| View previous topic :: View next topic |
| Author |
Message |
ixion
l33t
Joined: 16 Dec 2002
Posts: 708
|
 Posted: Fri May 02, 2003 4:41 pm Post subject: |
 |
|
Ok, I'm getting closer. I've read alot of './configure --help' on all the sources involved. Thank you very much, Hideki. Your links have actually helped me understand a great deal!
Well as of now, Internet Explorer will connect via https, but Phoenix doesn't like it. Phoenix reports:Error establishing an encypted connection to 192.168.x.x. Error Code: -8054
How should I generate the server.crt and server.key files? What I have done so far is grab them from previous apache merges. Is this incorrect? Should I generate new ones? If so, how do I do that?
_________________
only the paranoid survive |
|
| Back to top |
|
 |
ixion
l33t
Joined: 16 Dec 2002
Posts: 708
|
| Posted: Fri May 02, 2003 9:05 pm Post subject: |
|
|
I am currently getting this in my logs/error_log:
[Fri May 2 16:44:24 2003] [error] [client 127.0.0.1] Invalid method in request \x80p\x01\x03\x01
[Fri May 2 16:44:24 2003] [error] [client 127.0.0.1] Invalid method in request \x80p\x01\x03
I am using apache 1.3.27 with mod_ssl 2.8.14. The problem exists with or without php-4.3.1. No mysql. I think I may be missing a crucial library or something. I've done an ldd /apache/bin/httpd and everything appears to be statically linked correctly. I get no errors to the console, but only that one in the log. Does ANYONE have any ideas on what's going on? Why is setting up Apache in a chroot such a task? It's mentioned so casually everywhere. I don't mind working for something, hence my success so far, but I have no clue where to go with this.
_________________
only the paranoid survive |
|
| Back to top |
|
|
Hideki
n00b
Joined: 09 Mar 2003
Posts: 74
|
| Posted: Fri May 02, 2003 10:55 pm Post subject: |
|
|
I do not run 1.3.27, so can't help well, but as for creating certificates, look in the www.apache-ssl.org and scroll down a bit and you'll find a way to do it using openssl command.
Also openssl command can make a connection to https port like what telnet can do to http port, maybe you can use that and see if it makes a good connection.
(Eg: openssl s_client -connect localhost:443) |
|
| Back to top |
|
|
ixion
l33t
Joined: 16 Dec 2002
Posts: 708
|
| Posted: Tue May 06, 2003 2:10 pm Post subject: |
|
|
whoot!! Hideki, thank you!! I can be very stubborn at times, and I (at first) thought what you were suggesting didn't have anything to do with what I'm doing, but after taking a long weekend, and coming back to work today with a fresh head, I just still couldn't get it working... so I gave up and decided to make new certificates like you suggested, and after finding out that 'Listen 443' was listed twice (between httpd.conf and mod_ssl.conf), doing these two things (along with inserting the lines rac suggested) fixed it! I am now running a Squirrelmail Webmail server in a chroot with SSL support!! yes!! Life is good!!
_________________
only the paranoid survive |
|
| Back to top |
|
|
daelight
n00b
Joined: 07 Feb 2003
Posts: 24
|
| Posted: Wed Jan 07, 2004 1:46 am Post subject: Here's an alternate solution |
|
|
Ok... I went through a lot trouble that could've been avoided.
| Code: | | /usr/sbin/apachectl |
is missing the following code to start ssl
| Code: | startssl|sslstart|start-SSL)
if [ $RUNNING -eq 1 ]; then
echo "$0 $ARG: httpd (pid $PID) already running"
continue
fi
if $HTTPD -DSSL; then
echo "$0 $ARG: httpd started"
else
echo "$0 $ARG: httpd could not be started"
ERROR=3
fi
;; |
And then, edit | Code: | | /etc/apache/conf/vhosts/ssl.default-vhost.conf |
to change the root directory to whatever u speficied.
After that, you should be able to run apachectl startssl with no problems |
|
| Back to top |
|
|
|
Networking & Security
