The first article at least attempted to explain things......

Next time, just say "Go look at the Apache and OpenSSL Web Sites" and save us some time.

How well timed is this little beauty???

I was just about to this to our new box and up this little article popped....Any chance of a decent 'ftp server for real users' tutorial by next friday....? :)

Did you take a look at <a href="http://www.devshed.com/Server_Side/Administration/wuftpd/">http://www.devshed.com/Server_Side/Administration/wuftpd/</a> ?

My install went well except tha$ "u"g!r`d t(e par0 3h!r #a" 2u p/s!d t. %s! 0h$ QN o* 0hd "ebt)f)c t , s* H "ac ,o.k(nc "o2w`rd 0o m!k)nb ! ew +n bu0 H'&e r5n i.t 3n!g* A"t%r I #/si#ns( "e2v!r.csr
I get the following error message:

CA signing:server.csr->server.crt:
./sign.sh:openssl:command not found
CA verifying:server.crt<->CA cert
./sign.sh:openssl:command not found

Like I said, I think everything else went well, and all the steps in the tutorial preceeding this one went off without a hitch. I'm still a newbie so feel free to patronize me if I've overlooked something trivial.

I've used this instruction to the letter and problems occur in my setup (RedHat 6.2).
I think the simplest is still just to install the MySQL and Apache RPM first, then use the PHP4 module install instructions. Works great.

?, The ports for the SSL should be 443 not 80 right?

Hi billy... I am newbie Too , the "sign.sh" script is in the mod-ssl-2.6.4-x.x.x/pkg.contrib, so what i did is i copied the certificate to that directory and i ran the script from there. and it worked just fine . the only thing is when i use the secure server in my web site i get a message saying that the "certificate is signed by a company you have not chose to trust" the expieration date and the name of the site is fine.....?
Good luck

correct... standard SSL is 443 but you could put it on any port you want.

correct...

I have 5 ip addresses and I want the other 4 ips to be virtually hosted on the same box. Is this doable and is this the right tutorial for it. I tried one, but it didn't work.

Is it possible to setup two separate domains using two separate certificates on one computer? Both of my domains work, but depending on which SSLCertificateFile line is first, that is the certificate that is used for both domains. Thanks.

... i think its better if you set the following instead of only ServerName www.dom.tld:


<pre><xmp>
ServerName dom.tld
ServerAlias www.dom.tld
</xmp></pre>


It's a better way, because not all people like subdomains like www (me too)...

Only a hint ;)

As far as I know / learned from my experience the main problem in Virtual SSL- Hosting is not mentioned at all in this article.

Usually you do not assign a seperate IP to a virtual host. All virtual hosts are name- based and therefore have no own IP.

So, only the hosting- platform has an own IP and can be certified. But there is no reverselookup that leads to the name of the virtual host; -so you can not make an official certificate / authentication.

Hope I could make it at least a little clearer what the problem really is.

man, I just compiled a bunch of crap openssl/mod_ssl being one of them. I can start the server fine

<pre><xmp>apache startssl</xmp></pre>

but once I do that I can't access any of my web pages. Is it alright to issue

<pre><xmp>apache start</xmp></pre>

after I issue

<pre><xmp>apache startssl</xmp></pre>

. I wouldn't be asking, i'd be testing, however, I can't get any connections to ssl to work from my web browser or from the command line client. The server starts fine


<pre><xmp>
[root@pico conf]# apache startssl
Apache/1.3.14 mod_ssl/2.7.1 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server checkout.commaflex.com:80 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
/usr/local/apache/bin/apachectl startssl: httpd started
</xmp></pre>


but I can't get any connections to the server what so ever. My virtual host directive looks like this...


<pre><xmp>
<VirtualHost 216.186.181.231:80>
DocumentRoot "/home/commaflex/public_html/checkout"
ServerAdmin info@commaflex.com
ServerName checkout.commaflex.com
ErrorLog /home/commaflex/public_html/checkout/.error.log
TransferLog /home/commaflex/public_html/checkout/.transfer.log
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
</VirtualHost>
</xmp></pre>


hehee no problem there I don't think. ssl and every compiled with no complaints. i generated the server key and everything just fine, but no connections :( just page not found in ie.

Ok I just found out that when you issue
apachectl startssl it's supposed to start your httpd and ssl. Mine doesn't!!!! It only starts ssl and I can't connect to any of my web pages until I issue
apachectl start afterwawrds!! any ideas?

i figured it out, no sweat

I'm having some problems with mod_ssl as I'm sure every one who uses it is. You see I got everything working great, it only took recompiling apache/mod_ssl and a few other things, oh about 100 freaking times. So it finally worked and I was in bliss and joy, till I tried to connect to the ssl server with MSIE5.5, gee thats funny IT WON'T FREAKING CONNECT!!!!!!!! About this time I found myself encompassed with rage and anger, so I went to modssl.org and tried some of the work arounds they have posted, unfortunatly NONE OF THEM WORK!!!! Please for the love of God somebody has to have some suggestions or work arounds that work. Somebody for the love of humanity help me!

Is there a way to host seaperate websites with folders....

http://mydomain.com/user1
http://mydomain.com/user2

Any help is appreciated.

You have to either setup an aliased interface with another public IP or code your html to point SSL requests to a port other than 80 and configure this other port in your SSL virtualhost directive.... You can't have 1 public IP and 1 port share multiple certificates since nothing unique or identifying about the domain is clear text prior to the decryption.... soooo there isn't any way to know which certificate is the right key to unlock the packets...

nice instructions, but still no info about how to generate personal certificates [client certificates] to be imported on browsers [to be used when SSLVerifyClient = required]

S.

The first article at least attempted to explain things...... Next time, just say "Go look at the Apache and OpenSSL Web Sites" and save us some time.

How well timed is this little beauty??? I was just about to this to our new box and up this little article popped....Any chance of a decent 'ftp server for real users' tutorial by next friday....? :)

Did you take a look at <a href="http://www.devshed.com/Server_Side/Administration/wuftpd/">http://www.devshed.com/Server_Side/Administration/wuftpd/</a> ? <br> <br>

I've used this instruction to the letter and problems occur in my setup (RedHat 6.2). I think the simplest is still just to install the MySQL and Apache RPM first, then use the PHP4 module install instructions. Works great.

?, The ports for the SSL should be 443 not 80 right?

correct... standard SSL is 443 but you could put it on any port you want.

correct...

I have 5 ip addresses and I want the other 4 ips to be virtually hosted on the same box. Is this doable and is this the right tutorial for it. I tried one, but it didn't work.

Is it possible to setup two separate domains using two separate certificates on one computer? Both of my domains work, but depending on which SSLCertificateFile line is first, that is the certificate that is used for both domains. Thanks.

Ok I just found out that when you issue apachectl startssl it's supposed to start your httpd and ssl. Mine doesn't!!!! It only starts ssl and I can't connect to any of my web pages until I issue apachectl start afterwawrds!! any ideas?

i figured it out, no sweat

Is there a way to host seaperate websites with folders.... http://mydomain.com/user1 http://mydomain.com/user2 Any help is appreciated.

nice instructions, but still no info about how to generate personal certificates [client certificates] to be imported on browsers [to be used when SSLVerifyClient = required] S.

The first article at least attempted to explain things......

Next time, just say "Go look at the Apache and OpenSSL Web Sites" and save us some time.

How well timed is this little beauty???

I was just about to this to our new box and up this little article popped....Any chance of a decent 'ftp server for real users' tutorial by next friday....? :)

Did you take a look at <a href="http://www.devshed.com/Server_Side/Administration/wuftpd/">http://www.devshed.com/Server_Side/Administration/wuftpd/</a> ?
<br>
<br>

I've used this instruction to the letter and problems occur in my setup (RedHat 6.2).
I think the simplest is still just to install the MySQL and Apache RPM first, then use the PHP4 module install instructions. Works great.

Ok I just found out that when you issue
apachectl startssl it's supposed to start your httpd and ssl. Mine doesn't!!!! It only starts ssl and I can't connect to any of my web pages until I issue
apachectl start afterwawrds!! any ideas?

Is there a way to host seaperate websites with folders....

http://mydomain.com/user1
http://mydomain.com/user2

Any help is appreciated.

nice instructions, but still no info about how to generate personal certificates [client certificates] to be imported on browsers [to be used when SSLVerifyClient = required]

S.