LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   apache mod_ssl not using port 443 (http://www.linuxquestions.org/questions/slackware-14/apache-mod_ssl-not-using-port-443-a-331018/)

davidsrsb 06-06-2005 07:17 PM
apache mod_ssl not using port 443
 
Slackware 10.1, apache 1.3.33
I have read the howtos and searched this site to get mod_ssl working.
I run rc.httpd start or apachectl-mod-ssl start and the server starts but only listens to port 80. I am using the snake oil cert and key. Do I have to set up openssl in any way?
The mod_ssl call in httpd.conf is uncommented.

killerbob 06-06-2005 08:49 PM
I know that with Apache 2.0, you need to set up a virtual host on SSL, as well. Just because the module is loaded doesn't mean the system is actually using it: if it isn't configured for any ssl servers, then it won't load it.

Here's an example of what I'm talking about:

Code:
<VirtualHost _default_:443>
  DocumentRoot /wwwroot/mysite
  ServerName myname.com
  ServerAlias *.myname.com
  SSLEngine on
  SSLCertificateFile /usr/local/apache2/conf/ssl-keys/myname.crt
  SSLCertificateKeyFile /usr/local/apache2/conf/ssl-keys/myname.key
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
Three very important things, there. The first is the SSLEngine on entry. If that isn't on, then it won't do anything. The second and third are the certificate and key files. You need to generate those specific to your site if you haven't already done so. Three commands are needed to generate a self-signed SSL key:

Code:
Generate open SSL key:
$ openssl genrsa -out filename.key 1024

Generate site certificate:
$ openssl req -new -key filename.key -x509 -days 1000 -out filename.crt

Check site certificate
$ openssl x509 -in filename.crt -text

good luck.

davidsrsb 06-07-2005 01:11 AM
Tried the above and still nmap shows no listener on port 443. The listen 443 line is present in mod_ssl.

davidsrsb 06-07-2005 02:24 AM
I tried tha sample httpd.conf from apache-ssl and got errors about SSLVerifyClient being unknown. Does anybody have the apache 1.3.33 and mod_ssl 2.8.22 -1.3.33 packages working?

bathory 06-07-2005 03:07 AM
I have them working pretty well, but I've compiled them from source. You didn't mention how did you installed apache and mod-ssl (i.e. from source or using Slackware installpkg). Anyway try:
Code:
/path/to/apache/bin/httpd -l
/path/to/apache/bin/httpd -t
To see if you have compiled-in mod-ssl and test your httpd.conf syntax. Also take a look at the error_log when apache starts to see if you find any errors

davidsrsb 06-07-2005 06:54 AM
Problem solved by removing apache 1.3.33 and installing the linuxpackages apache2 and php4-apache.
These also need t1lib to work.

I suspect something wrong with the default 10.1 builds

Havocnl 06-07-2005 07:33 AM
Did you edit you /etc/rc.d/rc.htpd from start to startssl?

davidsrsb 06-07-2005 10:22 AM
Yes, I tried various methods of starting apache and when ssl was triggered the ssl_engine.log had several messages about stages of key setup.

keefaz 06-07-2005 10:33 AM
Default slackware apache mod_ssl works fine, you are aware
that slackware is one of the most stable linux distribution to
run servers aren't you ?
Quote:
I suspect something wrong with the default 10.1 builds
No, mod_ssl works fine, here in slack 10.1 with apache and openssl
default slackware packages
Quote:
The mod_ssl call in httpd.conf is uncommented.
Do you mean this :
Code:
Include /etc/apache/mod_ssl.conf


All times are GMT -5. The time now is 11:07 AM.