[svlug] Test for SSL on Apache?

Michael Long 2e764 at mikesoffice.org
Fri Jul 14 09:43:45 PDT 2006 

Do you have http set to listen on port 443 in the .conf file? It's been 
awhile but i think you should also have these files

drwx------    2 root     root         1024 Dec 17  2003 ssl.crl
drwx------    2 root     root         1024 Dec 17  2003 ssl.crt
drwx------    2 root     root         1024 Nov 27  2003 ssl.csr
drwx------    2 root     root         1024 Nov 27  2003 ssl.key
drwx------    2 root     root         1024 Nov 27  2003 ssl.prm

The url someone else gave you should tell you how to create your ssl 
certs if they weren't created when you installed the openssl package. If 
you installed from source then you definitely have to create your certs.

Mike

Skip Evans wrote:
> Hey all,
> 
> Thanks much for the fast responses! SVLUG is the best!
> 
> Per Rick's recommendations, I went to the site he 
> posted and did the following:
> 
> venomouspenguin# openssl s_client -connect 
> localhost:443 -state -debug
> connect: Connection refused
> connect:errno=61
> 
> venomouspenguin# curl https://localhost/
> curl: (7) Failed to connect to ::1: Connection refused
> 
> Per Michael's instructions I did the following:
> 
> venomouspenguin# httpd -l
> Compiled in modules:
>    core.c
>    prefork.c
>    http_core.c
>    mod_so.c
> venomouspenguin#
> 
> Michael also says, "If you don't have it [mod_ssl] 
> look for mod_so.c If you have that you can compile 
> the ssl module and load it from httpd.conf."
> 
> So, since I have mod_so.c, but not mod_ssl, do I 
> understand Michael correctly that I can compile 
> mod_ssl as a module and include it from httpd.conf?
> 
> I see in httpd.conf:
> 
> <IfDefine SSL>
> LoadModule ssl_module libexec/apache2/mod_ssl.so
> </IfDefine>
> 
> ...and libexec/apache2/mod_ssl.so is present.
> 
> So... I'm a bit confused. If mod_ssl.so is present 
>   and included in httpd.conf, why does it not show 
> up with httpd -l' command?
> 
> What should I to get this install working properly?
> 
> Thanks!
> Skip
> 
> 
> Rick Moen wrote:
>> Quoting Paul Reiber (reiber at gmail.com):
>>
>>
>>> SSL's not installed by default, nor is it trivial to install... so I'm
>>> guessing the guy who installed Apache didn't install it.
>>>
>>> I recommend you read through http://www.securityfocus.com/infocus/1356
>>>
>>> Although I haven't followed these steps myself, they seem to
>>> be pretty accurate; I remember doing similar things years ago
>>> when I was installing SSL for an e-commerce server.
>>
>> Skip's original question of how to test for SSL functionality is
>> answered here:  http://www.modssl.org/docs/2.8/ssl_faq.html#ToC19
>>
>>
>> _______________________________________________
>> svlug mailing list
>> svlug at lists.svlug.org
>> http://lists.svlug.org/lists/listinfo/svlug
>>
>

More information about the Svlug mailing list