Re: Configuring mod_ssl
Hi,
I have found that I need to specify "Listen 443" in addition to enabling
the mod_ssl module. I notice that you do not have the directive
"SSLEngine On" either so try putting in the aforementioned directives
and see if that helps.
Not sure about your unresolved symbol problem, you only need to load and
configure mod_ssl to achieve SSL communications.
Cheers, Fred.
On Tue, 2003-10-28 at 19:00, adawes@dawes.org wrote:
> Hi,
>
> I'm trying to get mod_ssl configured on my server but it isn't coming
> together and was hoping I could get some help from the field. Below is a
> description of my setup and what I'm trying to do. Any guesses where I'm
> going wrong?
>
> I've got a server with multiple virtual hosts. For the most part, I really
> only need https to work for my Squirrelmail webmail pages, but may also at
> some point have to put in an ecommerce thing on a site to accept credit
> cards. It seems to me that for simplicity sake, I'd ideally like to just
> have all my sites be accessible identically via http and https. I'll just
> put in a redirect for the http version of squirrelmail to go to 443
> instead of 80. Is there any good reason why I shouldn't have my docs
> available under http and https?
>
> Environment (debian packages)
> -----------
> apache 1.3.27.0-2
> apache-common 1.3.27.0-2
> libapache-mod-ssl 2.8.14-3
> openssl 0.9.7b-2
> libssl0.9.6j-1
>
> # apache -l
> Compiled-in modules:
> http_core.c
> mod_so.c
> mod_macro.c
> suexec: disabled; invalid wrapper /usr/lib/apache/suexec
>
> What I've done
> --------------
> Initially, I planned to use apache-ssl to do the https, but then figured
> if I could configure apache 1.3 with mod_ssl, I'd have a cleaner and
> easier to maintain system. So, my attempt to do that resulted in the
> following changes to my httpd.conf. These are in the main section and not
> duplicated in the Virtual hosts sections.
>
> LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
>
> and
>
> SSLVerifyClient 0
> SSLVerifyDepth 10
> # generated below with openssl
> SSLCertificateKeyFile /etc/ssl/demoCA/certs/server.key
> SSLCertificateFile /etc/ssl/demoCA/certs/server.crt
> SSLCACertificateFile /etc/ssl/demoCA/certs/cacert.pem
>
> What happens
> ------------
> When I try to hit my home page via https, I get the following in my
> access_log:
>
> 10.0.0.16 - - [20/Oct/2003:23:02:07 -0700] "\x80g\x01\x03\x01" 501 -
>
> And my Safari browser gives an immediate error message:
> "Could not open the page 10.0.0.22 because Safari could not establish a
> secure connection to the server 10.0.0.22."
>
> Previously, I was getting the following the following error when I tried
> restarting apache:
> Cannot load /usr/lib/apache/1.3/libssl.so into server:
> /usr/lib/apache/1.3/libssl.so: undefined symbol: ap_conn_timeout
>
> This happened when I tried to load the apache_ssl_module in my http.conf
> file. I _think_ I'm not supposed to do that. If I'm correct, that module
> isn't necessary to run mod_ssl and is only used for apache-ssl. True?
>
--
Fred Clausen - Professional Services Engineer
Unit 7
Skylines Business Village
Limeharbour
Docklands
London
E14 9TS
Tel: +44 (0)207 538 8230 - Fax: +44 (0)207 538 8246
Ext: 209 - Web: www.xinitsystems.com
E-Mail: fred.clausen@xinitsystems.com
Reply to: