SSL not available, for no apparent reason

Luke Davis ldavis at shellworld.net
Fri Aug 20 19:12:37 EDT 2004 

I sent this to modssl-users, but they do not appear to be actively 
supporting that list any longer.


Good Day:

I am running Debian stable, with the included packages.
Apache version 1.3.26; mod-ssl version 2.8.9-2.4.

I am using a self-signed certificate for now, until testing proves successful.

If I use openssl, with the s_client and s_server options, I can make a 
successful connection through the local host.

However, apache, while it serves on port 80, does not appear to be serving SSL 
documents.

Here are the contents of a couple files:

== ssl.log ==
[17/Aug/2004 06:25:02 28275] [info]  Init: 10nd restart round (already 
detached)
[17/Aug/2004 06:25:02 28275] [info]  Init: Reinitializing OpenSSL library
[17/Aug/2004 06:25:02 28275] [info]  Init: Seeding PRNG with 23689 bytes of 
entropy
[17/Aug/2004 06:25:02 28275] [info]  Init: Configuring temporary RSA private 
keys (512/1024 bits)
[17/Aug/2004 06:25:02 28275] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
[17/Aug/2004 06:25:02 28275] [info]  Init: Initializing (virtual) servers for 
SSL
[17/Aug/2004 06:25:02 28275] [info]  Init: Configuring server 
www.placeholder.com:443 for SSL protocol
[17/Aug/2004 06:25:02 28275] [warn]  Init: (www.placeholder.com:443) RSA server 
certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

== httpd.conf extracts ==
[.]
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 100
<ifmodule mod_ssl.c>
  listen 80
  listen 443
</ifmodule>
[.]
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
LoadModule jk_module /usr/lib/apache/1.3/mod_jk.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
ExtendedStatus On
Port 80
User www-data
Group www-data
ServerAdmin webmaster at placeholder.com
ServerName www.placeholder.com
[.]
ServerSignature On
[.]
</IfModule>
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfModule>
<IfModule mod_ssl.c>
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLLog      /var/log/apache/ssl.log
SSLLogLevel info
</IfModule>
Include /etc/phpmyadmin/apache.conf
Include /etc/horde/apache.conf
port 80
ServerName atlas.placeholder.com
NameVirtualHost *
<VirtualHost *>
DocumentRoot /usr/share/horde/imp
ServerName webmail.placeholder.com
ServerAlias *.webmail.placeholder.com
</VirtualHost>
<virtualhost 12.34.56.78:443>
servername www.placeholder.com
documentroot /var/www/placeholder.com-ssl
<ifmodule mod_ssl.c>
sslengine on
sslcertificatefile /etc/apache/placeholder.com.crt
sslcertificatekeyfile /etc/apache/placeholder.com.key
setenvif User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</ifmodule>
</virtualhost>
<VirtualHost *>
DocumentRoot /var/www/placeholder.com
ServerName placeholder.com
ServerAlias *.placeholder.com
</VirtualHost>

I'm not sure what else to examine here, or what I might have screwed up.

Luke

More information about the Speakup mailing list