List Info

Thread: Apache 2.2.0 with SSL on AIX 5.3
Apache 2.2.0 with SSL on AIX 5.3
user name
 2006-03-29 17:12:35 
Amazing what additional information can do. 

If you have Listen specified without an IP address, by
default your
Apache will listen on all addresses for that port. By adding
the IP
address you have restricted it to one. That probably took it
out of
conflict with another Apache server (which would cause it to
"crash" or
rather not start). I noticed below that you stated

>>> ...the only modifications I made to the
configuration files is to 
>>> change the listening port to 8080, because I
have an older Apache 
>>> listening on 80,

Anyway, I read your error log below and noticed that your
Apache
negotiates SSLv2. This version of SSL should not be used as
it known to
be susceptible to man-in-the-middle attacks. Just thought
I'd let you
know that.

regards,
tt   

-----Original Message-----
From: Bernie Durfee [mailto:bernard.durfeesuny.edu]

Sent: Wednesday, March 29, 2006 11:28 AM
To: usershttpd.apache.org
Subject: Re: [usershttpd] Apache 2.2.0 with SSL on AIX 5.3

I found the problem. Apparently the directive "Listen
80" doesn't work,
so I made it more specific to "Listen
12.34.56.78:80", of course where
12.34.56.78 is my IP address and it worked like a charm.

Bernie

Bernie Durfee wrote:
>>> ...which looks okay, but Apache seems to crash
and never starts 
>>> listening. I only get the following in the logs
directory...
>>
>> "...seems to crash..." - that's a bit
vague...
> 
> Sorry, it does crash or at least doesn't completely
start.
> 
>> - is httpd running (ps -ef)?
>> - what happens if you try to access the site?
>> - what happens if you try "telnet
<server> 8080"?
> 
> No, httpd is not running after executing
"apachectl start"
> 
>> - what's in the tail of the error log?
> 
> Here's the entire error_log output, with debug turned
on...
> 
> [Wed Mar 29 09:23:34 2006] [info] Init: Seeding PRNG
with 136 bytes of

> entropy [Wed Mar 29 09:23:34 2006] [info] Loading
certificate & 
> private key of SSL-aware server [Wed Mar 29 09:23:34
2006] [info] 
> Init: Requesting pass phrase via builtin terminal
dialog [Wed Mar 29 
> 09:23:39 2006] [debug] ssl_engine_pphrase.c(475):
encrypted RSA 
> private key - pass phrase requested [Wed Mar 29
09:23:39 2006] [info] 
> Init: Wiped out the queried pass phrases from memory
[Wed Mar 29 
> 09:23:39 2006] [info] Init: Generating temporary RSA
private keys 
> (512/1024 bits) [Wed Mar 29 09:23:39 2006] [info] Init:
Generating 
> temporary DH parameters (512/1024 bits) [Wed Mar 29
09:23:39 2006] 
> [info] Init: Initializing (virtual) servers for SSL
[Wed Mar 29 
> 09:23:39 2006] [info] Configuring server for SSL
protocol [Wed Mar 29 
> 09:23:39 2006] [debug] ssl_engine_init.c(405): Creating
new SSL 
> context (protocols: SSLv2, SSLv3, TLSv1) [Wed Mar 29
09:23:39 2006] 
> [debug] ssl_engine_init.c(601): Configuring permitted
SSL ciphers 
>
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+
eNULL]
> [Wed Mar 29 09:23:39 2006] [debug]
ssl_engine_init.c(729): Configuring

> RSA server certificate [Wed Mar 29 09:23:39 2006]
[warn] RSA server 
> certificate is a CA certificate (BasicConstraints: CA
== TRUE !?) [Wed

> Mar 29 09:23:39 2006] [warn] RSA server certificate
CommonName (CN) 
> `myserver.com' does NOT match server name!?
> [Wed Mar 29 09:23:39 2006] [debug]
ssl_engine_init.c(768): Configuring

> RSA server private key [Wed Mar 29 09:23:39 2006]
[info] Server: 
> Apache/2.2.0, Interface:
> mod_ssl/2.2.0, Library: OpenSSL/0.9.8a
> 
>>
>>> access_log       error_log       
ssl_request_log
>>>
>>> ...the only modifications I made to the
configuration files is to 
>>> change the listening port to 8080, because I
have an older Apache 
>>> listening on 80,
>>
>> And is this older apache also listening on port
443?
> 
> No, it was only listening on port 80. I tried again
after shutting 
> down the older Apache, with the same result.
> 
> Bernie
> 
>
------------------------------------------------------------
---------
> The official User-To-User support forum of the Apache
HTTP Server
Project.
> See <URL:http://htt
pd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribehttpd.apache.org
>   "   from the digest:
users-digest-unsubscribehttpd.apache.org
> For additional commands, e-mail: users-helphttpd.apache.org
> 

------------------------------------------------------------
---------
The official User-To-User support forum of the Apache HTTP
Server
Project.
See <URL:http://htt
pd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribehttpd.apache.org
   "   from the digest: users-digest-unsubscribehttpd.apache.org
For additional commands, e-mail: users-helphttpd.apache.org



------------------------------------------------------------
---------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://htt
pd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribehttpd.apache.org
   "   from the digest: users-digest-unsubscribehttpd.apache.org
For additional commands, e-mail: users-helphttpd.apache.org
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )