Re: Apache with mod_ssl
-----BEGIN PGP SIGNED MESSAGE-----
Even more revealing was the passphrase prompt, not required for plain
On Tue, 19 Jun 2007, Omar W. Hannet wrote:
> Are you quite certain that the LoadModule for mod_ssl has been
> commented out? The reason I ask: the output from 'apachectl start'
> which you provided below shows 'mod_ssl/2.2.4'.
> In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
> 'Apache/2.2.4' and 'configured -- resuming normal operations', do
> you see 'mod_ssl/2.2.4'? If so, it is still being loaded from somewhere
> in your configuration.
> Saikat Saha wrote:[color=green]
>> Sorry for late response on this one. This is what we have in httpd.conf
>> which is generated at compile time. This problem does not go away even
>> if I comment out last four lines and restart apache. Could you please
>> advise what else could be leading apache to think it is https rather
>> than http?
>> # Secure (SSL/TLS) connections
>> #Include conf/extra/httpd-ssl.conf
>> # Note: The following must must be present to support
>> # starting without SSL on platforms with no /dev/random equivalent
>> # but a statically compiled-in mod_ssl.
>> <IfModule ssl_module>
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>> With above commented out, when I try to start apache, I get following
>> passphrase prompt and apache does not start even after saying passphrase
>> successful, no logs in logs directory although log level is "debug"
>> ]# ./apachectl start
>> httpd: Could not reliably determine the server's fully qualified domain
>> name, using 10.3.110.109 for ServerName
>> Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
>> Some of your private key files are encrypted for security reasons.
>> In order to read them you have to provide the pass phrases.
>> Server 10.3.110.109:443 (RSA)
>> Enter pass phrase:
>> OK: Pass Phrase Dialog successful.
>> [root@rh4_109 bin]#
>> Thanks you very much for your help.
>> -----Original Message-----
>> From: [email]email@example.com[/email]
>> [mailto:firstname.lastname@example.org] On Behalf Of Omar W. Hannet
>> Sent: Monday, June 18, 2007 8:34 AM
>> To: [email]email@example.com[/email]
>> Subject: Re: Apache with mod_ssl
>> Do you have <IfModule ssl_module> tags surrounding all
>> SSL directives in your configuration file? For example:
>> <IfModule ssl_module>
>> SSLPassPhraseDialog builtin
>> # etc.
>> Saikat Saha wrote:_module>[color=darkred]
>>> Apache was compiled as below
>>> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
>>> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
>>> disk_cache" --prefix=/opt/apache-2.2.4
>>> Httpd -l gives below
>>> [root@rh4_109 bin]# httpd -l
>>> Compiled in modules:
>>> How do I compile so that it does not load mod_ssl automatically and
>>> loads only if httpd.conf is configured.
>>> Surprisingly there are no error logs even at debug level.
>>> Thank you so very much for the kind help.
>>> -----Original Message-----
>>> From: [email]firstname.lastname@example.org[/email]
>>> [mailto:email@example.com] On Behalf Of Omar W. Hannet
>>> Sent: Friday, June 15, 2007 4:13 PM
>>> To: [email]firstname.lastname@example.org[/email]
>>> Subject: Re: Apache with mod_ssl
>>> Saikat Saha wrote:
>>>> We have apache 2.2.4 compiled with all modules but commented out all load
>>>> modules. Do not have anything in httpd.conf file to state that
>>>> is https. But when I start apache, it tries to goto https and prompts[/color]
>>>> for pass phrase. How does apache determine that this is https whereas[/color]
>>>> this is actually a http server.
>>> Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check[/color]
>>>> After I enter a passphrase, it shows successful but the server never
>>>> starts up. Can someone please help?
>>> The reason probably can be found in Apache's error_log file.
>>>> Also can apache support both http and https at different ports at the[/color]
>>>> same time?
>>> Yes. The defaults are port 80 for http and port 443 for https.[/color][/color]
> Apache Interface to OpenSSL (mod_ssl) [url]www.modssl.org[/url]
> User Support Mailing List [email]email@example.com[/email]
> Automated List Manager [email]firstname.lastname@example.org[/email]
admin & senior security consultant: sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
....We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
-----END PGP SIGNATURE-----
Apache Interface to OpenSSL (mod_ssl) [url]www.modssl.org[/url]
User Support Mailing List [email]email@example.com[/email]
Automated List Manager [email]firstname.lastname@example.org[/email]