SSL not available, for no apparent reason
Luke Davis
ldavis at shellworld.net
Sun Aug 22 01:40:14 EDT 2004
Greg
Your method failed, my other attempted methods failed, and copies of
several examples found in apache docs, howtos, etc., all also failed.
I finally ripped out everything, including all of the "<ifmodule>"
directives relating to modssl, both setting up listen lines, and in the
virtualhosts. I rewrote the vhost section as follows:
port 80
ServerName atlas.placeholder.com
NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443
<virtualhost 1.2.3.4:443>
servername www.placeholder.com
documentroot /var/www/placeholder.com-ssl
serveradmin webmaster at placeholder.com
#<ifmodule mod_ssl.c>
sslengine on
sslcertificatefile /etc/apache/placeholder.com.crt
sslcertificatekeyfile /etc/apache/placeholder.com.key
setenvif User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
#</ifmodule>
</virtualhost>
<VirtualHost 1.2.3.4:80>
DocumentRoot /var/www/placeholder.com
ServerName www.placeholder.com
ServerAlias placeholder.com
</VirtualHost>
lynx to https://1.2.3.4 will get me a self-signed cert warning, and
if I accept that, a 1.2.3.4 != cert (www.placeholder.com) warning.
If I accept that, I get the proper content.
If I don't, the access attempt fails.
If I go to https://www.placeholder.com, however, I don't even get the
cert warning (self-signed), and since lynx is set to autodeny by default,
it shouldn't work at all. However, I get to the secure content, with no
trouble.
Additionally, this happens:
atlas:/etc/apache# openssl s_client -port 443
CONNECTED(00000003)
18283:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:460:
atlas:/etc/apache#
Not quite sure what this is telling me.
Any further ideas, on this slightly modified problem?
Thanks for putting me on the right track with the previous.
Luke
More information about the Speakup
mailing list