Re: running an ssl webserver
From: ujay (ujay50-NOSPAM-@shaw.ca)Date: 01/26/02
- Next message: RainbowHat: "[OT][joke?] Re: detecting physical eavesdropping"
- Previous message: Lamar Thomas: "How do I open a port through my firewall?"
- In reply to: ujay: "Re: running an ssl webserver"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: ujay <ujay50-NOSPAM-@shaw.ca> Date: Sat, 26 Jan 2002 18:48:24 GMT
ujay wrote:
> Andrew wrote:
>
>> Greetings,
>>
>> I have patched apache with the following.
>>
>> Apache/1.3.22 (Unix) PHP/4.1.0 mod_perl/1.26 mod_ssl/2.8.5 OpenSSL/0.9.6a
>>
>> My machine is only listening for port 80 connections This is through
>> another machine acting as a firewall .Simply fowards these port 80
>> connections onto my webserver.
>>
>> How do i open an ssl port on this internal webserver. I know how to
>> forward
>> on 443 port requests to this machine but i dont know how to open the port
>> needed.
>>
>>
>> Thanks
>>
>> Andrew
>>
>>
>>
>
> I believe you also have to run the httpd-perl daemon as well as the
> standard httpd for ssl server.
>
>
My mistake - you need to include the mod_ssl.conf in your http(-perl) conf file(s)
httpd.conf
LoadModule ssl_module extramodules/libssl.so
AddModule mod_ssl.c
Include conf/ssl/mod_ssl.conf
conf/ssl/ssl.default-vhost.conf
httpd-perl.conf
LoadModule ssl_module extramodules/libssl.so
AddModule mod_ssl.c
Include conf/ssl/mod_ssl.conf
Include conf/ssl/ssl.default-vhost.conf
mod_ssl.conf:
<IfModule mod_ssl.c>
##--------------------------------------------------------------------------
## Add additional SSL configuration directives which provide a
## robust default configuration: virtual server on port 443
## which speaks SSL.
##--------------------------------------------------------------------------
##
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First either `none'
# or `dbm:/path/to/file' for the mechanism to use and
# second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache dbm:logs/ssl_scache
SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLLogLevel info
</IfModule>
# Semaphore:
# Configure the path to the mutual explusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex sem
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog logs/ssl_engine_log
SSLLogLevel info
</IfModule>
- Next message: RainbowHat: "[OT][joke?] Re: detecting physical eavesdropping"
- Previous message: Lamar Thomas: "How do I open a port through my firewall?"
- In reply to: ujay: "Re: running an ssl webserver"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
