Results 1 to 4 of 4
  1. #1

    Exclamation SSL Server setup


    (forgive the monster post)

    I finished installing an Apache 2.x server with SSL on a windows box. I have a few virtual hosts set up (ssl and non-ssl) on the server. Regular port 80 requests work fine as well as cgi, shtml, etc. but not my secure port 443 connections.

    Geting a bit stuck with some of the configurations though...

    It appears my ssl keeps on shutting down when i start the server since i keep seeing the following when i start the server.

    [Mon May 03 15:44:27 2004] [notice] Parent: Created child process 12776
    [Mon May 03 15:44:27 2004] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
    [Mon May 03 15:44:27 2004] [notice] Child 11720: Released the start mutex
    [Mon May 03 15:44:28 2004] [notice] Child 12776: Child process is running
    [Mon May 03 15:44:28 2004] [notice] Child 12776: Acquired the start mutex.
    [Mon May 03 15:44:28 2004] [notice] Child 12776: Starting 250 worker threads.
    [Mon May 03 15:44:28 2004] [notice] Child 11720: Waiting for 250 worker threads to exit.
    [Mon May 03 15:44:28 2004] [notice] Child 11720: All worker threads have exited.
    [Mon May 03 15:44:28 2004] [notice] Child 11720: Child process is exiting

    so then i tested the Server manually using the following from the command line:
    openssl s_client -connect -state -debug
    and i get:
    Loading 'screen' into random state - done
    connect: Bad file descriptor
    Naturally i thought the directives were denying access but i checked and they seem ok.

    some sample config info (i use external files for the virual hosts):
    virtual host file:
    <VirtualHost *:80>
    	ServerAdmin  [email protected]
    	DocumentRoot C:/www/
    	TransferLog  C:/www/
    	ErrorLog     C:/www/
    	ScriptAlias  /cgi-bin/ C:/www/
    #	ErrorDocument 500 "/cgi-bin/errors/error500.cgi"
    #	ErrorDocument 404 "/cgi-bin/errors/error404.cgi"
    #	ErrorDocument 401 "/cgi-bin/errors/error401.cgi"
    #	ErrorDocument 403 "/cgi-bin/errors/error403.cgi"
    virtual host ssl file:
    <VirtualHost *:443>
    	SSLEngine    on
    	ServerAdmin  [email protected]
    	DocumentRoot C:/www/
    	TransferLog  C:/www/
    	ErrorLog     C:/www/
            CustomLog    C:/www/ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
            SSLCACertificateFile  C:/www/
    	SSLCertificateFile    C:/www/
    	SSLCertificateKeyFile C:/www/
    	SSLCipherSuite        ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    	<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    	    SSLOptions +StdEnvVars
    	<Directory "C:/www/">
    	    SSLOptions +StdEnvVars
    	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    # Note: Virtual host SSL config information is stored in the appropriate virtual host files.
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    #SSLRandomSeed startup file:/dev/random  512
    #SSLRandomSeed startup file:/dev/urandom 512
    #SSLRandomSeed connect file:/dev/random  512
    #SSLRandomSeed connect file:/dev/urandom 512
    <IfDefine SSL>
    	# When we also provide SSL we have to listen to the 
    	# standard HTTP port (see above) and to the HTTPS port
    	# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
    	#       Listen directives: "Listen [::]:443" and "Listen"
    	Listen *:443
    	#Listen [::]:443 
    	##  SSL Global Context
    	##  All SSL configuration in this context applies both to
    	##  the main server and all SSL-enabled virtual hosts.
    	#   Some MIME-types for downloading Certificates and CRLs
    	AddType application/x-x509-ca-cert .crt
    	AddType application/x-pkcs7-crl    .crl
    	#   Pass Phrase Dialog:
    	#   Configure the pass phrase gathering process.
    	#   The filtering dialog program (`builtin' is a internal
    	#   terminal dialog) has to provide the pass phrase on stdout.
    	SSLPassPhraseDialog builtin
    	#   Inter-Process Session Cache:
    	#   Configure the SSL Session Cache: First the mechanism 
    	#   to use and second the expiring timeout (in seconds).
    	#SSLSessionCache         none
    	#SSLSessionCache         shmht:logs/ssl_scache(512000)
    	#SSLSessionCache         shmcb:logs/ssl_scache(512000)
    	SSLSessionCache         dbm:logs/ssl_scache
    	SSLSessionCacheTimeout  300
    	#   Semaphore:
    	#   Configure the path to the mutual exclusion semaphore the
    	#   SSL engine uses internally for inter-process synchronization. 
    	SSLMutex  file:logs/ssl_mutex
    	SSLLog          logs/SSL.log
    	SSLLogLevel     info
    	SSLVerifyClient 1
    	SSLVerifyDepth  10
    	SSLCacheServerPath      logs/ssl_cache
    	SSLCacheServerPort      1234
    relevant httpd.conf parts:
    LoadModule ssl_module modules/
    <IfDefine SSL>
    	AddModule mod_ssl.c
    <IfDefine SSL>
        # General ssl config goes here; Specific config found in each virtual host
        Include conf/ssl.conf
    NameVirtualHost *:80
    Include conf/vhosts/*.conf
    <IfDefine SSL>
    	NameVirtualHost *:443
    	Include conf/vhosts/*.sslconf
    	<Directory "C:/www/*/ssl">
    	    Options Indexes MultiViews
    	    AllowOverride None
    	    Order allow,deny
    	    Allow from all
    I have no clue what this means or how to fix it.
    Any suggestions would be appreciated.

  2. #2
    Can anyone help?

  3. #3
    Join Date
    Apr 2004
    How are you starting apache?

    Try 'apachectl startssl'

  4. #4

    Exclamation lol

    I am not a software noob =)

    Of course i have been calling the software right.

    BTW: this is on a Windows 2000 AS PC not a linux/unix box.

    The installation did NOT need to be compiled as a result of this.

    Almost a week and no reply huh =( maybe i have to try a different forum =(

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts