-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Even more revealing was the passphrase prompt, not required for plain
httpd...


Thanks,

Ron DuFresne


On Tue, 19 Jun 2007, Omar W. Hannet wrote:

> Are you quite certain that the LoadModule for mod_ssl has been
> commented out? The reason I ask: the output from 'apachectl start'
> which you provided below shows 'mod_ssl/2.2.4'.
>
> In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
> 'Apache/2.2.4' and 'configured -- resuming normal operations', do
> you see 'mod_ssl/2.2.4'? If so, it is still being loaded from somewhere
> in your configuration.
>
> Saikat Saha wrote:
>> Sorry for late response on this one. This is what we have in httpd.conf
>> which is generated at compile time. This problem does not go away even
>> if I comment out last four lines and restart apache. Could you please
>> advise what else could be leading apache to think it is https rather
>> than http?
>>
>>
>>
>> # Secure (SSL/TLS) connections
>> #Include conf/extra/httpd-ssl.conf
>> #
>> # Note: The following must must be present to support
>> # starting without SSL on platforms with no /dev/random equivalent
>> # but a statically compiled-in mod_ssl.
>> #
>>
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>>

>>
>>
>> With above commented out, when I try to start apache, I get following
>> passphrase prompt and apache does not start even after saying passphrase
>> successful, no logs in logs directory although log level is "debug"
>>
>> ]# ./apachectl start
>> httpd: Could not reliably determine the server's fully qualified domain
>> name, using 10.3.110.109 for ServerName
>> Apache/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
>> Some of your private key files are encrypted for security reasons.
>> In order to read them you have to provide the pass phrases.
>>
>> Server 10.3.110.109:443 (RSA)
>> Enter pass phrase:
>>
>> OK: Pass Phrase Dialog successful.
>> [root@rh4_109 bin]#
>>
>> Thanks you very much for your help.
>>
>>
>> -----Original Message-----
>> From: owner-modssl-users@modssl.org
>> [mailtowner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>> Sent: Monday, June 18, 2007 8:34 AM
>> To: modssl-users@modssl.org
>> Subject: Re: Apache with mod_ssl
>>
>> Do you have tags surrounding all
>> SSL directives in your configuration file? For example:
>>
>>
>> SSLPassPhraseDialog builtin
>> # etc.
>>

>>
>> Saikat Saha wrote:_module>
>>> Apache was compiled as below
>>>
>>> ./configure --with-ldap --enable-mods-shared="all ssl ldap cache proxy
>>> authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock
>>> disk_cache" --prefix=/opt/apache-2.2.4
>>>
>>> Httpd -l gives below
>>> [root@rh4_109 bin]# httpd -l
>>> Compiled in modules:
>>> core.c
>>> prefork.c
>>> http_core.c
>>> mod_so.c
>>>
>>> How do I compile so that it does not load mod_ssl automatically and
>>> loads only if httpd.conf is configured.
>>>
>>> Surprisingly there are no error logs even at debug level.
>>>
>>> Thank you so very much for the kind help.
>>>
>>> -----Original Message-----
>>> From: owner-modssl-users@modssl.org
>>> [mailtowner-modssl-users@modssl.org] On Behalf Of Omar W. Hannet
>>> Sent: Friday, June 15, 2007 4:13 PM
>>> To: modssl-users@modssl.org
>>> Subject: Re: Apache with mod_ssl
>>>
>>> Saikat Saha wrote:
>>>> We have apache 2.2.4 compiled with all modules but commented out all load
>>>> modules. Do not have anything in httpd.conf file to state that
>>> this
>>>> is https. But when I start apache, it tries to goto https and prompts

>>
>>>> for pass phrase. How does apache determine that this is https whereas

>>
>>>> this is actually a http server.
>>> Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check

>> this.
>>>> After I enter a passphrase, it shows successful but the server never
>>>> starts up. Can someone please help?
>>> The reason probably can be found in Apache's error_log file.
>>>
>>>> Also can apache support both http and https at different ports at the

>>
>>>> same time?
>>> Yes. The defaults are port 80 for http and port 443 for https.

> __________________________________________________ ____________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>


- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

....We waste time looking for the perfect lover
instead of creating the perfect love.

-Tom Robbins
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGer+zst+vzJSwZikRAlhnAJ4rLby4nNIlTNYwr0Vq2b QdI1TGmwCgwn1e
itrUfe7Vl+cuoIdY3KOVw8M=
=LeZD
-----END PGP SIGNATURE-----
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org