problem accessing/starting secure layer (https)

Nicholas Leippe nick at byu.edu
Tue Jul 12 16:29:28 MDT 2005


On Tuesday 12 July 2005 04:21 pm, bibhor dhungel wrote:
> hi,
> i used "service httpd restart" to restart the server. i had encrypted
> the server key so it asked me for the passphrase before starting. when
> i changed ssl.conf (sorry for not mentioning that i am using openssl)
> i defined it to listen to port 443 and i am not sure how to check if
> its listening at that port (i am assuming that port 443 is open by
> default).

You can see what ports are open and what's listening on them with:

netstat -nlp

When I installed openssl on our servers, I had to explicitly use 'startssl' as 
the parameter to apachectl.  My conf files do tell it to listen on port 443, 
but w/o that ssl is not enabled and port 443 is not bound.  I think startssl 
is equivalent to 'start -DSSL'


> here's bits from my ssl.conf:
> # added by Bibhor on 07/12/2005
> SSLCertificateFile /etc/httpd/conf/ssl.crt/new.crt
>
> #   Server Private Key:
> #   If the key is not combined with the certificate, use this
> #   directive to point at the key file.  Keep in mind that if
> #   you've both a RSA and a DSA private key you can configure
> #   both in parallel (to also allow the use of DSA ciphers, etc.)
> # added by Bibhor on 07/12/2005
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/new.server.com

these look fine from what I can tell.
You may need a CA cert bundle file as well, such as:

SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt

This is sometimes referred to as a 'chain' file.

-- 
Respectfully,

Nicholas Leippe
Sales Team Automation, LLC
1335 West 1650 North, Suite C
Springville, UT  84663 +1 801.853.4090
http://www.salesteamautomation.com



More information about the PLUG mailing list