[csw-users] SSL on Apache2 problem - Solaris 10
Lauren
lauren.wright at guamcell.net
Thu Apr 19 08:04:25 CEST 2007
Hi again,
I got SSL working. Perhaps I am the only idiot out there who has not gotten
this to work right away, but in case this can help someone else I will send
what I did to the list.
Here is what I missed - in httpd.conf the Include directive for SSL was
inside the IfModule set like so:
<IfModule ssl_module>
Include etc/extra/httpd-ssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
I decided to try commenting it out and putting it outside of the set like
so:
Include etc/extra/httpd-ssl.conf
<IfModule ssl_module>
#Include etc/extra/httpd-ssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
and I was rewarded with apache not starting and throwing the error that:
[Thu Apr 19 14:43:20 2007] [notice] Graceful restart requested, doing
restart
Syntax error on line 57 of /opt/csw/apache2/etc/extra/httpd-ssl.conf:
Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a
module
not included in the server configuration
This was cool to me because that might mean it wasn't finding mod_ssl, so I
checked that out and the mod_ssl was also inside a set:
<IfDefine SSL>
LoadModule ssl_module libexec/mod_ssl.so
</IfDefine>
So I commented out the tags like so:
#<IfDefine SSL>
LoadModule ssl_module libexec/mod_ssl.so
#</IfDefine>
and hey presto apache started, listening on 80 and 443.
Thanks
Lauren.
-----Original Message-----
From: Lauren [mailto:lauren.wright at guamcell.net]
Sent: Thursday, April 19, 2007 1:07 PM
To: 'users at lists.blastwave.org'
Subject: RE: SSL on Apache2 problem - Solaris 10
Hi all,
I am having trouble getting Apache 2 to listen on port 443. I am running
Solaris 10 (new to me). I installed the SAMP packages from blastwave in this
order:
pkg-get install apache2
pkg-get install mysql5
pkg-get install php5
pkg-get install php5_mysql
pkg-get install ap2_modphp5
I configured SSL support per this document:
http://blogs.sun.com/jcecere/entry/building_64_bit_open_source3
Per instructions I read here, I also configured SSL support in SMF:
# svccfg -s svc:/network/http:cswapache2 setprop httpd/ssl=true
# svcadm refresh svc:/network/http:cswapache2
This appears to be set up correctly:
# svcprop -p httpd/ssl svc:network/http:cswapache2
true
#
I also modified the Listen directive in httpd-ssl.conf to use the IP:443
rather than just 443 (after trying https with the default and it did not
work). There is nothing I can see in the error logs that shows a problem:
[Thu Apr 19 11:22:11 2007] [notice] Graceful restart requested, doing
restart
[Thu Apr 19 11:22:12 2007] [notice] Digest: generating secret for digest
authent
ication ...
[Thu Apr 19 11:22:12 2007] [notice] Digest: done
[Thu Apr 19 11:22:12 2007] [notice] Apache/2.2.4 (Unix) PHP/5.2.1
configured --
resuming normal operations
I can see when I do a netstat it still is not listening on 443. Regular
http is working great, it is listening on 80 just fine.
It is like it is not reading the Listen directive in httpd-ssl.conf.
Just to test, I added a Listen directive for 443 in httpd.conf and then did
a netstat - it started listening on 443:
172.18.100.161.80 *.* 0 0 49152 0
LISTEN
172.18.100.161.443 *.* 0 0 49152 0
LISTEN
I am thinking that is is not reading httpd-ssl.conf at all. I have
double and triple checked that I have the Include for httpd-ssl.conf
uncommented in httpd.conf.
Obviously I am missing something but I sure can't figure it out. I am
hoping someone can please tell me what I am missing.
Thanks very much
Lauren.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20070419/95fef90a/attachment-0001.html>
More information about the users
mailing list