ALT Linux Community general discussions
 help / color / mirror / Atom feed
* [mdk-re] mod_ssl howto ;)
@ 2002-03-13  0:32 Peter V. Saveliev
  2002-03-21 18:56 ` Lenya L. Khachaturov
  0 siblings, 1 reply; 2+ messages in thread
From: Peter V. Saveliev @ 2002-03-13  0:32 UTC (permalink / raw)
  To: ALT Linux

Hello!

При попытке включить в vhosts такую конфигурацию:
8<-------------------------------------------------------------------------------------
<VirtualHost 195.19.253.86:443>

ServerName mail.peet.spb.ru
DocumentRoot    /home/peet/personal/www-server/mail

SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile     /home/peet/personal/www-server/mail/ssl/server.crt
SSLCertificateKeyFile  /home/peet/personal/www-server/mail/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

</VirtualHost>
8<-------------------------------------------------------------------------------------

# server.crt и server.key сделаны по документации из /usr/share/doc/mod_ssl*

Получаю в /var/log/messages после service httpd restart:
8<-------------------------------------------------------------------------------------
Mar 13 00:33:07 peet httpd: httpd shutdown succeeded
Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_php4.c is already added, skipping
Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_ssl.c is already added, skipping
Mar 13 00:33:08 peet httpd: Syntax OK
Mar 13 00:33:08 peet httpd: Checking configuration sanity for httpd:  succeeded
Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_php4.c is already added, skipping
Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_ssl.c is already added, skipping
Mar 13 00:33:09 peet httpd: Apache/1.3.23 mod_ssl/2.8.7 (Pass Phrase Dialog)
Mar 13 00:33:09 peet httpd: Some of your private key files are encrypted for security reasons.
Mar 13 00:33:09 peet httpd: In order to read them you have to provide us with the pass phrases.
Mar 13 00:33:09 peet httpd: Server mail.peet.spb.ru:443 (RSA)
Mar 13 00:33:09 peet httpd: Enter pass phrase:
8<-------------------------------------------------------------------------------------

Это прикол? ;)) Есть вопрос и посерьезнее: а как же тогда стартовать? 
apachectl заканчивается тем же. При этом, прошу заметить, в top:

8<-------------------------------------------------------------------------------------
  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
17832 root       0   0   572  572   468 R    97,4  0,4   0:07 initlog
17859 peet      19   0  1184 1184   924 R     0,9  0,9   0:00 top
    5 root      20   0     0    0     0 SW    0,3  0,0   0:01 kupdated
    1 root      20   0   480  432   412 S     0,0  0,3   0:03 init
    2 root      20   0     0    0     0 SW    0,0  0,0   0:00 keventd
8<-------------------------------------------------------------------------------------

Заранее спасибо,
Петр.



^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [mdk-re] mod_ssl howto ;)
  2002-03-13  0:32 [mdk-re] mod_ssl howto ;) Peter V. Saveliev
@ 2002-03-21 18:56 ` Lenya L. Khachaturov
  0 siblings, 0 replies; 2+ messages in thread
From: Lenya L. Khachaturov @ 2002-03-21 18:56 UTC (permalink / raw)
  To: Peter V. Saveliev

Hello Peter,

Wednesday, March 13, 2002, 12:41:45 AM, you wrote:

PVS> Hello!

PVS> При попытке включить в vhosts такую конфигурацию:
PVS> 8<-------------------------------------------------------------------------------------
PVS> <VirtualHost 195.19.253.86:443>

PVS> ServerName mail.peet.spb.ru
PVS> DocumentRoot    /home/peet/personal/www-server/mail

PVS> SSLEngine on
PVS> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
PVS> SSLCertificateFile     /home/peet/personal/www-server/mail/ssl/server.crt
PVS> SSLCertificateKeyFile  /home/peet/personal/www-server/mail/ssl/server.key
PVS> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

PVS> </VirtualHost>
PVS> 8<-------------------------------------------------------------------------------------

PVS> # server.crt и server.key сделаны по документации из /usr/share/doc/mod_ssl*

PVS> Получаю в /var/log/messages после service httpd restart:
PVS> 8<-------------------------------------------------------------------------------------
PVS> Mar 13 00:33:07 peet httpd: httpd shutdown succeeded
PVS> Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_php4.c is already added, skipping
PVS> Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_ssl.c is already added, skipping
PVS> Mar 13 00:33:08 peet httpd: Syntax OK
PVS> Mar 13 00:33:08 peet httpd: Checking configuration sanity for httpd:  succeeded
PVS> Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_php4.c is already added, skipping
PVS> Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_ssl.c is already added, skipping
PVS> Mar 13 00:33:09 peet httpd: Apache/1.3.23 mod_ssl/2.8.7 (Pass Phrase Dialog)
PVS> Mar 13 00:33:09 peet httpd: Some of your private key files are encrypted for security reasons.
PVS> Mar 13 00:33:09 peet httpd: In order to read them you have to provide us with the pass phrases.
PVS> Mar 13 00:33:09 peet httpd: Server mail.peet.spb.ru:443 (RSA)
PVS> Mar 13 00:33:09 peet httpd: Enter pass phrase:
PVS> 8<-------------------------------------------------------------------------------------

PVS> Это прикол? ;)) Есть вопрос и посерьезнее: а как же тогда стартовать? 
PVS> apachectl заканчивается тем же. При этом, прошу заметить, в top:

Это не прикол, пароль дожен вводиться в интерактивном режиме. Либо
снимайте пароль с ключа, либо пишите скрипту, отдающую пароль mod_ssl,
и то и другое не секьюрно.

PVS> 8<-------------------------------------------------------------------------------------
PVS>   PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
PVS> 17832 root       0   0   572  572   468 R    97,4  0,4   0:07 initlog
PVS> 17859 peet      19   0  1184 1184   924 R     0,9  0,9   0:00 top
PVS>     5 root      20   0     0    0     0 SW    0,3  0,0   0:01 kupdated
PVS>     1 root      20   0   480  432   412 S     0,0  0,3   0:03 init
PVS>     2 root      20   0     0    0     0 SW    0,0  0,0   0:00 keventd
PVS> 8<-------------------------------------------------------------------------------------

PVS> Заранее спасибо,
PVS> Петр.

PVS> _______________________________________________
PVS> Mandrake-russian mailing list
PVS> Mandrake-russian@altlinux.ru
PVS> http://altlinux.ru/mailman/listinfo/mandrake-russian



-- 
Best regards,
Lenya L. Khachaturov
mailto:lenya@chemsell.yaroslavl.ru




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2002-03-21 18:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-03-13  0:32 [mdk-re] mod_ssl howto ;) Peter V. Saveliev
2002-03-21 18:56 ` Lenya L. Khachaturov

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git