[thelist] mod_ssl help?

Bob Davis bobd at members.evolt.org
Wed Sep 12 12:21:08 CDT 2001 

Hi folks -

I'm trying to set up dev machine with Apache and mod_ssl.
Using openssl s_client -connect I can get to the machine, and 
establish a secure connection. However, when I issue the get / 
http/1.1 command, I get an error page - 501, method not implemented.

It's frustrating. I've fooled around with practically every directive 
I can think of, I've RTFM, I've looked at every web site I can find.

Can anyone tell me what I might have done wrong?

Here's what I have for directives (it's a dev box, not open to the 
world, so there are no  security issues in sharing this)

I've commented out the "Port 80" directive, and am using this:

Listen 80
<IfModule mod_ssl.c>
	Listen 443
</IfModule>

And here's the IfModule block (watch for wrap - if you see anything 
that's wrapped, it's prolly just your client):

<IfModule mod_ssl.c>
# Some MIME-types for downloading Certificates and CRLs
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl .crl

# inintial Directives for SSL

	SSLProtocol all -SSLv3
	SSLPassPhraseDialog builtin
	SSLSessionCache dbm:/var/run/ssl_scache
	SSLSessionCacheTimeout 300
	SSLMutex file:/var/run/ssl_mutex
	SSLRandomSeed startup builtin
	SSLLog /var/log/httpd/ssl_engine_log
	SSLLogLevel info
##
## SSL Virtual Host Context
##
<VirtualHost 127.0.0.1:80>
	#Just to keep things sane...
		DocumentRoot "/Library/WebServer/Documents"
		ServerName 127.0.0.1
		ServerAdmin bobdavis at mac.com
		SSLEngine off
</VirtualHost>
<VirtualHost 127.0.0.1:443>
	# General setup for the virtual host
		DocumentRoot "/Library/WebServer/Documents"
		ServerName 127.0.0.1
		ServerAdmin bobdavis at mac.com
	ErrorLog /var/log/httpd/error_log
	TransferLog /var/log/httpd/access_log
		# SSL Engine Switch:
		# Enable/Disable SSL for this virtual host.
	SSLEngine on
	SSLProtocol all -SSLv3
	SSLCipherSuite 
	ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
	SSLCertificateFile /etc/httpd/ssl.key/server.crt
	SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
#	SSLCACertificateFile /etc/httpd/ssl.key/ca.crt
	<Files ~ "\.(cgi|shtml|phtml|php3?)$">
		SSLOptions +StdEnvVars
	</Files>
	<Directory "/Library/WebServer/CGI-Executables">
		SSLOptions +StdEnvVars
	</Directory>
# correction for brain dead browsers
	SetEnvIf User-Agent ".*MSIE.*" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
		# Per-Server Logging:
		# The home of a custom SSL log file. Use this when you want a
		# compact non-error SSL logfile on a virtual host basis.
	CustomLog /var/log/httpd/ssl_request_log \
	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>

Any ideas?

Thanks. (trying to learn this *nix stuff!)

bob


-- 
bob davis
bobd at members.evolt.org
http://www.bobdavis.org/

More information about the thelist mailing list