[svlug] Test for SSL on Apache?

Skip Evans skip at bigskypenguin.com
Fri Jul 14 10:10:33 PDT 2006 

I do have

Listen 443

...in the ssl.conf file, but also this in httpd.conf:

<IfModule mod_ssl.c>
     Include etc/apache2/ssl.conf
</IfModule>

However, as the out from httpd -l below shows, 
mod_ssl.c is not listed, so it looks like from the 
  IfModule directive above, ssl.conf would not be 
included, correct?

So do I need to get mod_ssl.c in the list of 
compiled modules?

Or, does this directive:

<IfDefine SSL>
LoadModule ssl_module libexec/apache2/mod_ssl.so
</IfDefine>

...suffice, provided I have SSL defined somewhere, 
and if so, where would SSL be defined?

Thanks gobs!!!

Skip

Michael Long wrote:
> 
> Do you have http set to listen on port 443 in the .conf file? It's been 
> awhile but i think you should also have these files
> 
> drwx------    2 root     root         1024 Dec 17  2003 ssl.crl
> drwx------    2 root     root         1024 Dec 17  2003 ssl.crt
> drwx------    2 root     root         1024 Nov 27  2003 ssl.csr
> drwx------    2 root     root         1024 Nov 27  2003 ssl.key
> drwx------    2 root     root         1024 Nov 27  2003 ssl.prm
> 
> The url someone else gave you should tell you how to create your ssl 
> certs if they weren't created when you installed the openssl package. If 
> you installed from source then you definitely have to create your certs.
> 
> Mike
> 
> Skip Evans wrote:
> 
>> Hey all,
>>
>> Thanks much for the fast responses! SVLUG is the best!
>>
>> Per Rick's recommendations, I went to the site he posted and did the 
>> following:
>>
>> venomouspenguin# openssl s_client -connect localhost:443 -state -debug
>> connect: Connection refused
>> connect:errno=61
>>
>> venomouspenguin# curl https://localhost/
>> curl: (7) Failed to connect to ::1: Connection refused
>>
>> Per Michael's instructions I did the following:
>>
>> venomouspenguin# httpd -l
>> Compiled in modules:
>>    core.c
>>    prefork.c
>>    http_core.c
>>    mod_so.c
>> venomouspenguin#
>>
>> Michael also says, "If you don't have it [mod_ssl] look for mod_so.c 
>> If you have that you can compile the ssl module and load it from 
>> httpd.conf."
>>
>> So, since I have mod_so.c, but not mod_ssl, do I understand Michael 
>> correctly that I can compile mod_ssl as a module and include it from 
>> httpd.conf?
>>
>> I see in httpd.conf:
>>
>> <IfDefine SSL>
>> LoadModule ssl_module libexec/apache2/mod_ssl.so
>> </IfDefine>
>>
>> ...and libexec/apache2/mod_ssl.so is present.
>>
>> So... I'm a bit confused. If mod_ssl.so is present   and included in 
>> httpd.conf, why does it not show up with httpd -l' command?
>>
>> What should I to get this install working properly?
>>
>> Thanks!
>> Skip
>>
>>
>> Rick Moen wrote:
>>
>>> Quoting Paul Reiber (reiber at gmail.com):
>>>
>>>
>>>> SSL's not installed by default, nor is it trivial to install... so I'm
>>>> guessing the guy who installed Apache didn't install it.
>>>>
>>>> I recommend you read through http://www.securityfocus.com/infocus/1356
>>>>
>>>> Although I haven't followed these steps myself, they seem to
>>>> be pretty accurate; I remember doing similar things years ago
>>>> when I was installing SSL for an e-commerce server.
>>>
>>>
>>> Skip's original question of how to test for SSL functionality is
>>> answered here:  http://www.modssl.org/docs/2.8/ssl_faq.html#ToC19
>>>
>>>
>>> _______________________________________________
>>> svlug mailing list
>>> svlug at lists.svlug.org
>>> http://lists.svlug.org/lists/listinfo/svlug
>>>
>>
> 
> 

-- 
Skip Evans
Big Sky Penguin, LLC
61 W Broadway
Butte, Montana 59701
406-782-2240

More information about the Svlug mailing list