RE: Configuration Errors on SSL+Apache 2.2 +mod_jk +Tomcat 5.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi MK,

   Correct.

   In that case, discard your current installation, get the source code and compile your own version of apache. You will have to do a good amount of reading to understand all the options for compiling and then running Apache. The documentation is pretty good as well as the help from the commands. (E.g. configure –help).

   You can compile modules to be linked statically or for dynamic loading. I think dynamic loading is better.  In order to compile, you may need some other libraries (you may get errors during the configure phase or while compiling).

 

-Jorge

 

From: kohanm [mailto:kohan.massoud@xxxxxxxxx]
Sent: Monday, July 21, 2008 11:30 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Configuration Errors on SSL+Apache 2.2 +mod_jk +Tomcat 5.5

 

I do not have mod_ssl.so under Apache/modules. I downloaded Apache 2.2 the binary version and then the  jk_module  separately.

I read from different sources that I have to install Apache 2.2.* from source than I have to enable mod_ssl  and there is not any separate SSL module for Apache 2.2. am I  right?

MK



 

On 7/21/08, Jorge Medina <jmedina@xxxxxxxxxxxx> wrote:

Depending on your flavor of Linux and how you got Apache, you may already have the mod_ssl module and you may need just to load it.

Check if the file mod_ssl.so already exists on the directory where apache is installed.

 

From: kohanm [mailto:kohan.massoud@xxxxxxxxx]
Sent: Friday, July 18, 2008 6:26 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Configuration Errors on SSL+Apache 2.2 +mod_jk +Tomcat 5.5

 

Thanks for your reply:
 


 

Did you enable (LoadModule) the ssl module ?

No, I thought the only thing that I have to do is to modify on httpd.conf :

include  conf/extra/httpd-ssl.conf

 

I have linux binary version so,  do I have to download the ssl_module?  and then

add it  to the   httpd.conf :

LoadModule ssl_module modules/mod_ssl.so

 


 

 

How did you get your certificate and key? Is your public key protected by a password ? If not, you don't need to include the SSLPassPhraseDialog directive.

 

After creating key,csr then sent to Thawte. I got certificate form Thawte and the key and certificate are on the conf file.

I am not sure if the public key is protected by a passowd.

 

Thanks,

MK
 

 

 

 

 

From: kohanm [mailto:kohan.massoud@xxxxxxxxx]
Sent: Friday, July 18, 2008 4:35 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Configuration Errors on SSL+Apache 2.2 +mod_jk +Tomcat 5.5

 

Hi,

 

I'am having probem to configure the SSL with the  Apache 2.2 +mod_jk +Tomcat 5.5.

Without SSL implementation the Tomcat 5.5 +Apache2.2 + mod_k works fine.

For implementing the SSL first I take it out the  # from Include ssl:
Include conf/extra/httpd-ssl.conf
and also in the httpd-ssl.conf file I modified these lines:
ServerName  mydomain:443
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/sever.key"

 When I run apachectl after running tomcat,  I get these ERRORs:
[Fri Jul 18 13:22:20 2008] [warn] Useless use of AllowOverride in line 114.
Syntax error on line 57 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration


Here the httdf.conf file(short describtion):

Listen  mydomainIP:80
 LoadModule jk_module modules/mod_jk-apache-2.2.4.so

 

<IfModule mod_jk.c>

JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"

 

Alias /list  "/usr/local/jakarta-tomcat/webapps/list/"

 <Directory "/usr/local/jakarta-tomcat/webapps/list/">
        Options Indexes +FollowSymLinks
        AllowOverride None
        Allow from all
    </Directory>

 
Alias /example  "/usr/local/jakarta-tomcat/webapps/example/"

 <Directory "/usr/local/jakarta-tomcat/webapps/example/">
        Options Indexes +FollowSymLinks
        AllowOverride None
        Allow from all
    </Directory>


    <Location "/*/WEB-INF/*">
        AllowOverride None
        deny from all
    </Location>


 JkMount  /list/*  example
 JkMount /example/* example

</IfModule>


# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

 


____________________

in the httpd-ssl.conf file the only lines that I changed from default are :

ServerName  mydomain:443
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/sever.key"

 

Thanks for your help,

MK
 




--
Massoud




--
Massoud

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux