[Comm] SSL & APACHE
Igo
igo на aeroflot-don.ru
Пн Фев 23 15:29:55 MSK 2004
Здравствуйте
Установил mod_ssl для Apache прописал необходимое в
ssl.default-vhost.conf (файл прилагается).
Перегружаю Apache вроде бы все нормально в логах ничего страшного нет.
1 При попытке зати https://john.virtual.ru - после чего в логе (5 минут
крутился этот флаг XP ;-) )
10.98.54.17 - - [14/Nov/2004:05:40:26 +0300] "\x80L\x01\x03" 200 5
10.98.54.17 - - [14/Nov/2004:05:45:28 +0300] "-" 408 -
2 пробывал в mozilla - https://john.virtual.
10.98.54.17 - - [14/Nov/2004:05:28:30 +0300] "\x80g\x01\x03" 200 5
3 пробывал в mozilla - http://john.virtual.ru:433
10.98.54.17 - - [14/Nov/2004:05:29:34 +0300] "\x80g\x01\x03" 200 5
4 пробывал telnet 10.98.54.112 443 ввожу qwerty возврощается hello и
сеанс закрывается
10.98.54.17 - - [14/Nov/2004:05:39:59 +0300] "qwerty" 200 5
Что не так?
----------- следущая часть -----------
[Sun Nov 14 05:27:18 2004] [notice] caught SIGTERM, shutting down
[Sun Nov 14 05:27:27 2004] [warn] module mod_php4.c is already added, skipping
[Sun Nov 14 05:27:27 2004] [warn] module mod_ssl.c is already added, skipping
[Sun Nov 14 05:27:27 2004] [notice] Apache/1.3.27 (ALT Linux/alt13) mod_ssl/2.8.12 OpenSSL/0.9.6g PHP/4.3.1-dev/ALT rus/PL30.16 configured -- resuming normal operations
[Sun Nov 14 05:27:27 2004] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Nov 14 05:27:27 2004] [notice] Accept mutex: sysvsem (Default: sysvsem)
----------- следущая часть -----------
NameVirtualHost virtual.ru
<VirtualHost john.virtual.ru>
DocumentRoot /home/john/site
ServerName john.virtual.ru
ErrorLog logs/ssl-errorJOHN_log
TransferLog logs/ssl-accessJOHN_log
SSLEngine on
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
SSLCACertificatePath conf/ssl
SSLCACertificateFile conf/ssl/ca.crt
SSLVerifyClient require
SSLVerifyDepth 10
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
----------- следущая часть -----------
[14/Nov/2004 05:27:22 02120] [info] Server: Apache/1.3.27, Interface: mod_ssl/2.8.12, Library: OpenSSL/0.9.6g
[14/Nov/2004 05:27:22 02120] [info] Init: 1st startup round (still not detached)
[14/Nov/2004 05:27:22 02120] [info] Init: Initializing OpenSSL library
[14/Nov/2004 05:27:22 02120] [info] Init: Loading certificate & private key of SSL-aware server john.virtual.ru:443
[14/Nov/2004 05:27:22 02120] [info] Init: Requesting pass phrase via builtin terminal dialog
[14/Nov/2004 05:27:25 02120] [trace] Init: (john.virtual.ru:443) encrypted RSA private key - pass phrase requested
[14/Nov/2004 05:27:25 02120] [info] Init: Wiped out the queried pass phrases from memory
[14/Nov/2004 05:27:25 02120] [info] Init: Seeding PRNG with 136 bytes of entropy
[14/Nov/2004 05:27:25 02120] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[14/Nov/2004 05:27:26 02120] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[14/Nov/2004 05:27:27 02123] [info] Init: 2nd startup round (already detached)
[14/Nov/2004 05:27:27 02123] [info] Init: Reinitializing OpenSSL library
[14/Nov/2004 05:27:27 02123] [info] Init: Created hash-table (250 buckets) in shared memory (512000 bytes) for SSL session cache
[14/Nov/2004 05:27:27 02123] [info] Init: Seeding PRNG with 136 bytes of entropy
[14/Nov/2004 05:27:27 02123] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[14/Nov/2004 05:27:27 02123] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[14/Nov/2004 05:27:27 02123] [info] Init: Initializing (virtual) servers for SSL
[14/Nov/2004 05:27:27 02123] [info] Init: Configuring server john.virtual.ru:443 for SSL protocol
[14/Nov/2004 05:27:27 02123] [trace] Init: (john.virtual.ru:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[14/Nov/2004 05:27:27 02123] [trace] Init: (john.virtual.ru:443) Configuring client authentication
[14/Nov/2004 05:27:27 02123] [trace] CA certificate: /C=ru/ST=rosobl/L=rostov/O=cru/OU=cru/CN=john.virtual.ru/Email=igo на virtual.ru
[14/Nov/2004 05:27:27 02123] [trace] CA certificate: /C=ru/ST=rosobl/L=rostov/O=cru/OU=cru/CN=john.virtual.ru/Email=igo на virtual.ru
[14/Nov/2004 05:27:27 02123] [trace] CA certificate: /C=ru/L=rostov/O=cru/OU=cru/CN=john.virtual.ru/Email=igo на virtual.ru
[14/Nov/2004 05:27:27 02123] [trace] Init: (john.virtual.ru:443) Configuring RSA server certificate
[14/Nov/2004 05:27:27 02123] [info] Init: (john.virtual.ru:443) RSA server certificate enables Server Gated Cryptography (SGC)
[14/Nov/2004 05:27:27 02123] [trace] Init: (john.virtual.ru:443) Configuring RSA server private key
Подробная информация о списке рассылки Community