RE: [users@httpd] Question about setting up secure service

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: Bill Angus [mailto:mdangus@xxxxxxxxxxxxx] 
> Sent: Tuesday, May 02, 2006 3:25 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: [users@httpd] Question about setting up secure service
> 
> Dear All: sorry for the length of this -- I am an SSL newbie 
> and need a bit of install advice. 
>  
> We have a windows environment, and have installed 
> Apache2.0.55 with SSL support plus openSSL. We have one 
> dedicated IP address which is currently shared by two 
> name-based virtual hosts. I want to set up a secure 
> subdirectory of one of these domains, in which I can place my 
> e-commerce web-store (and later, possibly some online 
> services). My router is assigned to forward the incoming port 
> 80 and port 443 to the box with IP 192.168.1.2 which has apache on it.
>  
> I bought a certificate from a CA and attempted to set up the 
> SSL.conf to give me another virtual server -- but so far no 
> joy. I can't seem to get port 443 virtual service 
> https://www.psychtest.com to work alongside port 80 service 
> http://www.psychtest.com 
>  
> The instructions from the CA I dealt with were brief, and 
> upon following them, the setup didn't work. 

You have to define *precisely* what you mean by "no joy", "can't get to work", "didn't work" and other vagueosities... Did you get browser alerts? Did the pages load? 404? 401? 500? No connection? What?

It is essential to understand in detail what happens before any attempt can be made at debugging.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> A call to their 
> customer support indicates that the CA lets me secure a 
> specific subdomain, BUT they also want a unique dedicated 
> internet ip address before letting me secure a "subdomain" 
> with one of their certs. 
>  
> Is there a different CA or some way I can to secure a 
> subdirectory or subdomain without getting another dedicated 
> IP address? Can anybody tell me what is the best way to set up for us?
>  
> below is my ssl.conf
> ------------------------------------------------
> <IfDefine SSL>
>  
> Listen 443
>  
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
>  
> SSLPassPhraseDialog  builtin
> 
> SSLSessionCache         dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300
>  
> SSLMutex  file:logs/ssl_mutex
>  
> <VirtualHost 192.168.1.2:443>
> #<VirtualHost *:443> (doesn't work)
> #<VirtualHost _default_:443> 
> 
> DocumentRoot "C:/Homepage/secure"
>  
> <Directory "C:/Homepage/secure">
>     SSLRequireSSL
>     Options Indexes FollowSymLinks
>     AllowOverride None
>     Order allow,deny
>     Allow from all
> </Directory>
>  
> SSLEngine on
>  
> SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>  
> # 3 fiels sent to me from the CA
> SSLCertificateFile C:/Homepage/Certs/www.psychtest.com.crt
> SSLCertificateKeyFile C:/Homepage/Certs/MyCertifcate.key
> SSLCertificateChainFile C:/Homepage/Certs/sf_issuing.crt
>  
> SSLVerifyDepth  5
>  
> <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
>     SSLOptions +StdEnvVars
> </FilesMatch>
> <Directory "C:\Program Files\Apache Group\Apache2\cgi-bin">
>     SSLOptions +StdEnvVars
> </Directory>
>  
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>  
> CustomLog logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>  
> </VirtualHost>                                  
>  
> </IfDefine>
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux