive "Listen 80" doesn't work, so I made it more specific to "Listen 12.34.56.78:80", of course where 12.34.56.78 is my IP address and it worked like a charm. Bernie Bernie Durfee wrote: >>> ...which looks okay, but Apache seems to crash and never starts >>> listening. I only get the following in the logs directory... >> >> "...seems to crash..." - that's a bit vague... > > Sorry, it does crash or at least doesn't completely start. > >> - is httpd running (ps -ef)? >> - what happens if you try to access the site? >> - what happens if you try "telnet <server> 8080"? > > No, httpd is not running after executing "apachectl start" > >> - what's in the tail of the error log? > > Here's the entire error_log output, with debug turned on... > > [Wed Mar 29 09:23:34 2006] [info] Init: Seeding PRNG with 136 bytes of > entropy [Wed Mar 29 09:23:34 2006] [info] Loading certificate & > private key of SSL-aware server [Wed Mar 29 09:23:34 2006] [info] > Init: Requesting pass phrase via builtin terminal dialog [Wed Mar 29 > 09:23:39 2006] [debug] ssl_engine_pphrase.c(475): encrypted RSA > private key - pass phrase requested [Wed Mar 29 09:23:39 2006] [info] > Init: Wiped out the queried pass phrases from memory [Wed Mar 29 > 09:23:39 2006] [info] Init: Generating temporary RSA private keys > (512/1024 bits) [Wed Mar 29 09:23:39 2006] [info] Init: Generating > temporary DH parameters (512/1024 bits) [Wed Mar 29 09:23:39 2006] > [info] Init: Initializing (virtual) servers for SSL [Wed Mar 29 > 09:23:39 2006] [info] Configuring server for SSL protocol [Wed Mar 29 > 09:23:39 2006] [debug] ssl_engine_init.c(405): Creating new SSL > context (protocols: SSLv2, SSLv3, TLSv1) [Wed Mar 29 09:23:39 2006] > [debug] ssl_engine_init.c(601): Configuring permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] > [Wed Mar 29 09:23:39 2006] [debug] ssl_engine_init.c(729): Configuring > RSA server certificate [Wed Mar 29 09:23:39 2006] [warn] RSA server > certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed > Mar 29 09:23:39 2006] [warn] RSA server certificate CommonName (CN) > `myserver.com' does NOT match server name!? > [Wed Mar 29 09:23:39 2006] [debug] ssl_engine_init.c(768): Configuring > RSA server private key [Wed Mar 29 09:23:39 2006] [info] Server: > Apache/2.2.0, Interface: > mod_ssl/2.2.0, Library: OpenSSL/0.9.8a > >> >>> access_log error_log ssl_request_log >>> >>> ...the only modifications I made to the configuration files is to >>> change the listening port to 8080, because I have an older Apache >>> listening on 80, >> >> And is this older apache also listening on port 443? > > No, it was only listening on port 80. I tried again after shutting > down the older Apache, with the same result. > > Bernie > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|