Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Can someone point me in the right direction on what to do after you have installed the ssl .crt ?

Posted on 2004-09-15
8
Medium Priority
?
558 Views
Last Modified: 2010-03-04
Hi there,

I have downloaded the trail crt from thawte and installed the crt and key. Apache is started and ready.

Where do I go from here? I am using Apache 1.3 on a win 2000 server.

Could some one point me in the right direction of some instructions?

<VirtualHost external_ip_address:443>

DocumentRoot "D:\oracle\ora81\Apache\Apache\htdocs"
ServerName domain-name.com
ServerAdmin edward@domain-name.com
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on

#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile \conf\ssl.crt\www.domain-name.com.crt

#SSLCertificateFile \conf\ssl.crt\server.crt

SSLCertificateKeyFile \conf\ssl.key\www.domain-name.com.key

#SSLCertificateKeyFile \conf\ssl.key\server.key

#SSLCertificateChainFile conf\ssl.crt\ca.crt

SSLCACertificateFile conf\ssl.crt\ca-bundle.crt

#SSLCARevocationFile conf\ssl.crl\ca-bundle.crl

#SSLVerifyClient require

#SSLVerifyDepth  10

<Files ~ "\.(cgi|shtml)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  
0
Comment
Question by:teched1000
8 Comments
 
LVL 9

Assisted Solution

by:ronan_40060
ronan_40060 earned 300 total points
ID: 12066130
please follow the instructions available at
http://www.apache-ssl.org/#FAQ.
also have a look at
mod_ssl: http://www.modssl.org
mod_ssl configuration: http://www.modssl.org/docs/2.8/ssl_reference.html
and the most important link
 http://tud.at/programm/apache-ssl-win32-howto.php3.

let us know
ronan
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12068933
One important thing to know is that after you add an SSL entry to the Apache configuration, you can't simply restart or reload;  you must stop apache:

apachectl stop

Check to make certain that all apache processes are stopped:

ps ax | grep -i apache

and then restart it using the startssl option:

apachectl startssl
0
 
LVL 38

Assisted Solution

by:yuzh
yuzh earned 300 total points
ID: 12071400
Please read the following "The Apache + SSL on Win32 HOWTO"

http://tud.at/programm/apache-ssl-win32-howto.php3

    PS: periwinkle,  "ps" command can not work with M$ windows!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:teched1000
ID: 12073207
Hi guys,

Thanks for your quick respondes.

I have been using http://tud.at/programm/apache-ssl-win32-howto.php3 and http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL.

I am stuck, when I enter: 's_client -connect www.domain-name.com:443' in openssl.exe I receive the following message.

Loading 'screen' into random state - done
CONNECTED(00000138)
1260:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unkown protocol:.\ssl\s23_clnt.c:458:

Also went I do

Apache stop

I get 'Apache prccess 1696 still running! Please shutdwon previous instance before starting'

So I

Apache -k shutdown

Apache -k startssl -- Does not work

Apache -k start  -- Receives the following error

httpd.pid overwrttien -- unclean shutdown of prvious Apache run?
Apache/1.3.12 Wwin32) ApacheJServ/1.1 mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
 running...

Any ideas?
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12073887
D'oh - thanks, Yuz - missed the fact it was on Windows.

Signaling Apache under Windows is a bit different;  see:

http://httpd.apache.org/docs/windows.html#signal

which states:

You can tell a running Apache to stop by opening another console window and running:

    apache -k shutdown

Note: This option is only available with Apache 1.3.3 and later.

For earlier versions, you must use Control-C in the Apache console window to shut down the server.

From version 1.3.3 through 1.3.12, this should be used instead of pressing Control-C in a running Apache console window, because it allowed Apache to end any current transactions and cleanup gracefully.

As of version 1.3.13 pressing Control-C in the running window will cleanup Apache quite gracefully, and you may use -k stop as an alias for -k shutdown. Earlier versions do not understand -k stop.
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12073894
P.S. if Apache is running as a service, you might find the following useful, too:

http://httpd.apache.org/docs/win_service.html
0
 

Author Comment

by:teched1000
ID: 12075823
Hi guys,

I found the solution, I started witha fresh unedited httpd.conf file and edited it a bit at a time. When I had finished I found the it worked fine.

Must have bodshed the orginal some how.

Anything I want to make the whole web site SSL secure.

At the moment you can use both http and https to enter my web sites.

How you to edit the httpd.conf file so that if anyone trys to enter using http it will rediredt them to https?

Thanks for all your help

Eddy
0
 
LVL 15

Accepted Solution

by:
periwinkle earned 900 total points
ID: 12076128
You can redirect from the virtualhost of the non-secure version to the secure one... something like:

<VirtualHost external_ip:80>
Redirect / https://www.yourdomain.com
</VirtualHost>
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses
Course of the Month15 days, 22 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question