LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-06-2005, 07:17 PM   #1
davidsrsb
Member
 
Registered: Oct 2003
Location: Kuala Lumpur, Malaysia
Distribution: Slackware 13.37 current
Posts: 770

Rep: Reputation: 33
apache mod_ssl not using port 443


Slackware 10.1, apache 1.3.33
I have read the howtos and searched this site to get mod_ssl working.
I run rc.httpd start or apachectl-mod-ssl start and the server starts but only listens to port 80. I am using the snake oil cert and key. Do I have to set up openssl in any way?
The mod_ssl call in httpd.conf is uncommented.

Last edited by davidsrsb; 06-07-2005 at 01:06 AM.
 
Old 06-06-2005, 08:49 PM   #2
killerbob
Member
 
Registered: Oct 2004
Location: Ottawa, ON
Distribution: Slackware
Posts: 662

Rep: Reputation: 30
I know that with Apache 2.0, you need to set up a virtual host on SSL, as well. Just because the module is loaded doesn't mean the system is actually using it: if it isn't configured for any ssl servers, then it won't load it.

Here's an example of what I'm talking about:

Code:
<VirtualHost _default_:443>
  DocumentRoot /wwwroot/mysite
  ServerName myname.com
  ServerAlias *.myname.com
  SSLEngine on
  SSLCertificateFile /usr/local/apache2/conf/ssl-keys/myname.crt
  SSLCertificateKeyFile /usr/local/apache2/conf/ssl-keys/myname.key
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
Three very important things, there. The first is the SSLEngine on entry. If that isn't on, then it won't do anything. The second and third are the certificate and key files. You need to generate those specific to your site if you haven't already done so. Three commands are needed to generate a self-signed SSL key:

Code:
Generate open SSL key:
$ openssl genrsa -out filename.key 1024

Generate site certificate:
$ openssl req -new -key filename.key -x509 -days 1000 -out filename.crt

Check site certificate
$ openssl x509 -in filename.crt -text

good luck.
 
Old 06-07-2005, 01:11 AM   #3
davidsrsb
Member
 
Registered: Oct 2003
Location: Kuala Lumpur, Malaysia
Distribution: Slackware 13.37 current
Posts: 770

Original Poster
Rep: Reputation: 33
Tried the above and still nmap shows no listener on port 443. The listen 443 line is present in mod_ssl.
 
Old 06-07-2005, 02:24 AM   #4
davidsrsb
Member
 
Registered: Oct 2003
Location: Kuala Lumpur, Malaysia
Distribution: Slackware 13.37 current
Posts: 770

Original Poster
Rep: Reputation: 33
I tried tha sample httpd.conf from apache-ssl and got errors about SSLVerifyClient being unknown. Does anybody have the apache 1.3.33 and mod_ssl 2.8.22 -1.3.33 packages working?
 
Old 06-07-2005, 03:07 AM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,938

Rep: Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330Reputation: 1330
I have them working pretty well, but I've compiled them from source. You didn't mention how did you installed apache and mod-ssl (i.e. from source or using Slackware installpkg). Anyway try:
Code:
/path/to/apache/bin/httpd -l
/path/to/apache/bin/httpd -t
To see if you have compiled-in mod-ssl and test your httpd.conf syntax. Also take a look at the error_log when apache starts to see if you find any errors
 
Old 06-07-2005, 06:54 AM   #6
davidsrsb
Member
 
Registered: Oct 2003
Location: Kuala Lumpur, Malaysia
Distribution: Slackware 13.37 current
Posts: 770

Original Poster
Rep: Reputation: 33
Problem solved by removing apache 1.3.33 and installing the linuxpackages apache2 and php4-apache.
These also need t1lib to work.

I suspect something wrong with the default 10.1 builds
 
Old 06-07-2005, 07:33 AM   #7
Havocnl
LQ Newbie
 
Registered: Jun 2005
Location: Tilburg, Netherlands
Distribution: Slackware 10.1
Posts: 2

Rep: Reputation: 0
Did you edit you /etc/rc.d/rc.htpd from start to startssl?
 
Old 06-07-2005, 10:22 AM   #8
davidsrsb
Member
 
Registered: Oct 2003
Location: Kuala Lumpur, Malaysia
Distribution: Slackware 13.37 current
Posts: 770

Original Poster
Rep: Reputation: 33
Yes, I tried various methods of starting apache and when ssl was triggered the ssl_engine.log had several messages about stages of key setup.
 
Old 06-07-2005, 10:33 AM   #9
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,614

Rep: Reputation: 136Reputation: 136
Default slackware apache mod_ssl works fine, you are aware
that slackware is one of the most stable linux distribution to
run servers aren't you ?
Quote:
I suspect something wrong with the default 10.1 builds
No, mod_ssl works fine, here in slack 10.1 with apache and openssl
default slackware packages
Quote:
The mod_ssl call in httpd.conf is uncommented.
Do you mean this :
Code:
Include /etc/apache/mod_ssl.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Port 443 Verbal Kint Linux - Software 0 10-04-2005 03:07 AM
"apache startssl" fails: can't bind port 443 mrjamin Linux - Software 4 07-04-2005 11:09 AM
Webmin On TCP port 443...but with Apache Mod_ssl installed... ech310n Linux - Networking 6 01-27-2004 04:10 PM
FAVICON with apache server at port 443 doesn't seem 2 work ganninu Linux - General 0 12-21-2003 03:58 AM
Apache won't answer on Port 80, but will on 443 KevinJ Linux - Software 10 02-04-2003 08:10 PM


All times are GMT -5. The time now is 07:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration