I am running RH9 on an intel with apache2 (httpd-2.0.47).
I am toying around with different development tools for my learning purposes and I found that I am not able to view a page through a secure ssl port. I have tried not to stray from the supplied ssl and httpd config files, but when I access a page using a url such as
https://??.??.???.???/secure I receive a "document contains no data error" from mozilla, or page not available from internet explorer. I am able to download that same page without designating a secure url.
I am using a self signed certificate and have loaded it in to my browser, even though it should ask to save it upon requesting a secure page right???
I start my server with ..../init.d/apachectl startssl It starts and asks me for the key's pass code.
::My error log is as such:
[Tue Nov 18 20:56:05 2003] [warn] RSA server certificate CommonName (CN) `Billy Bob' does NOT match server name!?
[Tue Nov 18 20:56:06 2003] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 18 20:56:06 2003] [notice] Digest: done
[Tue Nov 18 20:56:08 2003] [warn] RSA server certificate CommonName (CN) `Billy Bob' does NOT match server name!?
[Tue Nov 18 20:56:08 2003] [notice] Apache/2.0.47 (Unix) DAV/2 PHP/5.0.0b1 mod_ssl/2.0.47 OpenSSL/0.9.7c configured -- resuming normal operations
When I access a page using ssl, it tells me
doc contains no...blah blah
When I check the error log, I find that all my daemons have died and it says:
[Tue Nov 18 20:59:24 2003] [notice] child pid 11559 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11560 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11561 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11562 exit signal Segmentation fault (11)
[Tue Nov 18 20:59:24 2003] [notice] child pid 11563 exit signal Segmentation fault (11)
Does any one have any ideas or know of the [useful] documentation for apache2 with ssl?
ssl.conf with only commented code deleted out
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:logs/ssl_mutex
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Virtual Host Context
##
<VirtualHost my_ip:443>
# General setup for the virtual host
DocumentRoot "/var/www/html/secure"
ServerName my_ip:443 #changed these
ServerAdmin
me@my.address ###
ErrorLog logs/error_log
TransferLog logs/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /usr/local/ssl/ssl/private/CAcert.pem
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /usr/local/ssl/ssl/private/CAkey.pem
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server-dsa.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
