| View previous topic :: View next topic |
| Author |
Message |
Thiemo
Tux's lil' helper
Joined: 20 Nov 2002
Posts: 138
|
 Posted: Fri Apr 25, 2003 9:20 pm Post subject: apache + mod_ssl won't work [quite long] |
 |
|
Hi,
I try to set up a apache server with mod_ssl support. The server starts fine | Code: | nyffeltrach root # /etc/init.d/apache restart
* Stopping apache... [ ok ]
* Starting apache...
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "de_CH@euro"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C"). [ ok ]
nyffeltrach root # ps ax | grep apa
14736 ? S 0:00 /usr/sbin/apache -D SSL -D PHP4 -D DAV -D GZIP -D PERL -D MP3
26602 ? S 0:00 [apache]
24409 ? S 0:00 [apache]
22964 ? S 0:00 [apache]
8983 ? S 0:00 [apache]
24784 pts/2 S 0:00 grep apa
|
, but if I try to connect to https://buchhaltung.thiam.ch (using phoenix) from the server itself (nyffeltrach), I get the following error: | Code: | | The connection to buchhaltung.thiam.ch has terminated unexpectedly. Some data may have been transferred. |
I also tried to connect from a Window XP host by Mozilla and IE, but neither of them gave any reply that it didn't work; just a blank page.
Some googling gave me the hint to issue | Code: | nyffeltrach root # openssl s_client -host buchhaltung.thiam.ch -port 443
CONNECTED(00000003)
29843:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_cl
nt.c:470:
|
It seems to me that client and server don't speak the same protocol but I don't know how to fix this.
I have to admit that I'm rather lost and I'd appreciate some tips.
Cheers,
Thiemo
Logs
error_log (interesting end): | Code: | [Fri Apr 25 21:32:50 2003] [notice] caught SIGTERM, shutting down
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "de_CH@euro"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
[Fri Apr 25 21:32:54 2003] [notice] Apache/1.3.27 (Unix) (Gentoo/Linux) mod_perl/1.27 mod_gzip/1.3.19.1a DAV/1.0.3 mod_ssl/2.8.14 OpenSSL/0.9.6i PHP/4.3.1 configured -- resuming normal operations
[Fri Apr 25 21:32:54 2003] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Apr 25 21:32:54 2003] [notice] Accept mutex: sysvsem (Default: sysvsem) |
ssl_engine_log (interesting end): | Code: | [25/Apr/2003 21:35:43 07763] [info] Init: 1st startup round (still not detached)
[25/Apr/2003 21:35:43 07763] [info] Init: Initializing OpenSSL library
[25/Apr/2003 21:35:43 07763] [info] Init: Loading certificate & private key of SSL-aware server buchhaltung.thiam.ch:443
[25/Apr/2003 21:35:43 07763] [info] Init: Seeding PRNG with 136 bytes of entropy
[25/Apr/2003 21:35:43 07763] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[25/Apr/2003 21:35:43 07763] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[25/Apr/2003 21:35:44 14736] [info] Init: 2nd startup round (already detached)
[25/Apr/2003 21:35:44 14736] [info] Init: Reinitializing OpenSSL library
[25/Apr/2003 21:35:44 14736] [info] Init: Created hash-table (250 buckets) in shared memory (512000 bytes) for SSL session cache
[25/Apr/2003 21:35:44 14736] [info] Init: Seeding PRNG with 136 bytes of entropy
[25/Apr/2003 21:35:44 14736] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[25/Apr/2003 21:35:44 14736] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[25/Apr/2003 21:35:44 14736] [info] Init: Initializing (virtual) servers for SSL
[25/Apr/2003 21:35:44 14736] [info] Init: Configuring server buchhaltung.thiam.ch:443 for SSL protocol
[25/Apr/2003 21:35:44 14736] [warn] Init: (buchhaltung.thiam.ch:443) RSA server certificate CommonName (CN) `www.thiam.ch' does NOT match server name!? |
Configuration
apache.conf (changing the gentoo delivered file): | Code: | ...
<IfDefine SSL>
LoadModule ssl_module extramodules/libssl.so
</IfDefine>
...
<IfDefine SSL>
AddModule mod_ssl.c
</IfDefine>
...
ServerName www.thiam.ch
LockFile /etc/apache/httpd.lock
Include conf/addon-modules/mod_ssl.conf
... |
commonapache.conf (changing the gentoo delivered file): | Code: | ...
NameVirtualHost *
Include /etc/apache/conf/user_homepages.conf
Include /etc/apache/conf/buchhaltung.conf
... |
buchhaltung.conf: | Code: | # Thiemo Kellner, thiemo@thiam.ch, 2003-04-25
# buchhaltung
<VirtualHost *>
Servername buchhaltung.thiam.ch
ServerAdmin webmaster@thiam.ch
DocumentRoot /home/httpd/htsdocs/buchhaltung
ErrorLog /var/log/apache/buchhaltung.thiam.ch-error.log
CustomLog /var/log/apache/buchhaltung.thiam.ch-access.log common
# Options +Indexes
# IndexOptions FancyIndexing
<IfModule mod_dir.c>
DirectoryIndex home.html home.php home.htm home.cgi index.html index.php index.htm index.cgi
</IfModule>
<IfModule mod_php3.c>
php3_magic_quotes_gpc Off
php3_track_vars On
php3_include_path .
</IfModule>
<IfModule mod_php4.c>
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals On
php_value include_path .
</IfModule>
# SSL-Aktivierung
SSLEngine on
SSLCertificateFile /etc/apache/conf/ssl/apache.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
Alias /buchhaltung /home/httpd/htsdocs/buchhaltung
<DirectoryMatch /home/httpd/htsdocs/buchhaltung/>
Options +Indexes
IndexOptions FancyIndexing
SSLRequireSSL
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
<IfModule mod_dir.c>
DirectoryIndex home.html home.php home.htm home.cgi index.html index.php index.htm index.cgi
</IfModule>
order deny,allow
deny from all
allow from all
</DirectoryMatch>
|
_________________
root ist die wurzel allen uebels |
|
| Back to top |
|
 |
duffolonious
n00b
Joined: 04 Apr 2003
Posts: 34
|
| Posted: Wed Nov 12, 2003 9:05 pm Post subject: ssl terminating... |
|
|
I'm getting the same problem, although I don't understand why. I don't believe it has anything to do with virtual-hosts. Although maybe something to do with mozilla (well firebird 0.7 to be exact).
I never had this issue with my 2.0.x apache server.
134.84.160.73 - - [12/Nov/2003:14:46:04 -0600] "GET /x500/ HTTP/1.1" 302 346 "http://s216ad.soils.umn.edu/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031110 Firebird/0.7"
134.84.160.73 - - [12/Nov/2003:14:46:58 -0600] "\x80g\x01\x03" 501 - "-" "-"
134.84.160.73 - - [12/Nov/2003:14:59:22 -0600] "\x80g\x01\x03" 501 - "-" "-"
I mean what the hell does "\x80g\x01\x03" 501 mean? Did you get anything like this in your apache logs.
Any help would be appreciated.
_________________
~Duff |
|
| Back to top |
|
|
fleed
l33t
Joined: 28 Aug 2002
Posts: 756
Location: London
|
| Posted: Thu Nov 13, 2003 2:38 pm Post subject: |
|
|
| I think that means the browser is trying to make a ssl connection to port 80. I've seen that before when I had my dynamic vhost conf screwed up. Check that to make sure you have a separate VirtualHost blah:443 for the sites you want secure. I'm not sure if this is strictly needed but that's how I got my vhosts to work. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
