LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-18-2003, 09:06 PM   #1
tree_buddy
LQ Newbie
 
Registered: Sep 2003
Distribution: RedHat 9
Posts: 26

Rep: Reputation: 15
apache2 w/ ssl - "document contains no data" & daemons die with https


I am running RH9 on an intel with apache2 (httpd-2.0.47).

I am toying around with different development tools for my learning purposes and I found that I am not able to view a page through a secure ssl port. I have tried not to stray from the supplied ssl and httpd config files, but when I access a page using a url such as https://??.??.???.???/secure I receive a "document contains no data error" from mozilla, or page not available from internet explorer. I am able to download that same page without designating a secure url.

I am using a self signed certificate and have loaded it in to my browser, even though it should ask to save it upon requesting a secure page right???

I start my server with ..../init.d/apachectl startssl It starts and asks me for the key's pass code.

::My error log is as such:

[Tue Nov 18 20:56:05 2003] [warn] RSA server certificate CommonName (CN) `Billy Bob' does NOT match server name!?
[Tue Nov 18 20:56:06 2003] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 18 20:56:06 2003] [notice] Digest: done
[Tue Nov 18 20:56:08 2003] [warn] RSA server certificate CommonName (CN) `Billy Bob' does NOT match server name!?
[Tue Nov 18 20:56:08 2003] [notice] Apache/2.0.47 (Unix) DAV/2 PHP/5.0.0b1 mod_ssl/2.0.47 OpenSSL/0.9.7c configured -- resuming normal operations

When I access a page using ssl, it tells me doc contains no...blah blah
When I check the error log, I find that all my daemons have died and it says:

[Tue Nov 18 20:59:24 2003] [notice] child pid 11559 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11560 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11561 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11562 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11563 exit signal Segmentation fault (11)

Does any one have any ideas or know of the [useful] documentation for apache2 with ssl?

ssl.conf with only commented code deleted out

Listen 443

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##

#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:logs/ssl_mutex

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

##
## SSL Virtual Host Context
##

<VirtualHost my_ip:443>

# General setup for the virtual host
DocumentRoot "/var/www/html/secure"
ServerName my_ip:443 #changed these
ServerAdmin me@my.address ###
ErrorLog logs/error_log
TransferLog logs/access_log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /usr/local/ssl/ssl/private/CAcert.pem
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server-dsa.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /usr/local/ssl/ssl/private/CAkey.pem
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server-dsa.key


<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>


nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

</IfDefine>

Last edited by tree_buddy; 11-18-2003 at 09:43 PM.
 
Old 11-23-2003, 05:42 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,541
Blog Entries: 54

Rep: Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924Reputation: 2924
What info did you supply making your own cert?
 
Old 11-23-2003, 09:44 PM   #3
tree_buddy
LQ Newbie
 
Registered: Sep 2003
Distribution: RedHat 9
Posts: 26

Original Poster
Rep: Reputation: 15
I just made up the information. I followed a couple of different instructions when creating the certificate and signing it. Are you talking about the two letter country, full state name, etc?

I just started over with the most recent source for apache 2, and I was able to get it to work. I have no idea what I did the first time to screw things up so bad. Thanks for the help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mozilla or firefox : "ALERT document contains no data!" maxut Fedora 8 06-08-2006 09:12 AM
Apache and Firefox "Document contains no data" error. ]SK[ Linux - Software 0 08-16-2005 02:44 AM
Mozilla/Firefox "Document contains no data" e88z4 Linux - Software 16 02-09-2005 03:14 AM
"document contains no data" error when i try to connect to SWAT on local machine squeaky-steve Linux - Networking 2 12-03-2003 09:12 AM
Swat => " The document contains no data" <- RH8 Tiago Cruz Linux - General 7 10-14-2003 07:53 PM


All times are GMT -5. The time now is 07:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration