Nancy, On Jan 9, 2007, at 8:20 AM, Booterbaugh, Nancy wrote:
Error_Log has the following warning message : Session Cache is not configured [hint: SSLSessionCache] ssl-error_log has the following error message : [error] Unable to configure verify locations for client authentication
Hm... without the SSL session cache, clients will not be able to re- use their SSL sessions. This can have a serious performance impact on your server.
Please put in the main server configuration the following directive: SSLSessionCache shm:/usr/local/apache2/logs/ssl_scache(512000) SSLSessionCacheTimeout 300 See the following documentation URL for an explanation: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslsessioncache
I use following command to start the Apache server instead of "apachectl":./httpd -k start -f /usr/local/apache2/conf/httpd-cob-certs.conf
That is the command apachectl executes, so you're fine there.
Here is the Virtual host configuration we have in the "httpd-cob- certs.conf" file. The only difference between this and the one we were using for self-signed is the directory location in the SSL parameters.
Looks like a fine configuration to me, but do add the session cache stuff.
S. -- sctemme@xxxxxxxxxx http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|