* [mdk-re] mod_ssl howto ;)
@ 2002-03-13 0:32 Peter V. Saveliev
2002-03-21 18:56 ` Lenya L. Khachaturov
0 siblings, 1 reply; 2+ messages in thread
From: Peter V. Saveliev @ 2002-03-13 0:32 UTC (permalink / raw)
To: ALT Linux
Hello!
При попытке включить в vhosts такую конфигурацию:
8<-------------------------------------------------------------------------------------
<VirtualHost 195.19.253.86:443>
ServerName mail.peet.spb.ru
DocumentRoot /home/peet/personal/www-server/mail
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /home/peet/personal/www-server/mail/ssl/server.crt
SSLCertificateKeyFile /home/peet/personal/www-server/mail/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
8<-------------------------------------------------------------------------------------
# server.crt и server.key сделаны по документации из /usr/share/doc/mod_ssl*
Получаю в /var/log/messages после service httpd restart:
8<-------------------------------------------------------------------------------------
Mar 13 00:33:07 peet httpd: httpd shutdown succeeded
Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_php4.c is already added, skipping
Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_ssl.c is already added, skipping
Mar 13 00:33:08 peet httpd: Syntax OK
Mar 13 00:33:08 peet httpd: Checking configuration sanity for httpd: succeeded
Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_php4.c is already added, skipping
Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_ssl.c is already added, skipping
Mar 13 00:33:09 peet httpd: Apache/1.3.23 mod_ssl/2.8.7 (Pass Phrase Dialog)
Mar 13 00:33:09 peet httpd: Some of your private key files are encrypted for security reasons.
Mar 13 00:33:09 peet httpd: In order to read them you have to provide us with the pass phrases.
Mar 13 00:33:09 peet httpd: Server mail.peet.spb.ru:443 (RSA)
Mar 13 00:33:09 peet httpd: Enter pass phrase:
8<-------------------------------------------------------------------------------------
Это прикол? ;)) Есть вопрос и посерьезнее: а как же тогда стартовать?
apachectl заканчивается тем же. При этом, прошу заметить, в top:
8<-------------------------------------------------------------------------------------
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
17832 root 0 0 572 572 468 R 97,4 0,4 0:07 initlog
17859 peet 19 0 1184 1184 924 R 0,9 0,9 0:00 top
5 root 20 0 0 0 0 SW 0,3 0,0 0:01 kupdated
1 root 20 0 480 432 412 S 0,0 0,3 0:03 init
2 root 20 0 0 0 0 SW 0,0 0,0 0:00 keventd
8<-------------------------------------------------------------------------------------
Заранее спасибо,
Петр.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [mdk-re] mod_ssl howto ;)
2002-03-13 0:32 [mdk-re] mod_ssl howto ;) Peter V. Saveliev
@ 2002-03-21 18:56 ` Lenya L. Khachaturov
0 siblings, 0 replies; 2+ messages in thread
From: Lenya L. Khachaturov @ 2002-03-21 18:56 UTC (permalink / raw)
To: Peter V. Saveliev
Hello Peter,
Wednesday, March 13, 2002, 12:41:45 AM, you wrote:
PVS> Hello!
PVS> При попытке включить в vhosts такую конфигурацию:
PVS> 8<-------------------------------------------------------------------------------------
PVS> <VirtualHost 195.19.253.86:443>
PVS> ServerName mail.peet.spb.ru
PVS> DocumentRoot /home/peet/personal/www-server/mail
PVS> SSLEngine on
PVS> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
PVS> SSLCertificateFile /home/peet/personal/www-server/mail/ssl/server.crt
PVS> SSLCertificateKeyFile /home/peet/personal/www-server/mail/ssl/server.key
PVS> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
PVS> </VirtualHost>
PVS> 8<-------------------------------------------------------------------------------------
PVS> # server.crt и server.key сделаны по документации из /usr/share/doc/mod_ssl*
PVS> Получаю в /var/log/messages после service httpd restart:
PVS> 8<-------------------------------------------------------------------------------------
PVS> Mar 13 00:33:07 peet httpd: httpd shutdown succeeded
PVS> Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_php4.c is already added, skipping
PVS> Mar 13 00:33:08 peet httpd: [Wed Mar 13 00:33:08 2002] [warn] module mod_ssl.c is already added, skipping
PVS> Mar 13 00:33:08 peet httpd: Syntax OK
PVS> Mar 13 00:33:08 peet httpd: Checking configuration sanity for httpd: succeeded
PVS> Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_php4.c is already added, skipping
PVS> Mar 13 00:33:09 peet httpd: [Wed Mar 13 00:33:09 2002] [warn] module mod_ssl.c is already added, skipping
PVS> Mar 13 00:33:09 peet httpd: Apache/1.3.23 mod_ssl/2.8.7 (Pass Phrase Dialog)
PVS> Mar 13 00:33:09 peet httpd: Some of your private key files are encrypted for security reasons.
PVS> Mar 13 00:33:09 peet httpd: In order to read them you have to provide us with the pass phrases.
PVS> Mar 13 00:33:09 peet httpd: Server mail.peet.spb.ru:443 (RSA)
PVS> Mar 13 00:33:09 peet httpd: Enter pass phrase:
PVS> 8<-------------------------------------------------------------------------------------
PVS> Это прикол? ;)) Есть вопрос и посерьезнее: а как же тогда стартовать?
PVS> apachectl заканчивается тем же. При этом, прошу заметить, в top:
Это не прикол, пароль дожен вводиться в интерактивном режиме. Либо
снимайте пароль с ключа, либо пишите скрипту, отдающую пароль mod_ssl,
и то и другое не секьюрно.
PVS> 8<-------------------------------------------------------------------------------------
PVS> PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
PVS> 17832 root 0 0 572 572 468 R 97,4 0,4 0:07 initlog
PVS> 17859 peet 19 0 1184 1184 924 R 0,9 0,9 0:00 top
PVS> 5 root 20 0 0 0 0 SW 0,3 0,0 0:01 kupdated
PVS> 1 root 20 0 480 432 412 S 0,0 0,3 0:03 init
PVS> 2 root 20 0 0 0 0 SW 0,0 0,0 0:00 keventd
PVS> 8<-------------------------------------------------------------------------------------
PVS> Заранее спасибо,
PVS> Петр.
PVS> _______________________________________________
PVS> Mandrake-russian mailing list
PVS> Mandrake-russian@altlinux.ru
PVS> http://altlinux.ru/mailman/listinfo/mandrake-russian
--
Best regards,
Lenya L. Khachaturov
mailto:lenya@chemsell.yaroslavl.ru
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-03-21 18:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-03-13 0:32 [mdk-re] mod_ssl howto ;) Peter V. Saveliev
2002-03-21 18:56 ` Lenya L. Khachaturov
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git