I see the part in the manual about how to do so at key creation time by omitting the -des3 option, but now that I already have a key & certificate with the -des3 option, can i pass the password to httpsd in the init levels? -Duncan Preston Brown wrote:> On Tue, 8 Dec 1998, Duncan wrote: > > > Sorry if this question was already covered.... > > How can I get httpd to startup without prompting for the password on the > > console after reboot? Can I hard-code the password into a conf file? > > It''s in the manual. > > --- > Preston Brown > Red Hat Software, Inc. > pbrown@redhat.com > > -- > PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! > http://www.redhat.com http://archive.redhat.com > To unsubscribe: mail redhat-secure-server-request@redhat.com with > "unsubscribe" as the Subject.
I have been pulling my hair out trying to figure out what I have done wrong in setting up the security virtual server. When I connect using IE or Netscape to the webserver it works fine at port 80 but I get an "unexpected response" from the server when I connect to port 443. And this is what shows up in error_log-ssl: [Wed Dec 9 03:15:06 1998] [error] mod_ssl: SSL_accept failed [Wed Dec 9 03:15:06 1998] [error] SSLeay: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:http request I have done a search all over the place and cannot find this error message anywhere.. I only find one for SSL23_GET_CLIENT_HELLO:unknown protocol. What am I doing wrong here? I created a key with ''make genkey'' and created a test cert with ''make testcert''. Everything looks good. but when I connect I get the above error. I went a commented out the security in the httpd.conf changing SSLEnable to SSLDisable etc... and I can get the first page via port 443. But when I set it back I cannot pull up the page. A possible related problem. If I stop and start the httpd server. The very first time I connect to port 80 It will load the page but then hang on loading a few of the pictures... if I hit stop and then reload... it all works fine from then on. ( I have also notice intermiten hangs with VNC over my ethernet.) This is what is in my error_log (I have loglevel set to debug in httpd.conf): [Wed Dec 9 03:14:06 1998] ssl_gcache started [Wed Dec 9 03:14:06 1998] [info] created shared memory segment #128 [Wed Dec 9 03:14:06 1998] ssl_gcache started [Wed Dec 9 03:14:06 1998] [notice] Red Hat Secure/2.0 (Unix) mod_ssl/2.0.7 SSLeay/0.9.0b configured -- resuming normal operations [Wed Dec 9 03:14:06 1998] [info] Server built: Sep 12 1998 00:09:03 Any help would be appreciated! I am running out of hair. Thanks, Robert
Also, Is there any reason that the maillist archive only goes up to October? Thanks, Robert
On Wed, 9 Dec 1998, Robert Hentosh wrote:> > I have been pulling my hair out trying to figure out what I have done > wrong in setting up the security virtual server. When I connect using IE > or Netscape to the webserver it works fine at port 80 but I get an > "unexpected response" from the server when I connect to port 443. And > this is what shows up in error_log-ssl: > > [Wed Dec 9 03:15:06 1998] [error] mod_ssl: SSL_accept failed > [Wed Dec 9 03:15:06 1998] [error] SSLeay: error:1407609B:SSL > routines:SSL23_GET_CLIENT_HELLO:http request >: : Okay, I downloaded the SSLeay source and started looking at it. I believe my error is being printed out at line 321 in s23_srvr.c. I guess I am doing something stupid. If I understand this code correctly this expects the client to send a header for SSL but I am sending a get request cause all I am doing is doing an open to: "http://www.mydomain.com:443/" okay if this is not how I am supposed to test this... please tell me? Thanks, Robert
On Wed, 9 Dec 1998, Robert Hentosh wrote:> Okay, I downloaded the SSLeay source and started looking at it. I believe > my error is being printed out at line 321 in s23_srvr.c. I guess I am > doing something stupid. If I understand this code correctly this expects > the client to send a header for SSL but I am sending a get request cause > all I am doing is doing an open to: > > "http://www.mydomain.com:443/" > > > okay if this is not how I am supposed to test this... please tell me?Yeah, you can''t just telnet to the port to test it out. You have to use ssleay. ssleay has a terminal mode, where you can connect to port 443 securely. I''m not sure what it is offhand though. if you just type ssleay, you will be placed in its "menu mode," from where you can type help and get a list of commands. Please let us know if this helps. --- Preston Brown Red Hat Software, Inc. pbrown@redhat.com
On Wed, 9 Dec 1998, Preston Brown wrote:> On Wed, 9 Dec 1998, Robert Hentosh wrote: > > "http://www.mydomain.com:443/" > > > > > > okay if this is not how I am supposed to test this... please tell me? > > Yeah, you can''t just telnet to the port to test it out. You have to use > ssleay. ssleay has a terminal mode, where you can connect to port 443 > securely. I''m not sure what it is offhand though. if you just type > ssleay, you will be placed in its "menu mode," from where you can type > help and get a list of commands. > > Please let us know if this helps. > > --- > Preston BrownThat was my problem!! When I connected to: https://www.mydomain.com/ It works!!! Shesh I am embarased. But I didn''t see that anywhere in the manual. It would help if it said somewhere this is how to connect. I only see ''connect to your server'' but not exactly how. Thanks, Robert (aspiring web-thingy...)
On Wed, 9 Dec 1998, Robert Hentosh wrote:> That was my problem!! When I connected to: > > https://www.mydomain.com/ > > It works!!! Shesh I am embarased. But I didn''t see that anywhere in the > manual. It would help if it said somewhere this is how to connect. I > only see ''connect to your server'' but not exactly how.We assumed most people would be using web browsers to test HTTP connections. I think that''s a fairly safe assumption. --- Preston Brown Red Hat Software, Inc. pbrown@redhat.com