Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 Apache with SSL not starting
Google
Post new topic Reply to topic
Author Message
ernie121
 
 


Joined: 20 Sep 2005
Posts: 5

PostPosted: Tue Sep 20, 2005 5:42 pm Reply with quoteBack to top

Hi I have just installed apache2triad 1.5.3, I am trying to get ssl to work on zencart but I'm a complete newb to ssl. I have been reading as much as i can about setting up ssl to not much avail. when i try to start apache with ssl i get "The requested operation failed!" . i am not sure wether the apache with ssl will start from the clean installtion of A2T ( i have stopped apache then tried with ssl but still the same) or if u need to change the default httpd.conf and ssl.conf files for virtual host (I have also tried this but not to sure if i got it right). If anyone can let me know what basic steps are needed from clean install to enable apache with ssl would really help me out.
Thanks in advance
Ern
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Tue Sep 20, 2005 10:43 pm Reply with quoteBack to top

http://apache2triad.net/forums/viewtopic.php?t=40

I setup apache2triad use the changedomain in the control panel and run a batch file http://apache2triad.net/forums/download.php?id=79 I set it up using a self-signed certificate, and then change to ssl.

Also, can you start apache w/o ssl? It sounds like you may have a misconfiguration in your httpd.conf. To test it.

start -> run -> cmd.exe -> apache -t
View user's profileSend private messageYahoo MessengerICQ Number
ernie121
 
 


Joined: 20 Sep 2005
Posts: 5

PostPosted: Wed Sep 21, 2005 2:14 am Reply with quoteBack to top

Thanks for the reply Demoric Wink

Demoric wrote:
http://apache2triad.net/forums/viewtopic.php?t=40

I followed these instructions and all was ok until i tried to read certificate
openssl crl -noout -text -in <name>.crl
openssl x509 -noout -text -in <name>.crt
openssl req -noout -text -in <name>.csr
openssl rsa -noout -text -in <name>.pem
openssl dsaparam -noout -text -in <name>.prm
only puts 2 files in bin folder .crt and .prm and would error reading them the others give doesnt exist message.

Demoric wrote:
I setup apache2triad use the changedomain in the control panel and run a batch file http://apache2triad.net/forums/download.php?id=79 I set it up using a self-signed certificate, and then change to ssl.


I also tried this way and after files created it asks to stop apache and enable apache ssl via services window and wen i do it stil gives "The requested operation has failed!" I also changed domain to my valid domain via cp

Demoric wrote:
Also, can you start apache w/o ssl? It sounds like you may have a misconfiguration in your httpd.conf. To test it.


Yes it works fine without ssl, I even set up a virtual host with 2 domains which is working fine. I have tried to add ssl virtual host to in httpd.conf as follows;
# Use name-based virtual hosting.
#
NameVirtualHost *

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *>
ServerAdmin admin@mydom1
DocumentRoot C:/apache2triad/htdocs
ServerName mydom1
ErrorLog logs/error.log
CustomLog logs/access.log common
</VirtualHost>

<VirtualHost *>
ServerAdmin admin@mydom2
DocumentRoot C:/apache2triad/htdocs/forum
ServerName mydom2
ErrorLog logs/mydom2-error.log
CustomLog logs/mydom2-access.log common
</VirtualHost>
(I have changed true domain to mydom here)
I also added ssl directly below;

<IfDefine SSL>
<VirtualHost *:443>
ServerName mydom
ServerAdmin webhost@mydom
DirectoryIndex index.html index.php index.html.var index.htm default.htm
DocumentRoot "C:/apache2triad/htdocs/secure"
ErrorLog logs/mydom-error_log
CustomLog logs/mydom_log common
SSLEngine on
SSLCertificateFile C:/apache2triad/opssl/cert/certificate.crt
SSLCertificateKeyFile C:/apache2triad/opssl/cert/certificate.key
UserDir public_html
ScriptAlias /cgi-bin/ C:/apache2triad/cgi-bin
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>
but i read that <IfDefine SSL> is before the module is loaded it would b ignored and
#ssl config
<IfDefine SSL>
LoadFile opssl\bin\libeay32.dll
LoadFile opssl\bin\ssleay32.dll
LoadModule ssl_module modules/mod_ssl.so
Include conf/ssl.conf
</IfDefine>
was furthur down the file so i moved this to the very bottom of httpd.conf. I am also not sure if i need to make an entry in SSL.conf if u could clear that up for me

Demoric wrote:
start -> run -> cmd.exe -> apache -t

C:\apache2triad\bin>apache -t
Syntax OK

C:\apache2triad\bin>
seems fine to me,
Any further help you got would be greatly apprecited
Thanks

Ern


**********************
Update:
I have been checking the event logs and it seems the prob is now with my certificate. the error i get is;

The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> Syntax error on line 1163 of C:/apache2triad/conf/httpd.conf:

The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> SSLCertificateFile: file 'C:/apache2triad/opssl/cert/certificate.crt' does not exist or is empty

I have also tried with back slashes and it errors in the same place, certificate.crt is definitly in that directory aswell, any idea how to fix? or could it be a problem with certificate.crt which i can explore via properties and has the settings i used to create it.
Thanks again

Ern

**********************
Furthur update
I think i got past last error ok, I went back and tried the certificate again and managed to create 1 ok but now I get 4 errors;

The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> [Wed Sep 21 13:11:05 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:443

The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> no listening sockets available, shutting down

The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> Unable to open logs

I have tried changing virtual host info but keep getting the same errors, heres what my http.conf file says;

NameVirtualHost *

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *>
ServerAdmin admin@mydom1
DocumentRoot C:/apache2triad/htdocs
ServerName mydom1
ErrorLog logs/error.log
CustomLog logs/access.log common
</VirtualHost>

<VirtualHost *>
ServerAdmin admin@mydom2
DocumentRoot C:/apache2triad/htdocs/forum
ServerName mydom2
ErrorLog logs/mydom2-error.log
CustomLog logs/mydom2-access.log common
</VirtualHost>

#
## Apache2Triad config starts here
#

#misc config
DirectoryIndex index.html index.html.var index.htm index.php index.shtml index.cgi index.pl index.spy index.psp

#CGI (perl/python/tcl) config
LoadModule cgi_module modules/mod_cgi.so
<IfModule mod_cgi.c>
AddHandler cgi-script .cgi
AddType application/x-httpd-cgi .cgi
AddHandler cgi-script .py
AddType application/x-httpd-cgi .py
AddHandler cgi-script .tcl
AddType application/x-httpd-cgi .tcl
</IfModule>

#php config
LoadFile php\bin\php5ts.dll
LoadFile php\bin\fdftk.dll
LoadFile C:/apache2triad/mysql/bin/libmysql.dll
LoadModule php5_module modules/mod_php.so
<IfModule mod_php5.c>
Alias /php/ "C:/apache2triad/php/"
LoadFile php\bin\ntwdblib.dll
AddHandler php5-script .php
AddHandler php5-script .inc
AddType application/x-httpd-php .php
AddType application/x-httpd-php .inc
AddType application/x-httpd-php-source .phps
</IfModule>
#uncoment below and comment LoadModule php5_module to enable php as cgi
#ScriptAlias /php/ "C:/apache2triad/php/bin/"
#Action application/x-httpd-php "/php/php-cgi.exe"
#AddType application/x-httpd-php .php
#AddHandler application/x-httpd-php .php

#perl config
LoadFile perl\bin\perl58.dll
#LoadModule perl_module modules/mod_perl.so
<IfModule mod_perl.c>
Alias /perl/ "C:/apache2triad/perl/"
AddHandler perl-script .pl
AddType application/x-httpd-perl .pl
PerlOptions ParseHeaders
PerlHandler ModPerl::Registry
PerlSendHeader On
</IfModule>

#asp config
<IfModule mod_perl.c>
PerlModule Apache::ASP
PerlSetVar NoState 1
<Files ~ (\.asp)>
SetHandler perl-script
#PerlHandler Apache::ASP
PerlSetVar Global .
PerlSetVar StateDir "C:/apache2triad/temp"
</Files>
</IfModule>

#python config
LoadFile python\bin\python23.dll
#LoadModule python_module modules/mod_python.so
<IfModule mod_python.c>
Alias /python/ "C:/apache2triad/python/"
AddHandler python-program .spy
#PythonHandler run_spyceModpy::spyceMain
AddHandler mod_python .psp
PythonHandler mod_python.psp
PythonDebug On
</IfModule>

#ssi config
LoadModule include_module modules/mod_include.so
<IfModule mod_include.c>
AddHandler server-parsed .shtml
AddOutputFilter Includes .shtml .html .htm .php
</IfModule>

#ssl config
<IfDefine SSL>
LoadFile opssl\bin\libeay32.dll
LoadFile opssl\bin\ssleay32.dll
LoadModule ssl_module modules/mod_ssl.so
Include conf/ssl.conf
</IfDefine>

#debuging config
<IfDefine DEV>
ScriptLog logs/cgi.log
PerlSetVar Debug 2
PythonDebug On
</IfDefine>

#required for the functionality of the apache server under windows 98
#useful to work around bugs in some third party layered service providers like virus
#scanners,VPN and firewall products, that do not properly handle WinSock 2 API
<IfDefine AEX>
Win32DisableAcceptEx
</IfDefine>

#htdocs config
<Directory "C:/apache2triad/htdocs">
Options Indexes FollowSymLinks +Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>

#server config
ServerName mydom1:80
ServerAdmin admin@mydom1

<IfDefine SSL>
<VirtualHost mydom1:443>
ServerName mydom1
ServerAdmin webhost@mydom1
DirectoryIndex index.html index.php index.html.var index.htm default.htm
DocumentRoot "C:/apache2triad/htdocs/secure"
ErrorLog logs/mydom1-error_log
CustomLog logs/mydom1_log common
SSLEngine on
SSLCertificateFile C:/apache2triad/opssl/cert/certificate.crt
SSLCertificateKeyFile C:/apache2triad/opssl/cert/certificate.key
UserDir public_html
ScriptAlias /cgi-bin/ C:/apache2triad/cgi-bin
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>



and my SSL.conf file is as follows;

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

<IfDefine SSL>

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
Listen 443

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##

#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shmht:logs/ssl_scache(512000)
#SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
#SSLMutex file:logs/ssl_mutex
SSLMutex default
#SSLMutex sem

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "C:/apache2triad/htdocs/secure"
ServerName mydom1:443
ServerAdmin admin@mydom1
ErrorLog logs/ssl_error.log
TransferLog logs/ssl_access.log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile "C:/apache2triad/OpSSL/cert/certificate.crt"


# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile "C:/apache2triad/OpSSL/cert/privkey.pem"


# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile "C:/apache2triad/OpSSL/cert/ca.crt"

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificateFile "C:/apache2triad/OpSSL/cert/ca-bundle.crt"

# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificateFile "C:/apache2triad/OpSSL/cert/ca-bundle.crl"

# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10

# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>

# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o CompatEnvVars:
# This exports obsolete environment variables for backward compatibility
# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
# to provide compatibility to existing CGI scripts.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(pl|cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "C:/apache2triad/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

as I said before I'm coplete newb to virtual host and ssl so if anyone can tell me where I'm going wrong it will really help me out.
Thanks
Ern (still cracking on ;p)


*************************
Latest Update 21/09 17.04 uktime

I removed the <IfDefine SSL> section at the bottom of my http.conf file, and changed services to autostart a2t with ssl and set A2T to manual then rebooted pc and a2t has now started with ssl ok and i have checked event log and it still has 1 error;

The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> [Wed Sep 21 16:55:51 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

My thinking is it is something to do with the following lines in my ssl.cnf, if anyone can confirm?;

## SSL Virtual Host Context
##

<VirtualHost _default_:443> <<<<<<<This line?

# General setup for the virtual host
DocumentRoot "C:/apache2triad/htdocs/secure"
ServerName mydom1:443
ServerAdmin admin@mydom1
ErrorLog logs/ssl_error.log
TransferLog logs/ssl_access.log

or do i need to set up a <IfDefine SSL> virtual host in my httpd.conf file as i only have the following virtual host set in httpd.conf file;

NameVirtualHost *

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *>
ServerAdmin admin@mydom1
DocumentRoot C:/apache2triad/htdocs
ServerName mydom1
ErrorLog logs/error.log
CustomLog logs/access.log common
</VirtualHost>

<VirtualHost *>
ServerAdmin admin@mydom2
DocumentRoot C:/apache2triad/htdocs/forum
ServerName mydom2
ErrorLog logs/mydom2-error.log
CustomLog logs/mydom2-access.log common
</VirtualHost>

#
## Apache2Triad config starts here
#

Can anyone help me clear this up?
Thanks
Ern
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Sat Sep 24, 2005 8:41 pm Reply with quoteBack to top

Okay, here's what I'd recommend that you try.


In your httpd.conf

Comment out your if define ssl area, and try using:
Code:
<IfDefine SSL>
LoadFile opssl\bin\libeay32.dll
LoadFile opssl\bin\ssleay32.dll
LoadModule ssl_module modules/mod_ssl.so
Include conf/ssl.conf
</IfDefine>


Also in your virtual host section your telling it to listen on all ports
Quote:
<VirtualHost *>

try changing them to
Code:
<VirtualHost *:80>


**********
Sorry for the lateness of my replies.
View user's profileSend private messageYahoo MessengerICQ Number
ernie121
 
 


Joined: 20 Sep 2005
Posts: 5

PostPosted: Sun Sep 25, 2005 12:35 am Reply with quoteBack to top

Thanks again for the reply Demoric

I did manage to get it started a couple of days ago by completely taking out the virtual host section and it is workin great. The main prob i had originally was that i did not know what was involved in getting the apache with ssl to start after i had installed it. (as i mentioned was complete newb to ssl) Most of what i was reading in the forum was explaining virtual host and ssl so that's the route I started to follow but i managed to figure out that the certificate had to be configured before the ssl would start. i found 2 things helped me out greatly in learning the basics to gettin the ssl started;

1 = READ C:\apache2triad\opssl\apache2triad_openssl.txt
On setting up your certificate

2 = Start > Settings > Control Panel > Administrive Tools > Event Viewer
Then check application logs (Win XP)

just to pass on to anyone else struggling with ssl ;p

Anyway changing the subject, I am gona try to set that virtual host so I will try out wot you suggested Demoric and will let you know how i get on.

Thanks again Demoric
Ern Wink
View user's profileSend private message
morciya
 
 


Joined: 24 Sep 2005
Posts: 6

PostPosted: Sun Sep 25, 2005 2:18 am Reply with quoteBack to top

ernie: what do you mean by:
Quote:
Then check application logs (Win XP)

Thanks!
View user's profileSend private message
ernie121
 
 


Joined: 20 Sep 2005
Posts: 5

PostPosted: Sun Sep 25, 2005 2:05 pm Reply with quoteBack to top

@morciya
If you have tried to start apache2triad with ssl and get an error message ie: "The requested operation has failed!" you can check what the failure is by checking the apllication logs. the steps i showed are for win xp as that's the operating system i am useing hence;

morciya wrote:
Quote:
Then check application logs (Win XP)


Hope this answers your question m8

@Demoric

changing the virtual host to <VirtualHost *:80> did the trick thanks Wink , however i still get a couple of errors in the application logs but still works ok. the errors i get are;

1 = The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> [Sun Sep 25 14:43:26 2005] [error] VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

2 = The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> [Sun Sep 25 14:43:26 2005] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

3 = The Apache service named Apache2Triad Apache2 Service with SSL reported the following error:
>>> [Sun Sep 25 14:43:26 2005] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Like i said it is working ok so not sure if i can just ignore these? (I have used the * for virtual host as my ip changes) have you got any suggestions?

Qiuck question if you can answer it, I am trying to set up a certificate to be signed by ssl247.co.uk and the instructions i have to create it for signing don't seem to work for me. I am trying to set up useing the following;

openssl genrsa -out domainname.key 1024
openssl req -new -key domainname.key -out domainname.csr <<< I get error: Unable to load config info from C:\apache2triad\opssl\bin

I have also tried;

openssl genrsa -out privkey.pem 1024
openssl genrsa -out domainname.key 1024
openssl req -new -key domainname.key -out domainname.csr <<< I still get same error: Unable to load config info from C:\apache2triad\opssl\bin

To be honest I'm a little stuck with it at the mo so any help would be greatly appreciated, btw sorry if last question is in wrong thread.
Thanks again for your help Demoric,

Ern Wink
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Sun Sep 25, 2005 3:18 pm Reply with quoteBack to top

Backup your ssl.conf file and try the following one.

Note: you'll want to change localhost to whatever you're using.

As for the certificate I've always just used a self signed one. There's no fees for that, but the instructions are taken from openssl and should work.
View user's profileSend private messageYahoo MessengerICQ Number
ernie121
 
 


Joined: 20 Sep 2005
Posts: 5

PostPosted: Sun Sep 25, 2005 7:27 pm Reply with quoteBack to top

Thanks Demoric

I tired you ssl.conf file but it was identical to mine apart from loacalhost reference and still shows the same 3 errors in the apllication log. It is working fine tho so I think i will just bear with it

I Think I managed to sort the certificate with the following;

openssl genrsa -out domainname.key 1024
and
openssl req -new -key domainname.key -out domainname.csr -config C:\apache2triad\opssl\bin\openssl.cnf
This created the .csr file ok, I just need to submit it for signing now (fingers crossed)

Thanks again m8

Ern Wink
View user's profileSend private message
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT