[thelist] mod_ssl help?
Bob Davis
bobd at members.evolt.org
Wed Sep 12 12:21:08 CDT 2001
Hi folks -
I'm trying to set up dev machine with Apache and mod_ssl.
Using openssl s_client -connect I can get to the machine, and
establish a secure connection. However, when I issue the get /
http/1.1 command, I get an error page - 501, method not implemented.
It's frustrating. I've fooled around with practically every directive
I can think of, I've RTFM, I've looked at every web site I can find.
Can anyone tell me what I might have done wrong?
Here's what I have for directives (it's a dev box, not open to the
world, so there are no security issues in sharing this)
I've commented out the "Port 80" directive, and am using this:
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
And here's the IfModule block (watch for wrap - if you see anything
that's wrapped, it's prolly just your client):
<IfModule mod_ssl.c>
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# inintial Directives for SSL
SSLProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel info
##
## SSL Virtual Host Context
##
<VirtualHost 127.0.0.1:80>
#Just to keep things sane...
DocumentRoot "/Library/WebServer/Documents"
ServerName 127.0.0.1
ServerAdmin bobdavis at mac.com
SSLEngine off
</VirtualHost>
<VirtualHost 127.0.0.1:443>
# General setup for the virtual host
DocumentRoot "/Library/WebServer/Documents"
ServerName 127.0.0.1
ServerAdmin bobdavis at mac.com
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.key/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
# SSLCACertificateFile /etc/httpd/ssl.key/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/Library/WebServer/CGI-Executables">
SSLOptions +StdEnvVars
</Directory>
# correction for brain dead browsers
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>
Any ideas?
Thanks. (trying to learn this *nix stuff!)
bob
--
bob davis
bobd at members.evolt.org
http://www.bobdavis.org/
More information about the thelist
mailing list