Basic SSL questions - ore or two configuration files ??

Basic SSL questions - ore or two configuration files ??

Post by see_my_sig » Mon, 27 Sep 2004 20:17:38


I wish to install a web server supporting SSL on a Sun SPARCstation 20
running Solaris 9. The default 1.3.27 Apache supplied with Solaris 9
does not support SSL.

I downloaded a pre-compiled Apache 2.0.51 from
http://www.yqcomputer.com/ , along with openssl and other packages
listed as being required.

The web page at http://www.yqcomputer.com/ , states Apache 2.0.51 was
compiled as:

./configure --prefix=/usr/local/apache2 --enable-mods-shared=all
--enable-ssl=shared --enable-ssl --with-ssl=/usr/local/ssl

(there are modules of course too).

There is a file /usr/apache2/conf/ssl.conf Is one supposed to 'merge'
this into the main httpd.conf file, or are they to remain as two
sepparate files? I see examples of httpd.conf files on the web, where
there are SSL related items in httpd.conf. Yet if I add the contents
of ssl.conf on to the end of httpd.conf, the server complains at the
very first SSL releated line it comes across.

webserver2 # ./apachectl -t
Syntax error on line 1121 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'SSLRandomSeed', perhaps mis-spelled or defined by a
module not included in the server configuration


Also, if I want SSL support, should one start the server as

# ./apachectl start

or

# ./apachectl startssl ??


or does one have to do both operations?

The latter actually crashes

webserver2 # ./apachectl startssl
[Sun Sep 26 12:10:55 2004] [crit] [Sun Sep 26 12:10:55 2004] file
vhost.c, line 189, assertion "rv == APR_SUCCESS" failed
Abort - core dumped

but that is I guess another problem. I'll try to sort out the reasons
for the crash once I know what I am supposed to be doing.

David Kirkby
 
 
 

Basic SSL questions - ore or two configuration files ??

Post by Davide Bia » Mon, 27 Sep 2004 21:06:03


If the main httpd.conf include the ssl one they are already merged.


Usually, the SSL part is enclosed in <IfModule> blocks, so it become
effective only if you start apache with the "startssl" command that
enable it.


The version of Apache distributed rely on apr library, for this to
work you need to configure your server to use DNS.

Davide

--
The three "R"s of Microsoft support: Retry Reboot Reinstall-- Mark Atwood
You forgot one: Repeat-- Lars Balker Rasmussen