apache2.0.40+mod_ssl2.0.40-21.9 install. HTTPS works only from HTTP server machine
This is a discussion on apache2.0.40+mod_ssl2.0.40-21.9 install. HTTPS works only from HTTP server machine within the Linux Security forums, part of the System Security and Security Related category; I have reached a point where I believe I need some help. My goal is to install apache + mod_ssl. I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-26-2004
|
|||
|
|||
apache2.0.40+mod_ssl2.0.40-21.9 install. HTTPS works only from HTTP server machine
I have reached a point where I believe I need some help. My goal is to install
apache + mod_ssl. I am using RedHat 9, openssl0.9.7a, apache2.0.40 and mod_ssl2.0.40-21.9. First off, I am pretty sure that apache2.0.40 with mod_ssl2.0.40-21.9 and openssl0.9.7a are setup up properly because openssl compiled (and tested) successfully, and so did apache. A listing of the apache static modules reads:[root@firewall bin]# ./httpd -l Compiled in modules: core.c mod_access.c mod_include.c mod_log_config.c mod_env.c mod_setenvif.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c The SSL directives are recognized when starting apache. As a matter of fact, the pass phrase is requested and ultimately the following files are created in my logs directory: [root@firewall root]# ls -lah /usr/local/apache2/logs total 84K drwxr-xr-x 2 root root 4.0K Jan 26 16:57 . drwxr-xr-x 16 root root 4.0K Jan 26 14:01 .. -rw-r--r-- 1 root root 0 Jan 26 15:51 access_log -rw-r--r-- 1 root root 4.8K Jan 26 16:57 error_log -rw-r--r-- 1 root root 936 Jan 26 16:51 http-access_log -rw-r--r-- 1 root root 6 Jan 26 16:57 httpd.pid -rw-r--r-- 1 root root 637 Jan 26 16:43 http-error_log -rw-r--r-- 1 root root 171 Jan 26 16:46 https-access_log -rw-r--r-- 1 root root 46K Jan 26 16:57 https-error_log -rw-r--r-- 1 root root 205 Jan 26 16:46 ssl_request_log -rw-r--r-- 1 apache root 0 Jan 26 16:57 ssl_scache.dir -rw-r--r-- 1 apache root 0 Jan 26 16:57 ssl_scache.pag In the end, the most likely cause of the problem is the SSL session information since I can connect to the https server through the server itself but not through any other machine in the network. This is mentioned in the modssl.org site: "For requests to the same server process (via HTTP keep-alive), OpenSSL already caches the SSL session information locally. But because modern clients request inlined images and other data via parallel requests (usually up to four parallel requests are common) those requests are served by different pre-forked server processes." I've used the curl https://x.x.x.x and 'openssl s_client -connect 192.168.123.108:443 -state -debug' methods for testing the setup. Below the listing of my httpd.conf, ssl.conf and https-error_log file I will paste the session during the openssl connect to my machine from my machine. The curl and openssl commands from another machine within the LAN just hang. I also know that it is not a browser problem because I attempted this on Netscape 7.1. My private key length is 1024 bits. Do you have any suggestions? Lastly, I made sure that my servername matches my certificate (I made it the IP address of the machine). A way to solve this problem or even a way of manually test the https server are welcome. thanx ---------------PART OF httpd.conf <IfModule mod_ssl.c> Include conf/ssl.conf </IfModule> <VirtualHost 192.168.123.108:80> SSLEngine off ServerAdmin gonzalo@thecompany.com DocumentRoot /var/www/html ServerName 192.168.123.108 ErrorLog logs/http-error_log CustomLog logs/http-access_log common </VirtualHost> ----------------ssl.conf <IfDefine SSL> Listen 192.168.123.108:443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin <VirtualHost 192.168.123.108:443> ServerAdmin gonzalo@smilingscreens.com DocumentRoot /var/www/https ServerName 192.168.123.108 ErrorLog logs/https-error_log CustomLog logs/https-access_log common SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL SSLCertificateFile /usr/local/apache2/SSLcertificates/gonzalo.com.crt SSLCertificateKeyFile /usr/local/apache2/SSLcertificates/gonzalo.com.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/usr/local/apache2/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> --https-error_log (upon startup of /usr/local/apache2/bin/httpd -DSSL (when the SSLSESSIONCASE is set to none. Acutally almost no difference if SSLSESSIONCACHE is set to dbm:/..., shmht:/..., or shmbc:/...) [Mon Jan 26 15:27:06 2004] [info] Init: Initializing OpenSSL library [Mon Jan 26 15:27:06 2004] [info] Init: Seeding PRNG with 0 bytes of entropy [Mon Jan 26 15:27:08 2004] [info] Init: Wiped out the queried pass phrases from memory [Mon Jan 26 15:27:08 2004] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Mon Jan 26 15:27:08 2004] [info] Init: Generating temporary DH parameters (512/1024 bits) [Mon Jan 26 15:27:08 2004] [info] Init: Initializing (virtual) servers for SSL [Mon Jan 26 15:27:08 2004] [info] Server: Apache/2.0.40, Interface: mod_ssl/2.0.40, Library: OpenSSL/0.9.7a [Mon Jan 26 15:27:08 2004] [info] Init: Initializing OpenSSL library [Mon Jan 26 15:27:08 2004] [info] Init: Seeding PRNG with 0 bytes of entropy [Mon Jan 26 15:27:08 2004] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Mon Jan 26 15:27:09 2004] [info] Init: Generating temporary DH parameters (512/1024 bits) [Mon Jan 26 15:27:09 2004] [info] Init: Initializing (virtual) servers for SSL [Mon Jan 26 15:27:09 2004] [info] Server: Apache/2.0.40, Interface: mod_ssl/2.0.40, Library: OpenSSL/0.9.7a [Mon Jan 26 15:27:09 2004] [notice] Apache/2.0.40 (Unix) mod_ssl/2.0.40 OpenSSL/0.9.7a configured -- resuming normal operations [Mon Jan 26 15:27:09 2004] [info] Server built: Jan 26 2004 13:29:57 [Mon Jan 26 15:27:09 2004] [debug] prefork.c(1039): AcceptMutex: pthread (default: pthread) --------------------end of config and error files [root@firewall SSLcertificates]# openssl s_client -connect192.168.123.108:443 -state -debug CONNECTED(00000003)SSL_connect:before/connect initializationwrite to 080AECC8 [080AF208] (142 bytes => 142 (0x8E))0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9..0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f.0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c..0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...........@0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ...e..d..`.......0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 f2 6d ................m0070 - a1 55 2f 6c 62 2b ea 0c-ef 01 06 2c e8 6a d5 e6 ..U/lb+.....,.j..0080 - 4e be 98 cc d8 98 03 f5-25 65 a4 c0 72 4f N.......%e..rOSSL_connect:SSLv2/v3 write client hello A read from 080AECC8 [080B4768] (7 bytes => 7 (0x7)) 0000 - 16 03 01 00 4a 02 ....J. 0007 - <SPACES/NULS> read from 080AECC8 [080B476F] (72 bytes => 72 (0x48)) 0000 - 00 46 03 01 40 15 94 49-1c fb b8 ed 46 74 5c 2b .F..@..I....Ft\+ 0010 - e8 28 90 a5 14 69 18 b6-38 ae 9e 0b 3f c3 b9 a5 .(...i..8...?... 0020 - 7a 35 5f 16 20 d7 05 98-85 b9 05 92 9b 6f 70 a6 z5_. ........op. 0030 - be dd 34 0a 45 ba 39 40-34 1c 09 fa 9e c1 95 2e ..4.E.9@4....... 0040 - b1 62 f4 c0 f5 00 39 .b....9 0048 - <SPACES/NULS> SSL_connect:SSLv3 read server hello A read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) 0000 - 16 03 01 03 a6 ..... read from 080AECC8 [080B476D] (934 bytes => 934 (0x3A6)) 0000 - 0b 00 03 a2 00 03 9f 00-03 9c 30 82 03 98 30 82 ..........0...0. 0010 - 03 01 a0 03 02 01 02 02-01 00 30 0d 06 09 2a 86 ..........0...*. 0020 - 48 86 f7 0d 01 01 04 05-00 30 81 95 31 0b 30 09 H........0..1.0. 0030 - 06 03 55 04 06 13 02 55-53 31 0b 30 09 06 03 55 ..U....US1.0...U 0040 - 04 08 13 02 50 41 31 15-30 13 06 03 55 04 07 13 ....PA1.0...U... 0050 - 0c 50 68 69 6c 61 64 65-6c 70 68 69 61 31 10 30 .Philadelphia1.0 0060 - 0e 06 03 55 04 0a 13 07-47 6f 6e 7a 61 6c 6f 31 ...U....Gonzalo1 0070 - 0b 30 09 06 03 55 04 0b-13 02 49 74 31 18 30 16 .0...U....It1.0. 0080 - 06 03 55 04 03 13 0f 31-39 32 2e 31 36 38 2e 31 ..U....192.168.1 0090 - 32 33 2e 31 30 38 31 29-30 27 06 09 2a 86 48 86 23.1081)0'..*.H. 00a0 - f7 0d 01 09 01 16 1a 67-6f 6e 7a 61 6c 6f 40 73 .......gonzalo@s 00b0 - 6d 69 6c 69 6e 67 73 63-72 65 65 6e 73 2e 63 6f milingscreens.co 00c0 - 6d 30 1e 17 0d 30 34 30-31 32 36 32 30 31 39 35 m0...04012620195 00d0 - 34 5a 17 0d 30 35 30 31-32 35 32 30 31 39 35 34 4Z..050125201954 00e0 - 5a 30 81 95 31 0b 30 09-06 03 55 04 06 13 02 55 Z0..1.0...U....U 00f0 - 53 31 0b 30 09 06 03 55-04 08 13 02 50 41 31 15 S1.0...U....PA1. 0100 - 30 13 06 03 55 04 07 13-0c 50 68 69 6c 61 64 65 0...U....Philade 0110 - 6c 70 68 69 61 31 10 30-0e 06 03 55 04 0a 13 07 lphia1.0...U.... 0120 - 47 6f 6e 7a 61 6c 6f 31-0b 30 09 06 03 55 04 0b Gonzalo1.0...U.. 0130 - 13 02 49 74 31 18 30 16-06 03 55 04 03 13 0f 31 ..It1.0...U....1 0140 - 39 32 2e 31 36 38 2e 31-32 33 2e 31 30 38 31 29 92.168.123.1081) 0150 - 30 27 06 09 2a 86 48 86-f7 0d 01 09 01 16 1a 67 0'..*.H........g 0160 - 6f 6e 7a 61 6c 6f 40 73-6d 69 6c 69 6e 67 73 63 onzalo@smilingsc 0170 - 72 65 65 6e 73 2e 63 6f-6d 30 81 9f 30 0d 06 09 reens.com0..0... 0180 - 2a 86 48 86 f7 0d 01 01-01 05 00 03 81 8d 00 30 *.H............0 0190 - 81 89 02 81 81 00 b7 95-bf de 56 2e fa a5 f9 fa ..........V..... 01a0 - fa 0a 30 2b ac da 9f 0c-31 65 1c 43 c4 7e 4e f8 ..0+....1e.C.~N. 01b0 - ca dc e1 02 52 7c 03 29-39 b7 b8 ad cb f7 1d 67 ....R|.)9......g 01c0 - 64 65 77 74 8f 4f 18 12-51 e6 74 b0 d8 83 96 1a dewt.O..Q.t..... 01d0 - 06 2f a5 d1 cd 4c ec df-da b1 bf ad 46 5f 6b 78 ./...L......F_kx 01e0 - cc 69 94 0b 51 1a 53 85-59 b2 46 cf c3 65 a0 3a .i..Q.S.Y.F..e.: 01f0 - 92 5e 02 45 29 31 58 8e-c4 a6 b5 47 1c 87 bd 6d .^.E)1X....G...m 0200 - 47 8d 0b 08 5f 68 58 c8-cc b2 36 74 1d b9 aa dd G..._hX...6t.... 0210 - 5b e7 3d 44 19 87 02 03-01 00 01 a3 81 f5 30 81 [.=D..........0. 0220 - f2 30 1d 06 03 55 1d 0e-04 16 04 14 9a 29 1e d5 .0...U.......).. 0230 - a5 78 4e 9a 57 25 98 1c-c5 32 6e 00 b3 ff b4 5f .xN.W%...2n...._ 0240 - 30 81 c2 06 03 55 1d 23-04 81 ba 30 81 b7 80 14 0....U.#...0.... 0250 - 9a 29 1e d5 a5 78 4e 9a-57 25 98 1c c5 32 6e 00 .)...xN.W%...2n. 0260 - b3 ff b4 5f a1 81 9b a4-81 98 30 81 95 31 0b 30 ..._......0..1.0 0270 - 09 06 03 55 04 06 13 02-55 53 31 0b 30 09 06 03 ...U....US1.0... 0280 - 55 04 08 13 02 50 41 31-15 30 13 06 03 55 04 07 U....PA1.0...U.. 0290 - 13 0c 50 68 69 6c 61 64-65 6c 70 68 69 61 31 10 ..Philadelphia1. 02a0 - 30 0e 06 03 55 04 0a 13-07 47 6f 6e 7a 61 6c 6f 0...U....Gonzalo 02b0 - 31 0b 30 09 06 03 55 04-0b 13 02 49 74 31 18 30 1.0...U....It1.0 02c0 - 16 06 03 55 04 03 13 0f-31 39 32 2e 31 36 38 2e ...U....192.168. 02d0 - 31 32 33 2e 31 30 38 31-29 30 27 06 09 2a 86 48 123.1081)0'..*.H 02e0 - 86 f7 0d 01 09 01 16 1a-67 6f 6e 7a 61 6c 6f 40 ........gonzalo@ 02f0 - 73 6d 69 6c 69 6e 67 73-63 72 65 65 6e 73 2e 63 smilingscreens.c 0300 - 6f 6d 82 01 00 30 0c 06-03 55 1d 13 04 05 30 03 om...0...U....0. 0310 - 01 01 ff 30 0d 06 09 2a-86 48 86 f7 0d 01 01 04 ...0...*.H...... 0320 - 05 00 03 81 81 00 46 d0-3b 70 bc d5 08 88 77 a4 ......F.;p....w. 0330 - 53 02 9c 6a e6 c7 11 d9-fe 1e 6e 8a 87 37 e0 43 S..j......n..7.C 0340 - c1 99 49 4b bd b9 f4 9a-22 01 bd c0 e5 93 ae 51 ..IK...."......Q 0350 - 32 8e d1 a1 e6 10 f3 7a-b3 13 15 2f 0b 6d 98 ce 2......z.../.m.. 0360 - 71 7d 95 66 e9 0e d9 e9-79 23 57 36 65 91 53 e5 q}.f....y#W6e.S. 0370 - 3e 0e 3b 93 be 9f 76 38-af 6a 2c fb dd 36 4e a8 >.;...v8.j,..6N. 0380 - 09 09 db b3 43 bc dd dd-e8 e7 8a c6 30 24 12 41 ....C.......0$.A 0390 - 8e cf d4 c5 fc cf a4 4c-9d a3 58 e3 24 3c 9a 38 .......L..X.$<.8 03a0 - 47 3b b7 be 29 12 G;..). depth=0 /C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gonza lo@company.comverify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gonza lo@company.comverify return:1 SSL_connect:SSLv3 read server certificate A read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) 0000 - 16 03 01 01 8d ..... read from 080AECC8 [080B476D] (397 bytes => 397 (0x18D)) 0000 - 0c 00 01 89 00 80 e6 96-9d 3d 49 5b e3 2c 7c f1 .........=I[.,|. 0010 - 80 c3 bd d4 79 8e 91 b7-81 82 51 bb 05 5e 2a 20 ....y.....Q..^* 0020 - 64 90 4a 79 a7 70 fa 15-a2 59 cb d5 23 a6 a6 ef d.Jy.p...Y..#... 0030 - 09 c4 30 48 d5 a2 2f 97-1f 3c 20 12 9b 48 00 0e ..0H../..< ..H.. 0040 - 6e dd 06 1c bc 05 3e 37-1d 79 4e 53 27 df 61 1e n.....>7.yNS'.a. 0050 - bb be 1b ac 9b 5c 60 44-cf 02 3d 76 e0 5e ea 9b .....\`D..=v.^.. 0060 - ad 99 1b 13 a6 3c 97 4e-9e f1 83 9e b5 db 12 51 .....<.N.......Q 0070 - 36 f7 26 2e 56 a8 87 15-38 df d8 23 c6 50 50 85 6.&.V...8..#.PP. 0080 - e2 1f 0d d5 c8 6b 00 01-02 00 80 c1 8b 67 96 9d .....k.......g.. 0090 - c5 fa 54 e2 3c e7 2e f4-0f 72 c2 9c c2 f3 03 28 ..T.<....r.....( 00a0 - e8 29 70 fe fa 78 da e6-5c 0d ce bd d6 1d 3f d6 .)p..x..\.....?. 00b0 - 9c cc fc 06 34 9a 68 d5-5c e0 df 7e 49 12 a6 fa ....4.h.\..~I... 00c0 - 8f 91 88 8c 5a 65 52 89-4d 56 e5 8f 6e ed fb f5 ....ZeR.MV..n... 00d0 - 92 9d 02 92 84 c2 36 0a-de 0c 12 3f 5c c9 97 a2 ......6....?\... 00e0 - 2e d3 39 30 cb b1 52 8c-48 3c 88 ee 01 c2 1e af ..90..R.H<...... 00f0 - ee 11 5c 10 06 3a b6 79-aa 08 2f 34 55 ff e9 de ..\..:.y../4U... 0100 - 07 f0 11 5a d7 93 22 43-d9 fa 02 00 80 a6 31 df ...Z.."C......1. 0110 - 1d ee 19 26 1f ca ad 13-ac b2 dd 59 d1 0d e4 49 ...&.......Y...I 0120 - 1d c0 df e5 62 69 92 89-bf 26 9b 1e 5e c4 2a 63 ....bi...&..^.*c 0130 - 47 bd da ba 1c 03 12 ae-b2 c4 35 44 da c6 70 89 G.........5D..p. 0140 - 03 a2 4a 9d c1 57 02 6e-04 e8 df a9 88 fe 90 fd ..J..W.n........ 0150 - 39 ff 60 44 37 63 ab ce-a0 af a1 1a f8 c2 96 1b 9.`D7c.......... 0160 - 0e 98 f0 be 4a 2b fc 6a-94 89 82 35 71 10 e5 88 ....J+.j...5q... 0170 - 4f 34 ab 93 84 e7 dc ab-7b 02 37 d6 a4 36 74 68 O4......{.7..6th 0180 - 56 f0 9b 16 85 cf 85 43-9b 62 dc 9d 60 V......C.b..` SSL_connect:SSLv3 read server key exchange A read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 04 ..... read from 080AECC8 [080B476D] (4 bytes => 4 (0x4)) 0000 - 0e . 0004 - <SPACES/NULS> SSL_connect:SSLv3 read server done A write to 080AECC8 [080C0600] (139 bytes => 139 (0x8B)) 0000 - 16 03 01 00 86 10 00 00-82 00 80 6e a7 36 b5 e9 ...........n.6.. 0010 - a9 9e 8c c8 ee 76 21 75-c3 00 53 c3 81 64 2b df .....v!u..S..d+. 0020 - 14 3d b0 10 c5 f6 e9 bf-66 48 61 7e 6b 2c f2 28 .=......fHa~k,.( 0030 - 67 0c b2 5f 7c 68 41 ec-42 04 d2 32 d4 a0 b5 70 g.._|hA.B..2...p 0040 - fc bf 2c b7 ba 0a b6 19-c0 6e 49 79 da 0e f0 b6 ..,......nIy.... 0050 - 66 8e 2c 4a ba 57 2a 03-dc 1a 6e b8 60 1a 8b 1c f.,J.W*...n.`... 0060 - 3c 86 fb 58 a9 bb bd 7b-82 bb 9e c6 c5 ae 96 08 <..X...{........ 0070 - 4d c2 34 6d 7a bd 3b 04-17 fa 1e 5d 98 a7 40 a1 M.4mz.;....]..@. 0080 - 11 01 34 eb e9 83 36 d5-e3 4b 53 ..4...6..KS SSL_connect:SSLv3 write client key exchange A write to 080AECC8 [080C0600] (6 bytes => 6 (0x6)) 0000 - 14 03 01 00 01 01 ...... SSL_connect:SSLv3 write change cipher spec A write to 080AECC8 [080C0600] (53 bytes => 53 (0x35)) 0000 - 16 03 01 00 30 aa 4d c1-60 6e 23 0f 0e f9 9e 2a ....0.M.`n#....* 0010 - aa cb 7f c4 f1 51 dc f7-40 de 9e c8 06 5d de 42 .....Q..@....].B 0020 - e5 4b 21 0d eb 45 de 9c-f7 1f a3 cd b3 32 4c 6e .K!..E.......2Ln 0030 - f7 93 5e 03 ab ..^.. SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) 0000 - 14 03 01 00 01 ..... read from 080AECC8 [080B476D] (1 bytes => 1 (0x1)) 0000 - 01 . read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 30 ....0 read from 080AECC8 [080B476D] (48 bytes => 48 (0x30)) 0000 - 73 96 1a b8 a2 2d b7 46-42 35 92 85 ee 80 10 26 s....-.FB5.....& 0010 - d2 22 9b 0e c8 2a 7b de-a6 39 1d a9 8e bc 22 60 ."...*{..9...."` 0020 - a2 d4 ef 9f 94 2b db 0b-0f 6a b6 e9 e5 53 1e e0 .....+...j...S.. SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gon zalo@company.com i:/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gon zalo@company.com---Server certificate -----BEGIN CERTIFICATE----- MIIDmDCCAwGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlTELMA kGA1UEBhMCVVMx CzAJBgNVBAgTAlBBMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExED AOBgNVBAoTB0dv bnphbG8xCzAJBgNVBAsTAkl0MRgwFgYDVQQDEw8xOTIuMTY4Lj EyMy4xMDgxKTAn BgkqhkiG9w0BCQEWGmdvbnphbG9Ac21pbGluZ3NjcmVlbnMuY2 9tMB4XDTA0MDEy NjIwMTk1NFoXDTA1MDEyNTIwMTk1NFowgZUxCzAJBgNVBAYTAl VTMQswCQYDVQQI EwJQQTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMRAwDgYDVQQKEw dHb256YWxvMQsw CQYDVQQLEwJJdDEYMBYGA1UEAxMPMTkyLjE2OC4xMjMuMTA4MS kwJwYJKoZIhvcN AQkBFhpnb256YWxvQHNtaWxpbmdzY3JlZW5zLmNvbTCBnzANBg kqhkiG9w0BAQEF AAOBjQAwgYkCgYEAt5W/3lYu+qX5+voKMCus2p8MMWUcQ8R+TvjK3OECUnwDKTm3 uK3L9x1nZGV3dI9PGBJR5nSw2IOWGgYvpdHNTOzf2rG/rUZfa3jMaZQLURpThVmy Rs/DZaA6kl4CRSkxWI7EprVHHIe9bUeNCwhfaFjIzLI2dB25qt1b5 z1EGYcCAwEA AaOB9TCB8jAdBgNVHQ4EFgQUmike1aV4TppXJZgcxTJuALP/tF8wgcIGA1UdIwSB ujCBt4AUmike1aV4TppXJZgcxTJuALP/tF+hgZukgZgwgZUxCzAJBgNVBAYTAlVT MQswCQYDVQQIEwJQQTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMR AwDgYDVQQKEwdH b256YWxvMQswCQYDVQQLEwJJdDEYMBYGA1UEAxMPMTkyLjE2OC 4xMjMuMTA4MSkw JwYJKoZIhvcNAQkBFhpnb256YWxvQHNtaWxpbmdzY3JlZW5zLm NvbYIBADAMBgNV HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAEbQO3C81QiId6RTApxq5scR2f 4e boqHN+BDwZlJS7259JoiAb3A5ZOuUTKO0aHmEPN6sxMVLwttmM 5xfZVm6Q7Z6Xkj VzZlkVPlPg47k76fdjivaiz73TZOqAkJ27NDvN3d6OeKxjAkEk GOz9TF/M+kTJ2j WOMkPJo4Rzu3vikS -----END CERTIFICATE----- subject=/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddre ss=gonzalo@company.comissuer=/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.1 68.123.108/emailAddress=gonzalo@company.com--- No client certificate CA names sent --- SSL handshake has read 1488 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: D7059885B905929B6F70A6BEDD340A45BA3940341C09FA9EC1 952EB162F4C0F5 Session-ID-ctx: Master-Key: 8417486EB238E2FC13AAD94321B042B68D1284EC65AD5A9143 186271E33C970AAF8B6D199FC76208 7BDCE833052800F6 Key-Arg : None Krb5 Principal: None Start Time: 1075156041 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- GET /index.html HTTP/1.0 write to 080AECC8 [080B8F78] (90 bytes => 90 (0x5A)) 0000 - 17 03 01 00 20 56 f6 30-fc e6 70 ca 77 e0 65 88 .... V.0..p.w.e. 0010 - 86 9b c6 72 d3 13 2d 14-5a 1c 9e 45 11 4d 41 85 ...r..-.Z..E.MA. 0020 - b4 31 a7 a0 58 17 03 01-00 30 7b e1 a6 b2 f0 2d .1..X....0{....- 0030 - f0 48 44 c9 38 cc 68 99-5e 5c c7 de 95 01 20 99 .HD.8.h.^\.... . 0040 - 61 55 d8 ad 27 67 6b e0-96 88 9e 51 d6 36 aa 43 aU..'gk....Q.6.C 0050 - e6 64 e0 05 28 fb ad 6a-61 1d .d..(..ja. 
|
|
01-27-2004
|
|||
|
|||
|
Re: apache2.0.40+mod_ssl2.0.40-21.9 install. HTTPS works only from HTTP server machine
gonzalohbriceno@yahoo.com (gonzo) wrote in message news:<3aa13fd7.0401261519.7f180e5a@posting.google. com>...
> I have reached a point where I believe I need some help. My goal is to install > apache + mod_ssl. I am using RedHat 9, openssl0.9.7a, apache2.0.40 and > mod_ssl2.0.40-21.9. First off, I am pretty sure that apache2.0.40 with > mod_ssl2.0.40-21.9 and openssl0.9.7a are setup up properly because > openssl compiled (and tested) successfully, and so did apache. A listing of the > apache static modules reads:[root@firewall bin]# ./httpd -l > Compiled in modules: > core.c > mod_access.c > mod_include.c > mod_log_config.c > mod_env.c > mod_setenvif.c > mod_ssl.c > prefork.c > http_core.c > mod_mime.c > mod_status.c > mod_autoindex.c > mod_asis.c > mod_cgi.c > mod_negotiation.c > mod_dir.c > mod_imap.c > mod_actions.c > mod_userdir.c > mod_alias.c > mod_so.c > > The SSL directives are recognized when starting apache. As a matter of > fact, the pass phrase is requested and ultimately the following files are > created in my logs directory: > [root@firewall root]# ls -lah /usr/local/apache2/logs > total 84K > drwxr-xr-x 2 root root 4.0K Jan 26 16:57 . > drwxr-xr-x 16 root root 4.0K Jan 26 14:01 .. > -rw-r--r-- 1 root root 0 Jan 26 15:51 access_log > -rw-r--r-- 1 root root 4.8K Jan 26 16:57 error_log > -rw-r--r-- 1 root root 936 Jan 26 16:51 http-access_log > -rw-r--r-- 1 root root 6 Jan 26 16:57 httpd.pid > -rw-r--r-- 1 root root 637 Jan 26 16:43 http-error_log > -rw-r--r-- 1 root root 171 Jan 26 16:46 https-access_log > -rw-r--r-- 1 root root 46K Jan 26 16:57 https-error_log > -rw-r--r-- 1 root root 205 Jan 26 16:46 ssl_request_log > -rw-r--r-- 1 apache root 0 Jan 26 16:57 ssl_scache.dir > -rw-r--r-- 1 apache root 0 Jan 26 16:57 ssl_scache.pag > > In the end, the most likely cause of the problem is the SSL session > information since I can connect to the https server through the server > itself but not through any other machine in the network. This is > mentioned in the modssl.org site: > "For requests to the same server process (via HTTP keep-alive), OpenSSL > already caches the SSL session information locally. But because modern > clients request inlined images and other data via parallel requests > (usually up to four parallel requests are common) those requests are > served by different pre-forked server processes." > > I've used the curl https://x.x.x.x and 'openssl s_client -connect > 192.168.123.108:443 -state -debug' methods for testing the setup. Below the > listing of my httpd.conf, ssl.conf and https-error_log file I will paste the > session during the openssl connect to my machine from my machine. The curl and > openssl commands from another machine within the LAN just hang. I also know > that it is not a browser problem because I attempted this on Netscape 7.1. My > private key length is 1024 bits. Do you have any suggestions? Lastly, I made > sure that my servername matches my certificate (I made it the IP address of > the machine). A way to solve this problem or even a way of manually test the > https server are welcome. > thanx > > ---------------PART OF httpd.conf > <IfModule mod_ssl.c> > Include conf/ssl.conf > </IfModule> > > <VirtualHost 192.168.123.108:80> > SSLEngine off > ServerAdmin gonzalo@thecompany.com > DocumentRoot /var/www/html > ServerName 192.168.123.108 > ErrorLog logs/http-error_log > CustomLog logs/http-access_log common > </VirtualHost> > > ----------------ssl.conf > <IfDefine SSL> > > Listen 192.168.123.108:443 > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > SSLPassPhraseDialog builtin > SSLMutex file:logs/ssl_mutex > SSLRandomSeed startup builtin > SSLRandomSeed connect builtin > > <VirtualHost 192.168.123.108:443> > ServerAdmin gonzalo@smilingscreens.com > DocumentRoot /var/www/https > ServerName 192.168.123.108 > ErrorLog logs/https-error_log > CustomLog logs/https-access_log common > > SSLEngine on > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL > SSLCertificateFile /usr/local/apache2/SSLcertificates/gonzalo.com.crt > SSLCertificateKeyFile /usr/local/apache2/SSLcertificates/gonzalo.com.key > > <Files ~ "\.(cgi|shtml|phtml|php3?)$"> > SSLOptions +StdEnvVars > </Files> > <Directory "/usr/local/apache2/cgi-bin"> > SSLOptions +StdEnvVars > </Directory> > > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > CustomLog logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > </VirtualHost> > </IfDefine> > > --https-error_log (upon startup of /usr/local/apache2/bin/httpd -DSSL > (when the SSLSESSIONCASE is set to none. Acutally almost no difference if > SSLSESSIONCACHE is set to dbm:/..., shmht:/..., or shmbc:/...) > [Mon Jan 26 15:27:06 2004] [info] Init: Initializing OpenSSL library > [Mon Jan 26 15:27:06 2004] [info] Init: Seeding PRNG with 0 bytes of entropy > [Mon Jan 26 15:27:08 2004] [info] Init: Wiped out the queried pass phrases from > memory > [Mon Jan 26 15:27:08 2004] [info] Init: Generating temporary RSA private > keys (512/1024 bits) > [Mon Jan 26 15:27:08 2004] [info] Init: Generating temporary DH parameters > (512/1024 bits) > [Mon Jan 26 15:27:08 2004] [info] Init: Initializing (virtual) servers for SSL > [Mon Jan 26 15:27:08 2004] [info] Server: Apache/2.0.40, Interface: > mod_ssl/2.0.40, Library: OpenSSL/0.9.7a > [Mon Jan 26 15:27:08 2004] [info] Init: Initializing OpenSSL library > [Mon Jan 26 15:27:08 2004] [info] Init: Seeding PRNG with 0 bytes of entropy > [Mon Jan 26 15:27:08 2004] [info] Init: Generating temporary RSA private keys > (512/1024 bits) > [Mon Jan 26 15:27:09 2004] [info] Init: Generating temporary DH parameters > (512/1024 bits) > [Mon Jan 26 15:27:09 2004] [info] Init: Initializing (virtual) servers for SSL > [Mon Jan 26 15:27:09 2004] [info] Server: Apache/2.0.40, Interface: > mod_ssl/2.0.40, Library: OpenSSL/0.9.7a > [Mon Jan 26 15:27:09 2004] [notice] Apache/2.0.40 (Unix) mod_ssl/2.0.40 > OpenSSL/0.9.7a configured -- resuming normal operations > [Mon Jan 26 15:27:09 2004] [info] Server built: Jan 26 2004 13:29:57 > [Mon Jan 26 15:27:09 2004] [debug] prefork.c(1039): AcceptMutex: pthread > (default: pthread) > --------------------end of config and error files > > > [root@firewall SSLcertificates]# openssl s_client -connect192.168.123.108:443 > -state -debug > CONNECTED(00000003)SSL_connect:before/connect initializationwrite > to 080AECC8 [080AF208] (142 bytes => 142 (0x8E))0000 - 80 8c 01 03 01 00 63 > 00-00 00 20 00 00 39 00 00 ......c... ..9..0010 - 38 00 00 35 00 00 16 00-00 > 13 00 00 0a 07 00 c0 8..5............0020 - 00 00 33 00 00 32 00 00-2f 03 00 > 80 00 00 66 00 ..3..2../.....f.0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 > 63 00 00 .............c..0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 > 40 b..a...........@0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 > ..e..d..`.......0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 f2 6d > ...............m0070 - a1 55 2f 6c 62 2b ea 0c-ef 01 06 2c e8 6a d5 e6 > .U/lb+.....,.j..0080 - 4e be 98 cc d8 98 03 f5-25 65 a4 c0 72 4f > N.......%e..rOSSL_connect:SSLv2/v3 write client hello A > read from 080AECC8 [080B4768] (7 bytes => 7 (0x7)) > 0000 - 16 03 01 00 4a 02 ....J. > 0007 - <SPACES/NULS> > read from 080AECC8 [080B476F] (72 bytes => 72 (0x48)) > 0000 - 00 46 03 01 40 15 94 49-1c fb b8 ed 46 74 5c 2b .F..@..I....Ft\+ > 0010 - e8 28 90 a5 14 69 18 b6-38 ae 9e 0b 3f c3 b9 a5 .(...i..8...?... > 0020 - 7a 35 5f 16 20 d7 05 98-85 b9 05 92 9b 6f 70 a6 z5_. ........op. > 0030 - be dd 34 0a 45 ba 39 40-34 1c 09 fa 9e c1 95 2e ..4.E.9@4....... > 0040 - b1 62 f4 c0 f5 00 39 .b....9 > 0048 - <SPACES/NULS> > SSL_connect:SSLv3 read server hello A > read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) > 0000 - 16 03 01 03 a6 ..... > read from 080AECC8 [080B476D] (934 bytes => 934 (0x3A6)) > 0000 - 0b 00 03 a2 00 03 9f 00-03 9c 30 82 03 98 30 82 ..........0...0. > 0010 - 03 01 a0 03 02 01 02 02-01 00 30 0d 06 09 2a 86 ..........0...*. > 0020 - 48 86 f7 0d 01 01 04 05-00 30 81 95 31 0b 30 09 H........0..1.0. > 0030 - 06 03 55 04 06 13 02 55-53 31 0b 30 09 06 03 55 ..U....US1.0...U > 0040 - 04 08 13 02 50 41 31 15-30 13 06 03 55 04 07 13 ....PA1.0...U... > 0050 - 0c 50 68 69 6c 61 64 65-6c 70 68 69 61 31 10 30 .Philadelphia1.0 > 0060 - 0e 06 03 55 04 0a 13 07-47 6f 6e 7a 61 6c 6f 31 ...U....Gonzalo1 > 0070 - 0b 30 09 06 03 55 04 0b-13 02 49 74 31 18 30 16 .0...U....It1.0. > 0080 - 06 03 55 04 03 13 0f 31-39 32 2e 31 36 38 2e 31 ..U....192.168.1 > 0090 - 32 33 2e 31 30 38 31 29-30 27 06 09 2a 86 48 86 23.1081)0'..*.H. > 00a0 - f7 0d 01 09 01 16 1a 67-6f 6e 7a 61 6c 6f 40 73 .......gonzalo@s > 00b0 - 6d 69 6c 69 6e 67 73 63-72 65 65 6e 73 2e 63 6f milingscreens.co > 00c0 - 6d 30 1e 17 0d 30 34 30-31 32 36 32 30 31 39 35 m0...04012620195 > 00d0 - 34 5a 17 0d 30 35 30 31-32 35 32 30 31 39 35 34 4Z..050125201954 > 00e0 - 5a 30 81 95 31 0b 30 09-06 03 55 04 06 13 02 55 Z0..1.0...U....U > 00f0 - 53 31 0b 30 09 06 03 55-04 08 13 02 50 41 31 15 S1.0...U....PA1. > 0100 - 30 13 06 03 55 04 07 13-0c 50 68 69 6c 61 64 65 0...U....Philade > 0110 - 6c 70 68 69 61 31 10 30-0e 06 03 55 04 0a 13 07 lphia1.0...U.... > 0120 - 47 6f 6e 7a 61 6c 6f 31-0b 30 09 06 03 55 04 0b Gonzalo1.0...U.. > 0130 - 13 02 49 74 31 18 30 16-06 03 55 04 03 13 0f 31 ..It1.0...U....1 > 0140 - 39 32 2e 31 36 38 2e 31-32 33 2e 31 30 38 31 29 92.168.123.1081) > 0150 - 30 27 06 09 2a 86 48 86-f7 0d 01 09 01 16 1a 67 0'..*.H........g > 0160 - 6f 6e 7a 61 6c 6f 40 73-6d 69 6c 69 6e 67 73 63 onzalo@smilingsc > 0170 - 72 65 65 6e 73 2e 63 6f-6d 30 81 9f 30 0d 06 09 reens.com0..0... > 0180 - 2a 86 48 86 f7 0d 01 01-01 05 00 03 81 8d 00 30 *.H............0 > 0190 - 81 89 02 81 81 00 b7 95-bf de 56 2e fa a5 f9 fa ..........V..... > 01a0 - fa 0a 30 2b ac da 9f 0c-31 65 1c 43 c4 7e 4e f8 ..0+....1e.C.~N. > 01b0 - ca dc e1 02 52 7c 03 29-39 b7 b8 ad cb f7 1d 67 ....R|.)9......g > 01c0 - 64 65 77 74 8f 4f 18 12-51 e6 74 b0 d8 83 96 1a dewt.O..Q.t..... > 01d0 - 06 2f a5 d1 cd 4c ec df-da b1 bf ad 46 5f 6b 78 ./...L......F_kx > 01e0 - cc 69 94 0b 51 1a 53 85-59 b2 46 cf c3 65 a0 3a .i..Q.S.Y.F..e.: > 01f0 - 92 5e 02 45 29 31 58 8e-c4 a6 b5 47 1c 87 bd 6d .^.E)1X....G...m > 0200 - 47 8d 0b 08 5f 68 58 c8-cc b2 36 74 1d b9 aa dd G..._hX...6t.... > 0210 - 5b e7 3d 44 19 87 02 03-01 00 01 a3 81 f5 30 81 [.=D..........0. > 0220 - f2 30 1d 06 03 55 1d 0e-04 16 04 14 9a 29 1e d5 .0...U.......).. > 0230 - a5 78 4e 9a 57 25 98 1c-c5 32 6e 00 b3 ff b4 5f .xN.W%...2n...._ > 0240 - 30 81 c2 06 03 55 1d 23-04 81 ba 30 81 b7 80 14 0....U.#...0.... > 0250 - 9a 29 1e d5 a5 78 4e 9a-57 25 98 1c c5 32 6e 00 .)...xN.W%...2n. > 0260 - b3 ff b4 5f a1 81 9b a4-81 98 30 81 95 31 0b 30 ..._......0..1.0 > 0270 - 09 06 03 55 04 06 13 02-55 53 31 0b 30 09 06 03 ...U....US1.0... > 0280 - 55 04 08 13 02 50 41 31-15 30 13 06 03 55 04 07 U....PA1.0...U.. > 0290 - 13 0c 50 68 69 6c 61 64-65 6c 70 68 69 61 31 10 ..Philadelphia1. > 02a0 - 30 0e 06 03 55 04 0a 13-07 47 6f 6e 7a 61 6c 6f 0...U....Gonzalo > 02b0 - 31 0b 30 09 06 03 55 04-0b 13 02 49 74 31 18 30 1.0...U....It1.0 > 02c0 - 16 06 03 55 04 03 13 0f-31 39 32 2e 31 36 38 2e ...U....192.168. > 02d0 - 31 32 33 2e 31 30 38 31-29 30 27 06 09 2a 86 48 123.1081)0'..*.H > 02e0 - 86 f7 0d 01 09 01 16 1a-67 6f 6e 7a 61 6c 6f 40 ........gonzalo@ > 02f0 - 73 6d 69 6c 69 6e 67 73-63 72 65 65 6e 73 2e 63 smilingscreens.c > 0300 - 6f 6d 82 01 00 30 0c 06-03 55 1d 13 04 05 30 03 om...0...U....0. > 0310 - 01 01 ff 30 0d 06 09 2a-86 48 86 f7 0d 01 01 04 ...0...*.H...... > 0320 - 05 00 03 81 81 00 46 d0-3b 70 bc d5 08 88 77 a4 ......F.;p....w. > 0330 - 53 02 9c 6a e6 c7 11 d9-fe 1e 6e 8a 87 37 e0 43 S..j......n..7.C > 0340 - c1 99 49 4b bd b9 f4 9a-22 01 bd c0 e5 93 ae 51 ..IK...."......Q > 0350 - 32 8e d1 a1 e6 10 f3 7a-b3 13 15 2f 0b 6d 98 ce 2......z.../.m.. > 0360 - 71 7d 95 66 e9 0e d9 e9-79 23 57 36 65 91 53 e5 q}.f....y#W6e.S. > 0370 - 3e 0e 3b 93 be 9f 76 38-af 6a 2c fb dd 36 4e a8 >.;...v8.j,..6N. > 0380 - 09 09 db b3 43 bc dd dd-e8 e7 8a c6 30 24 12 41 ....C.......0$.A > 0390 - 8e cf d4 c5 fc cf a4 4c-9d a3 58 e3 24 3c 9a 38 .......L..X.$<.8 > 03a0 - 47 3b b7 be 29 12 G;..). > depth=0 > /C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gonza > lo@company.comverify error:num=18:self signed certificate > verify return:1 > depth=0 > /C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gonza > lo@company.comverify return:1 > SSL_connect:SSLv3 read server certificate A > read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) > 0000 - 16 03 01 01 8d ..... > read from 080AECC8 [080B476D] (397 bytes => 397 (0x18D)) > 0000 - 0c 00 01 89 00 80 e6 96-9d 3d 49 5b e3 2c 7c f1 .........=I[.,|. > 0010 - 80 c3 bd d4 79 8e 91 b7-81 82 51 bb 05 5e 2a 20 ....y.....Q..^* > 0020 - 64 90 4a 79 a7 70 fa 15-a2 59 cb d5 23 a6 a6 ef d.Jy.p...Y..#... > 0030 - 09 c4 30 48 d5 a2 2f 97-1f 3c 20 12 9b 48 00 0e ..0H../..< ..H.. > 0040 - 6e dd 06 1c bc 05 3e 37-1d 79 4e 53 27 df 61 1e n.....>7.yNS'.a. > 0050 - bb be 1b ac 9b 5c 60 44-cf 02 3d 76 e0 5e ea 9b .....\`D..=v.^.. > 0060 - ad 99 1b 13 a6 3c 97 4e-9e f1 83 9e b5 db 12 51 .....<.N.......Q > 0070 - 36 f7 26 2e 56 a8 87 15-38 df d8 23 c6 50 50 85 6.&.V...8..#.PP. > 0080 - e2 1f 0d d5 c8 6b 00 01-02 00 80 c1 8b 67 96 9d .....k.......g.. > 0090 - c5 fa 54 e2 3c e7 2e f4-0f 72 c2 9c c2 f3 03 28 ..T.<....r.....( > 00a0 - e8 29 70 fe fa 78 da e6-5c 0d ce bd d6 1d 3f d6 .)p..x..\.....?. > 00b0 - 9c cc fc 06 34 9a 68 d5-5c e0 df 7e 49 12 a6 fa ....4.h.\..~I... > 00c0 - 8f 91 88 8c 5a 65 52 89-4d 56 e5 8f 6e ed fb f5 ....ZeR.MV..n... > 00d0 - 92 9d 02 92 84 c2 36 0a-de 0c 12 3f 5c c9 97 a2 ......6....?\... > 00e0 - 2e d3 39 30 cb b1 52 8c-48 3c 88 ee 01 c2 1e af ..90..R.H<...... > 00f0 - ee 11 5c 10 06 3a b6 79-aa 08 2f 34 55 ff e9 de ..\..:.y../4U... > 0100 - 07 f0 11 5a d7 93 22 43-d9 fa 02 00 80 a6 31 df ...Z.."C......1. > 0110 - 1d ee 19 26 1f ca ad 13-ac b2 dd 59 d1 0d e4 49 ...&.......Y...I > 0120 - 1d c0 df e5 62 69 92 89-bf 26 9b 1e 5e c4 2a 63 ....bi...&..^.*c > 0130 - 47 bd da ba 1c 03 12 ae-b2 c4 35 44 da c6 70 89 G.........5D..p. > 0140 - 03 a2 4a 9d c1 57 02 6e-04 e8 df a9 88 fe 90 fd ..J..W.n........ > 0150 - 39 ff 60 44 37 63 ab ce-a0 af a1 1a f8 c2 96 1b 9.`D7c.......... > 0160 - 0e 98 f0 be 4a 2b fc 6a-94 89 82 35 71 10 e5 88 ....J+.j...5q... > 0170 - 4f 34 ab 93 84 e7 dc ab-7b 02 37 d6 a4 36 74 68 O4......{.7..6th > 0180 - 56 f0 9b 16 85 cf 85 43-9b 62 dc 9d 60 V......C.b..` > SSL_connect:SSLv3 read server key exchange A > read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) > 0000 - 16 03 01 00 04 ..... > read from 080AECC8 [080B476D] (4 bytes => 4 (0x4)) > 0000 - 0e . > 0004 - <SPACES/NULS> > SSL_connect:SSLv3 read server done A > write to 080AECC8 [080C0600] (139 bytes => 139 (0x8B)) > 0000 - 16 03 01 00 86 10 00 00-82 00 80 6e a7 36 b5 e9 ...........n.6.. > 0010 - a9 9e 8c c8 ee 76 21 75-c3 00 53 c3 81 64 2b df .....v!u..S..d+. > 0020 - 14 3d b0 10 c5 f6 e9 bf-66 48 61 7e 6b 2c f2 28 .=......fHa~k,.( > 0030 - 67 0c b2 5f 7c 68 41 ec-42 04 d2 32 d4 a0 b5 70 g.._|hA.B..2...p > 0040 - fc bf 2c b7 ba 0a b6 19-c0 6e 49 79 da 0e f0 b6 ..,......nIy.... > 0050 - 66 8e 2c 4a ba 57 2a 03-dc 1a 6e b8 60 1a 8b 1c f.,J.W*...n.`... > 0060 - 3c 86 fb 58 a9 bb bd 7b-82 bb 9e c6 c5 ae 96 08 <..X...{........ > 0070 - 4d c2 34 6d 7a bd 3b 04-17 fa 1e 5d 98 a7 40 a1 M.4mz.;....]..@. > 0080 - 11 01 34 eb e9 83 36 d5-e3 4b 53 ..4...6..KS > SSL_connect:SSLv3 write client key exchange A > write to 080AECC8 [080C0600] (6 bytes => 6 (0x6)) > 0000 - 14 03 01 00 01 01 ...... > SSL_connect:SSLv3 write change cipher spec A > write to 080AECC8 [080C0600] (53 bytes => 53 (0x35)) > 0000 - 16 03 01 00 30 aa 4d c1-60 6e 23 0f 0e f9 9e 2a ....0.M.`n#....* > 0010 - aa cb 7f c4 f1 51 dc f7-40 de 9e c8 06 5d de 42 .....Q..@....].B > 0020 - e5 4b 21 0d eb 45 de 9c-f7 1f a3 cd b3 32 4c 6e .K!..E.......2Ln > 0030 - f7 93 5e 03 ab ..^.. > SSL_connect:SSLv3 write finished A > SSL_connect:SSLv3 flush data > read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) > 0000 - 14 03 01 00 01 ..... > read from 080AECC8 [080B476D] (1 bytes => 1 (0x1)) > 0000 - 01 . > read from 080AECC8 [080B4768] (5 bytes => 5 (0x5)) > 0000 - 16 03 01 00 30 ....0 > read from 080AECC8 [080B476D] (48 bytes => 48 (0x30)) > 0000 - 73 96 1a b8 a2 2d b7 46-42 35 92 85 ee 80 10 26 s....-.FB5.....& > 0010 - d2 22 9b 0e c8 2a 7b de-a6 39 1d a9 8e bc 22 60 ."...*{..9...."` > 0020 - a2 d4 ef 9f 94 2b db 0b-0f 6a b6 e9 e5 53 1e e0 .....+...j...S.. > SSL_connect:SSLv3 read finished A > --- > Certificate chain > 0 > s:/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gon > zalo@company.com > i:/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddress=gon > zalo@company.com---Server certificate > -----BEGIN CERTIFICATE----- > MIIDmDCCAwGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlTELMA kGA1UEBhMCVVMx > CzAJBgNVBAgTAlBBMRUwEwYDVQQHEwxQaGlsYWRlbHBoaWExED AOBgNVBAoTB0dv > bnphbG8xCzAJBgNVBAsTAkl0MRgwFgYDVQQDEw8xOTIuMTY4Lj EyMy4xMDgxKTAn > BgkqhkiG9w0BCQEWGmdvbnphbG9Ac21pbGluZ3NjcmVlbnMuY2 9tMB4XDTA0MDEy > NjIwMTk1NFoXDTA1MDEyNTIwMTk1NFowgZUxCzAJBgNVBAYTAl VTMQswCQYDVQQI > EwJQQTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMRAwDgYDVQQKEw dHb256YWxvMQsw > CQYDVQQLEwJJdDEYMBYGA1UEAxMPMTkyLjE2OC4xMjMuMTA4MS kwJwYJKoZIhvcN > AQkBFhpnb256YWxvQHNtaWxpbmdzY3JlZW5zLmNvbTCBnzANBg kqhkiG9w0BAQEF > AAOBjQAwgYkCgYEAt5W/3lYu+qX5+voKMCus2p8MMWUcQ8R+TvjK3OECUnwDKTm3 > uK3L9x1nZGV3dI9PGBJR5nSw2IOWGgYvpdHNTOzf2rG/rUZfa3jMaZQLURpThVmy > Rs/DZaA6kl4CRSkxWI7EprVHHIe9bUeNCwhfaFjIzLI2dB25qt1b5 z1EGYcCAwEA > AaOB9TCB8jAdBgNVHQ4EFgQUmike1aV4TppXJZgcxTJuALP/tF8wgcIGA1UdIwSB > ujCBt4AUmike1aV4TppXJZgcxTJuALP/tF+hgZukgZgwgZUxCzAJBgNVBAYTAlVT > MQswCQYDVQQIEwJQQTEVMBMGA1UEBxMMUGhpbGFkZWxwaGlhMR AwDgYDVQQKEwdH > b256YWxvMQswCQYDVQQLEwJJdDEYMBYGA1UEAxMPMTkyLjE2OC 4xMjMuMTA4MSkw > JwYJKoZIhvcNAQkBFhpnb256YWxvQHNtaWxpbmdzY3JlZW5zLm NvbYIBADAMBgNV > HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAEbQO3C81QiId6RTApxq5scR2f 4e > boqHN+BDwZlJS7259JoiAb3A5ZOuUTKO0aHmEPN6sxMVLwttmM 5xfZVm6Q7Z6Xkj > VzZlkVPlPg47k76fdjivaiz73TZOqAkJ27NDvN3d6OeKxjAkEk GOz9TF/M+kTJ2j > WOMkPJo4Rzu3vikS > -----END CERTIFICATE----- > subject=/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.168.123.108/emailAddre > ss=gonzalo@company.comissuer=/C=US/ST=PA/L=Philadelphia/O=Gonzalo/OU=It/CN=192.1 > 68.123.108/emailAddress=gonzalo@company.com--- > No client certificate CA names sent > --- > SSL handshake has read 1488 bytes and written 340 bytes > --- > New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA > Server public key is 1024 bit > SSL-Session: > Protocol : TLSv1 > Cipher : DHE-RSA-AES256-SHA > Session-ID: > D7059885B905929B6F70A6BEDD340A45BA3940341C09FA9EC1 952EB162F4C0F5 > Session-ID-ctx: > Master-Key: > 8417486EB238E2FC13AAD94321B042B68D1284EC65AD5A9143 186271E33C970AAF8B6D199FC76208 > 7BDCE833052800F6 Key-Arg : None > Krb5 Principal: None > Start Time: 1075156041 > Timeout : 300 (sec) > Verify return code: 18 (self signed certificate) > --- > GET /index.html HTTP/1.0 > write to 080AECC8 [080B8F78] (90 bytes => 90 (0x5A)) > 0000 - 17 03 01 00 20 56 f6 30-fc e6 70 ca 77 e0 65 88 .... V.0..p.w.e. > 0010 - 86 9b c6 72 d3 13 2d 14-5a 1c 9e 45 11 4d 41 85 ...r..-.Z..E.MA. > 0020 - b4 31 a7 a0 58 17 03 01-00 30 7b e1 a6 b2 f0 2d .1..X....0{....- > 0030 - f0 48 44 c9 38 cc 68 99-5e 5c c7 de 95 01 20 99 .HD.8.h.^\.... . > 0040 - 61 55 d8 ad 27 67 6b e0-96 88 9e 51 d6 36 aa 43 aU..'gk....Q.6.C > 0050 - e6 64 e0 05 28 fb ad 6a-61 1d .d..(..ja. The firewall is not allowing traffic on port 443. I checked it out and all works well. Sorry if I inconvenienced anyone. For those that are still unsure of how the apache+mod_ssl setup goes here are the steps: -------openssl0.9.7a, mod_ssl-2.0.40-21.9.src.rpm, httpd-2.0.40-21.9.src.rpm 1. install openssl 2. rpm -Uvh mod_ssl.... nothing goes into /usr/src/redhat/SOURCES but it does install 3. rpm -Uvh httpd-2.0.40-21.9.src.rpm 4. tar -xzvf /usr/src/redhat/SOURCES/httpd-2.0.40.tar.gz 5. cd /usr/src/redhat/SOURCES/httpd-2.0.40 6. ./configure --with-perl --enable-ssl --enable-mods=most --with-ssl=/usr/local/ssl/include/openssl Make sure that after apache is compiled the following command shows the module mod_ssl.c './httpd -DSSL' assuming you are in the new apache bin directory.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 07:22 PM.
