?
Solved

Apache 1.3.33 + SSL + php_4.3.9

Posted on 2005-05-02
11
Medium Priority
?
772 Views
Last Modified: 2013-12-15
Hello.  I'm trying to get SSL up and running on my apache setup.  what is odd is that I seem to have compiled apache with ssl.
Here is my config line for apache:

./configure --prefix=/home/httpd/html/vhosts --sysconfdir=/www/conf --enable-shared=max --enable-module=rewrite --enable-module=status --enable-module=ssl

that is the first thing i do.  then i go to my php source and do this:

./configure -with-mysql=/usr --with-gd --with-jpeg-dir=/usr/lib --with-config-file-path=/www/conf --with-apache=../apache_1.3.33 --with-zlib-dir=/usr/include --enable-track-vars
make
make install

I then go back to apache source and do:
    ./config.status --activate-module=src/modules/php4/libphp4.a
make
make certificate
make install

that seems to build apache with SSL.  it creates the server key and everything.
i start apache and the module is NOT mod_ssl it's apacheSSL or something.
anyway, i SSH into my server and do netstat -putnap and see this:
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      386/httpd
so it looks like 443 is open but if i go to my url in a browser i just get a dns error and if i use:
lynx https://www.mydomain.com it says it cannot make a secure connection.  port 443 is open and i've tried with the shorewall firewall off.

of course, before doing any of that i built openssl and did this:
$ cd mod_ssl-2.8.22-1.3.33
$ ./configure \
    --with-apache=../apache_1.3.33 \
    --with-ssl=../openssl-0.9.7e \
    --prefix=/usr/local/apache

so i'm not sure what the problem is, can anyone help out here?  i really need to get SSL going quick!
thanks.
i looked at my error_log and here is the error:
[Mon May  2 09:15:57 2005] [error] [client x.x.x.x] Invalid method in request \\x80\\x82\\x01\\x03\\x01
[Mon May  2 09:15:57 2005] [error] [client x.x.x.x] Invalid method in request \\x80\\x82\\x01\\x03
[Mon May  2 09:15:58 2005] [error] [client x.x.x.x] Invalid method in request \\x80\\x82\\x01\\x03\\x01
[Mon May  2 09:15:58 2005] [error] [client x.x.x.x] Invalid method in request \\x80\\x82\\x01\\x03
0
Comment
Question by:linuxrox
  • 6
  • 5
11 Comments
 
LVL 1

Expert Comment

by:steveb3210
ID: 13910609
Hello,

Did you add the appropriate SSL directives to httpd.conf?

SSLEnable
SSLCertificateFile /software/sslCerts-1/config/certs/httpsd.pem
SSLCertificateKeyFile /software/sslCerts-1/config/certs/private/httpsd.pem

http://ist.uwaterloo.ca/security/lib-proxy/howto/ssleay/

Best Regards,
Stephen
0
 

Author Comment

by:linuxrox
ID: 13910645
i have this in the httpd.conf

SSLCertificateFile /www/conf/ssl.crt/server.crt
SSLCertificateKeyFile /www/conf/ssl.key/server.key
SSLEnable

i get the following error:
[Mon May  2 11:59:46 2005] [error] mod_ssl: Init: (zeus.k105.com:80) Ops, no RSA or DSA server certificate found?!
[Mon May  2 11:59:46 2005] [error] mod_ssl: Init: (zeus.k105.com:80) You have to perform a *full* server restart when you added or removed a certificate and/or key file
0
 
LVL 1

Expert Comment

by:steveb3210
ID: 13910648
Sorry...thank link sucks....let me try again..

Try
http://tiwrm.hpcc.nectec.or.th/MANUAL/APACHE_SSL/config.html

The main idea here, is I don't think you have directed the web server to enable the SSL engine, In particular
http://www.apacheref.com/ref/mod_ssl/SSLEngine.html

You still need to have the cert files defined as above however....

Best Regards,
Stephen
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Expert Comment

by:steveb3210
ID: 13911029
Ok..

Have you generated the certs, and placed them in thoose files?  When you do, make sure you completely stop apache and then restart it, don't just do a kill -HUP

This explains the process:
http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html

Best Regards,
Stephen

0
 

Author Comment

by:linuxrox
ID: 13911065
ok, i've redone everything and i'm down to this:
apache is wanting the passphrase when i restart.  is there a way i can automatically pass the passphrase to apache with a script or something?  here's the error:

Apache/1.3.33 mod_ssl/2.8.22 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server www.k105.com:80 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
/home/httpd/bin/apachectl startssl: httpd could not be started
0
 
LVL 1

Expert Comment

by:steveb3210
ID: 13911117
Hi,

Just regen the key...Go to the dir with the private key...

mv server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

Restart apache...

Stephen


0
 

Author Comment

by:linuxrox
ID: 13911156
ok, did that.  now it loads up without error, however i don't see port 443 as opened.  I use virtual hosts on my server.

here is the config for the virtual host section of this domain:

<VirtualHost 12.44.216.130>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
AddHandler cgi-script .cgi
AddType text/html .shtml
AddHandler server-parsed .shtml
AddType text/html .html
AddType text/html .htm
AddType text/html .php
AddHandler server-parsed .html
AddHandler server-parsed .htm
AddType application/x-httpd-php .php .php3
DocumentRoot /home/httpd/html/vhosts/k105
ServerAlias k105.com
<Directory /home/httpd/html/vhosts/k105>
Options ExecCGI FollowSymLinks Includes
AllowOverride All
order deny,allow
</Directory>
DirectoryIndex index.html index.cgi Default.htm wmtl.html
IndexOptions
DefaultType text/plain
HostNameLookups off
ServerName www.k105.com
SSLCertificateFile /www/conf/ssl.crt/server.crt
SSLCertificateKeyFile /www/conf/ssl.key/server.key
SSLEnable
</VirtualHost>
is there something i need to do to open 443 on this virtual host?  i still want port 80 opened on all of the other virtualhosts.
0
 
LVL 1

Accepted Solution

by:
steveb3210 earned 2000 total points
ID: 13911201
Hi,

Change the Virtualhost def to

<VirtualHost 12.44.216.130:443>

Stephen
0
 
LVL 1

Expert Comment

by:steveb3210
ID: 13911206
Also be sure you have

Listen 443

Somewhere in your def but i think from before that you already have it.

0
 

Author Comment

by:linuxrox
ID: 13911246
Ok, did that.  that did work.  BUT.....that same virtual server should also be port 80 as well, not just HTTPS.  can i do both on same virtual server?
0
 

Author Comment

by:linuxrox
ID: 13911425
Ok, think i have it figured out now.  i just added an IFDEFINE for SSL and redid the same virtual server for port 443.
works like a charm.  now i just need to get a valid cert from thawte.  thanks for the help; i'll award you the points now!
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month15 days, left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question