Apache2.2 and SSL configure enquiry

[harrytran]

hi, i am doing the configure to enable SSL in Apache 2.2.6 . But i got the problem with the SSLEngine On . If i don't put it inside the <IFDefine SSL> , i can not start httpd. But If i put inside, my httpd start , but the ssl does not work. I only can access the normal : http://localhost:443 , but not https://localhost:443. Here is my Virtual Host configure:

 

<IfDefine SSL>

NameVirtualHost 192.168.1.12:443

<VirtualHost *.1443>

 

#<VirtualHost abc.com:1443>

 

 

ServerAdmin portaladmin@abc.com

DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"

ServerName abc.com

 

ErrorLog logs/abc.com-error.log

CustomLog logs/abc.com-access.log common

 

 

 

SSLEngine on

SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/ssl.crt/server.crt"

SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/ssl.key/server.key"

 

 

</VirtualHost>

 

</IfDefine>

Anyone got experience in this matter, I got stuck at here for a few weeks.

Thanks,

Harry

[texerasmo]

The configuration ssl in apache usually it is so

 

 

 

Listen 443

 

 

#

#  Some MIME-types for downloading Certificates and CRLs

#

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl

 

#  Pass Phrase Dialog:

#  Configure the pass phrase gathering process.

#  The filtering dialog program (`builtin' is a internal

#  terminal dialog) has to provide the pass phrase on stdout.

SSLPassPhraseDialog  builtin

 

#  Inter-Process Session Cache:

#  Configure the SSL Session Cache: First the mechanism

#  to use and second the expiring timeout (in seconds).

#SSLSessionCache        dbm:/usr/local/apache_man2//logs/ssl_scache

SSLSessionCache        shmcb:/usr/local/apache_man2//logs/ssl_scache(512000)

SSLSessionCacheTimeout  300

 

#  Semaphore:

#  Configure the path to the mutual exclusion semaphore the

#  SSL engine uses internally for inter-process synchronization.

SSLMutex  file:/usr/local/apache_man2//logs/ssl_mutex

 

##

## SSL Virtual Host Context

##

 

<VirtualHost _default_:443>

 

#  General setup for the virtual host

DocumentRoot "/usr/local/apache_man2//htdocs"

ServerName www.example.com:443

ServerAdmin you@example.com

ErrorLog /usr/local/apache_man2//logs/error_log

TransferLog /usr/local/apache_man2//logs/access_log

 

#  SSL Engine Switch:

#  Enable/Disable SSL for this virtual host.

SSLEngine on

 

#  SSL Cipher Suite:

#  List the ciphers that the client is permitted to negotiate.

#  See the mod_ssl documentation for a complete list.

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 

#  Server Certificate:

#  Point SSLCertificateFile at a PEM encoded certificate.  If

#  the certificate is encrypted, then you will be prompted for a

#  pass phrase.  Note that a kill -HUP will prompt again.  Keep

#  in mind that if you have both an RSA and a DSA certificate you

#  can configure both in parallel (to also allow the use of DSA

#  ciphers, etc.)

SSLCertificateFile /usr/local/apache_man2//conf/server.crt

#SSLCertificateFile /usr/local/apache_man2//conf/server-dsa.crt

 

#  Server Private Key:

#  If the key is not combined with the certificate, use this

#  directive to point at the key file.  Keep in mind that if

#  you've both a RSA and a DSA private key you can configure

#  both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /usr/local/apache_man2//conf/server.key

#SSLCertificateKeyFile /usr/local/apache_man2//conf/server-dsa.key

 

<FilesMatch "\.(cgi|shtml|phtml|php)$">

    SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/usr/local/apache_man2//cgi-bin">

    SSLOptions +StdEnvVars

</Directory>

 

#  SSL Protocol Adjustments:

#  The safe and default but still SSL/TLS standard compliant shutdown

#  approach is that mod_ssl sends the close notify alert but doesn't wait for

#  the close notify alert from client. When you need a different shutdown

#  approach you can use one of the following variables:

#  o ssl-unclean-shutdown:

#    This forces an unclean shutdown when the connection is closed, i.e. no

#    SSL close notify alert is send or allowed to received.  This violates

#    the SSL/TLS standard but is needed for some brain-dead browsers. Use

#    this when you receive I/O errors because of the standard approach where

#    mod_ssl sends the close notify alert.

#  o ssl-accurate-shutdown:

#    This forces an accurate shutdown when the connection is closed, i.e. a

#    SSL close notify alert is send and mod_ssl waits for the close notify

#    alert of the client. This is 100% SSL/TLS standard compliant, but in

#    practice often causes hanging connections with brain-dead browsers. Use

#    this only for browsers where you know that their SSL implementation

#    works correctly.

#  Notice: Most problems of broken clients are also related to the HTTP

#  keep-alive facility, so you usually additionally want to disable

#  keep-alive for those clients, too. Use variable "nokeepalive" for this.

#  Similarly, one has to force some clients to use HTTP/1.0 to workaround

#  their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and

#  "force-response-1.0" for this.

BrowserMatch ".*MSIE.*" \

        nokeepalive ssl-unclean-shutdown \

        downgrade-1.0 force-response-1.0

 

#  Per-Server Logging:

#  The home of a custom SSL log file. Use this when you want a

#  compact non-error SSL logfile on a virtual host basis.

CustomLog /usr/local/apache_man2//logs/ssl_request_log \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

</VirtualHost>                         

Remember       

Yuo have  add this code in httpd.conf or write an external file and then have to do include file in httpd.conf 

 

[corbin]

Where is SSL defined, and I'm 99% sure your SSL module isn't loaded.  Can we see your LoadModule lines related to SSL?