Re: ModSSL - Knoppix 3.3

From: Josh Schulenberg (jschulenberg_at_DeltaHealthGroup.com)
Date: 03/16/04

  • Next message: Martin Tsachev: "Re: ModSSL - Knoppix 3.3"
    To: "Bernard, Cyrille" <Cyrille.Bernard@BEIJAFLORE.com>
    Date: Tue, 16 Mar 2004 09:45:59 -0600
    
    

    What do your ssl_request and error_log say?

    On Tue, 2004-03-16 at 08:45, Bernard, Cyrille wrote:
    > X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on JUPITER.dmz.beijaflore.com
    >
    > X-Spam-Level: X-Spam-Status: No, hits=.9 required=5 tests┬║YES_00
    >
    > hi everyone.
    >
    > it's not really a matter of security here. But i've some trouble with apache 1.3.29, mod_ssl/2.8.14 and OpenSSL/0.9.7b
    >
    > I use the knoppix 3.3 hd installation. It comes with all stuff.
    > I create some server key & crt. And set up things in httpd.conf
    >
    > the main lines are :
    > Port 80
    >
    > User www-data
    > Group www-data
    >
    > ServerAdmin root@shuttlex
    > ServerName shuttlex
    > DocumentRoot /var/www
    >
    > [...]
    >
    > Listen 80
    > Listen 443
    >
    > NameVirtualHost 192.168.1.1:443
    > NameVirtualHost 192.168.1.1:80
    >
    > <VirtualHost 192.168.1.1>
    > SSLEngine Off
    > </VirtualHost>
    >
    > <VirtualHost 192.168.1.1:443>
    > CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    > TransferLog logs/ssl_access_log
    > SSLEngine On
    > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    > SSLCertificateFile /etc/apache/conf/ssl.crt/server.crt
    > SSLCertificateKeyFile /etc/apache/conf/ssl.key/server.key
    > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    > <Directory "/usr/local/apache/cgi-bin">
    > SSLOptions +StdEnvVars
    > </Directory>
    > <Files ~ "\.(cgi|shtml|phtml|php3?|php|inc)$">
    > SSLOptions +StdEnvVars
    > </Files>
    >
    > </VirtualHost>
    >
    > The problem is :
    > - i can do http and https request from the local server (browser konqueror)
    > - i can do http request but NOT https request with a remote client (browser IE)
    > - i can do ssh remote and telnet request on port 443 from remote
    > - i can do https request on some other ssl server (lan or internet)
    >
    > What i've done to test things :
    > netstat -na looks ok
    > tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
    > tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
    >
    > let says my local ip is 192.168.1.1(apache server) and my remote is 192.168.1.2(client)
    > when i telnet 443 the server from the client
    > tcp 0 0 192.168.1.1:443 192.168.1.2:2396 ESTABLISHED
    > when i use the browser with https, nothing happend
    >
    > there's no FW/ACL between client/server. I've try a direct connection too with a crossover cable.
    > i've try some change with httpd.conf (not to use virtual host, but it's the same).
    >
    > - I dont have any trouble with other linux/apachesslinstallation
    > - I dont see anything significative in the logs files
    >
    > So, is it me or is there a bug out there ?
    >
    > Sum up :
    > from REMOTE : ssh ok, http ok, https NOK.
    > from LOCAL http ok, https ok
    >
    > thx for help.
    > cdt,
    > Cyrille (FRANCE)

    __________________________________________________________________________

    "The information transmitted is intended only for the person or entity to
    which it is addressed and may contain confidential, proprietary, and/or
    privileged material. Any review, retransmission, dissemination or other
    use of, or taking of any action in reliance upon, this information by
    persons or entities other than the intended recipient is prohibited.
    If you received this in error, please contact the sender and delete
    the material from all computers."


  • Next message: Martin Tsachev: "Re: ModSSL - Knoppix 3.3"

    Relevant Pages

    • Re: RWW with no https
      ... Speaking about MS IIS as a web server, in HTTP, one can run multiple ... "host headers" and run all sites on the default port 80. ... to workstations, runs on port 4125, which is dynamically opened by the SBS ... HTTP why cant you do the same with HTTPS? ...
      (microsoft.public.windows.server.sbs)
    • Re: Outlook 2003 cant see Exch 2003 over RPC
      ... To help you troubleshoot RPC try RPC Ping, ... working on the LAN side is my priority rather than the external HTTPS ... server endpoints and let me see what it's trying to do and perhaps what's ... You stated you did get RPC over HTTP to work for a while when the SBS ...
      (microsoft.public.exchange.setup)
    • Re: RWW with no https
      ... I thought Kerio was on the same ... I understand it is just another web server on the network with SBS. ... it is just a web server, why not change its HTTPS port instead of changing ...
      (microsoft.public.windows.server.sbs)
    • Re: RWW with no https
      ... Sorry for the confusion but someone did a port scan on me and found I ... The SBS server we would like to have RWW ... work without using HTTPS but it seems this is not possible and or I ... "Yes I use Kerio for the 75GB limitation ...
      (microsoft.public.windows.server.sbs)
    • RE: ISA 2006 and SSL
      ... Because the ISA 2006 is a new ... | 3) From your port I am reading things about publishing to a web server. ...
      (microsoft.public.isa)