Dear co-squirrelmail users, Since the dawn of times I've been using Squirrelmail. Until I was forced to upgrade to Apache2, all went well. Since, I've googled myself dizzy to get HTTPS working again, but no result. I'll first give some more information about my system: OS: Debian 5.0.1 Squirrelmail: squirrelmail (2:1.4.15-4+lenny2) Apache: apache2 (2.2.9-10+lenny2) PHP: php5 (5.2.6.dfsg.1-1+lenny3) IMAP: cyrus-imapd-2.2 (2.2.13-14+b3) SMTP: postfix (2.5.5-1.1) Browser: Iceweazel 2.0.0.19 All these out-of-the box installed with apt-get install. Cyrus is from unstable but I don't think that is the problem here, just mentioning it because of the guidelines for this list. What happens: - Direct browser to http://mail.garrels.be -> all goes well. - Direct browser to https://mail.garrels.be -> Unable to connect Iceweasel can't establish a connection to the server at mail.garrels.be. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Iceweasel is permitted to access the Web. Of course, I am able to access other secure sites, like my homebanking site. I've already contacted my local Linux user group for this, and they told me that my server listens on both port 80 and port 443, but that it speaks http on both, and not http on port 80 and https on port 443. Now, I tried to make things better by installing the secure_login plugin - this is the only extra plugin I installed apart from the standard plugins that come with my squirrelmail package, it is version 1.4-1. Of course, since https does not work, nothing now works for squirrelmail. SSL and rewrite modules are enabled in Apache. I run lots of virtual hosts on this machine. None of them have the need for HTTPS (I use SSH tunnels for secure access for adminning, but I can't expect my mailusers to do that). Given all this info, I started - using various sources - to configure apache for SSL. I did the following: - Create certificate: openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem I've tried various other ways to create a cert, but those asked me to enter a passphrase when restarting apache2, and since I never entered a passphrase to create the certs, I was at a loss and apache2 didn't restart and none of my sites where accessible. - Edit /etc/apache2/sites-available/default: NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> ->all the normal stuff <VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, # crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile /etc/apache2/ssl/apache.pem SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> - Made a link in /etc/apache2/sites-enabled - Edited /etc/apache2/sites/available/mail.garrels.be <Directory /usr/share/squirrelmail> Options Indexes FollowSymLinks <IfModule mod_php4.c> php_flag register_globals off </IfModule> <IfModule mod_php5.c> php_flag register_globals off </IfModule> <IfModule mod_dir.c> DirectoryIndex index.php </IfModule> # access to configtest is limited by default to prevent information # leak <Files configtest.php> order deny,allow deny from all allow from 127.0.0.1 </Files> </Directory> <VirtualHost *:80> DocumentRoot /usr/share/squirrelmail ServerName mail.garrels.be ErrorLog /var/log/apache2/mail.garrels.be-error.log CustomLog /var/log/apache2/mail.garrels.be-access.log combined SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem </VirtualHost> And various variations on that theme, like adding a block VirtualHost *:443> etc. - Restarted Apache2 at each change. If anybody sees what I am doing wrong, I'll be glad to hear it. It is probably something stupid, so tell me and out of shame I will never forget again. If you need more info, I'll be glad to provide it. Sorry for the long post, thanks for your attention so far. Machtelt. -- Your freedom is only limited by mine. http://www.garrels.be Books: http://writers.fultus.com/garrels
Attachment:
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users