[NBLUG/talk] Enabling SSL in Apache2?
Lincoln Peters
sampln at sbcglobal.net
Fri Aug 25 21:47:36 PDT 2006
On Friday 25 August 2006 18:47, Troy Arnold wrote:
> On Fri, Aug 25, 2006 at 06:23:00PM -0700, Lincoln Peters wrote:
> > On Wednesday 23 August 2006 00:19, Troy Arnold wrote:
> > > Something like:
> > > <VirtualHost 192.168.1.80:443>
> > > SSLEngine on
> > > SSLCertificateKeyFile /etc/apache2/ssl/secure.private.key
> > > SSLCertificateFile /etc/apache2/ssl/secure.crt
> > > SSLOptions +StdEnvVars
> > > [...]
> > > </VirtuaHost>
> >
> > That seems to have been part of the problem. However, now that I've set
> > that up, instead of getting "connection refused", I get no response at
> > all from the server when I try to connect via HTTPS. So I'm not sure
> > where to go from here.
> >
> > Here's the VirtualHost definition from my apache2.conf file:
> > <VirtualHost odysseus.peterslan:443>
>
> Can apache correctly resolve that name?
It's listed in /etc/hosts, so I'd be surprised if it can't.
>
> What happens if you telnet to port 443 on the webserver from the webserver
> itself and also from another host on the LAN?
$ telnet odysseus.peterslan 443
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
It then waits for me to give it a command.
Actually, I think I see what went wrong. I was on the server when I tried to
connect, and pointed to "https://localhost/" instead of
"https://odysseus.peterslan". For some reason, when I modified /etc/hosts
around the same time so that the server would recognize itself
as "odysseus.peterslan", it stopped recognizing itself as "localhost". Seems
that /etc/hosts is pickier than I had thought.
I've corrected /etc/hosts, and everything seems to be working again, including
HTTPS! Yay!
>
> Also check out the free certs from cacert.org. Their root cert is already
> in Debian, Gentoo, Fedora and others, and is in progress for inclusion into
> Mozilla distributions. In the meantime adding their root cert to your
> browser is pretty much a two-click process. (If your browser or OS trusts
> the cacert root certificate, then you don't get any warnings when visiting
> a site secured with one of their certs.)
Since this server is for my own personal use, I don't think I need to be this
elaborate. But I'll try to remember this, in case I eventually do set up a
larger-scale website.
--
Lincoln Peters <sampln at sbcglobal.net>
An ounce of clear truth is worth a pound of obfuscation.
More information about the talk
mailing list