[NBLUG/talk] Enabling SSL in Apache2?

Lincoln Peters sampln at sbcglobal.net
Fri Aug 25 21:47:36 PDT 2006


On Friday 25 August 2006 18:47, Troy Arnold wrote:
> On Fri, Aug 25, 2006 at 06:23:00PM -0700, Lincoln Peters wrote:
> > On Wednesday 23 August 2006 00:19, Troy Arnold wrote:
> > > Something like:
> > > <VirtualHost 192.168.1.80:443>
> > > SSLEngine on
> > > SSLCertificateKeyFile /etc/apache2/ssl/secure.private.key
> > > SSLCertificateFile /etc/apache2/ssl/secure.crt
> > > SSLOptions +StdEnvVars
> > > [...]
> > > </VirtuaHost>
> >
> > That seems to have been part of the problem.  However, now that I've set
> > that up, instead of getting "connection refused", I get no response at
> > all from the server when I try to connect via HTTPS.  So I'm not sure
> > where to go from here.
> >
> > Here's the VirtualHost definition from my apache2.conf file:
> > <VirtualHost odysseus.peterslan:443>
>
> Can apache correctly resolve that name?

It's listed in /etc/hosts, so I'd be surprised if it can't.

>
> What happens if you telnet to port 443 on the webserver from the webserver
> itself and also from another host on the LAN?

$ telnet odysseus.peterslan 443
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.


It then waits for me to give it a command.

Actually, I think I see what went wrong.  I was on the server when I tried to 
connect, and pointed to "https://localhost/" instead of 
"https://odysseus.peterslan".  For some reason, when I modified /etc/hosts 
around the same time so that the server would recognize itself 
as "odysseus.peterslan", it stopped recognizing itself as "localhost".  Seems 
that /etc/hosts is pickier than I had thought.

I've corrected /etc/hosts, and everything seems to be working again, including 
HTTPS!  Yay!

>
> Also check out the free certs from cacert.org.  Their root cert is already
> in Debian, Gentoo, Fedora and others, and is in progress for inclusion into
> Mozilla distributions.  In the meantime adding their root cert to your
> browser is pretty much a two-click process.  (If your browser or OS trusts
> the cacert root certificate, then you don't get any warnings when visiting
> a site secured with one of their certs.)

Since this server is for my own personal use, I don't think I need to be this 
elaborate.  But I'll try to remember this, in case I eventually do set up a 
larger-scale website.


-- 
Lincoln Peters		<sampln at sbcglobal.net>

An ounce of clear truth is worth a pound of obfuscation.



More information about the talk mailing list