[GLLUG] More SSL woes
Mike Szumlinski
szumlins@pilot.msu.edu
Sat, 2 Nov 2002 19:10:01 -0500
Okay..so I'm trying to set up a little SSL section on my website for a
beta webstore and possibly webmin. So far all seems good in my
configuration, but for some reason the SSL site just won't come up.
Here are a couple of snippets from my logs/httpd.conf file to see if
anyone has any ideas why it won't work.
-------
[szumlins@britney:~]: more /var/log/ssl_engine_log
[02/Nov/2002 19:00:01 06684] [info] Server: Apache/1.3.26, Interface:
mod_ssl/2.8.10, Library: OpenSSL/0.9.6e
[02/Nov/2002 19:00:01 06684] [info] Init: 1st startup round (still not
detached)
[02/Nov/2002 19:00:01 06684] [info] Init: Initializing OpenSSL library
[02/Nov/2002 19:00:01 06684] [info] Init: Loading certificate &
private key of SSL-aware server monkey-dance.com:443
[02/Nov/2002 19:00:01 06684] [info] Init: Requesting pass phrase via
builtin terminal dialog
[02/Nov/2002 19:00:03 06684] [info] Init: Wiped out the queried pass
phrases from memory
[02/Nov/2002 19:00:03 06684] [info] Init: Seeding PRNG with 136 bytes
of entropy
[02/Nov/2002 19:00:03 06684] [info] Init: Generating temporary RSA
private keys (512/1024 bits)
[02/Nov/2002 19:00:05 06684] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[02/Nov/2002 19:00:06 06685] [info] Init: 2nd startup round (already
detached)
[02/Nov/2002 19:00:06 06685] [info] Init: Reinitializing OpenSSL
library
[02/Nov/2002 19:00:06 06685] [info] Init: Seeding PRNG with 136 bytes
of entropy
[02/Nov/2002 19:00:06 06685] [info] Init: Configuring temporary RSA
private keys (512/1024 bits)
[02/Nov/2002 19:00:06 06685] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[02/Nov/2002 19:00:06 06685] [info] Init: Initializing (virtual)
servers for SSL
[02/Nov/2002 19:00:06 06685] [info] Init: Configuring server
monkey-dance.com:443 for SSL protocol
------
All seems good there...no errors in the log at all. My httpd-error and
access logs show absolutely nothing either.
Here is my definition in my httpd.conf file
------
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache none
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /var/log/ssl_engine_log
SSLLogLevel info
</IfModule>
<IfDefine SSL>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
<Files ~ "\.(cgi|shtml|phtml|php|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<VirtualHost 192.168.3.50:443>
ServerName monkey-dance.com
DocumentRoot /usr/local/www/data/secure
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
/usr/ports/www/apache13-modssl/work/apache_1.3.26/conf/ssl.crt/
server.crt
SSLCertificateKeyFile
/usr/ports/www/apache13-modssl/work/apache_1.3.26/conf/ssl.key/
server.key
</VirtualHost>
</IfDefine>
------
http://monkey-dance.com comes up just fine, but
https://monkey-dance.com (which has a different root) doesn't come up
at all. Any ideas?
-Mike