Apache with mod_ssl on Solaris 9

From: Andreas Höschler (ahoesch@smartsoft.de)
Date: Fri Dec 17 2004 - 10:45:32 EST


Dear manager,

I am desparately trying to get Apache (https) working on a Soalris 9
machine. I did

        pkgadd -d openssl-0.9.6i-sol9-sparc-local
        pkgadd -d apache-1.3.27-sol9-sparc-local

and then configured prngd as follows

        cd /var/adm
        cat messages > /usr/local/etc/prngd/prngd-seed

        mkdir /var/spool/prngd
        /usr/local/sbin/prngd /var/spool/prngd/pool

The daemon is running. I then configured
/usr/local/apache/conf/httpd.conf as follows

        Port 80
        Listen 80
        Listen 443
        ServerAdmin ahoesch@advanced-it.org
        ServerName www.advanced-it.org
        DocumentRoot "/usr/local/apache/htdocs"

        <VirtualHost *>
        ServerName www.advanced-it.org
        DocumentRoot /usr/local/apache/htdocs
        </VirtualHost>

        <VirtualHost _default_:443>
        SSLEngine on
        SSLCertificateFile /usr/local/apache/conf/advanced-it.crt
        SSLCertificateKeyFile /usr/local/apache/conf/advanced-it.key
        BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        </VirtualHost>

I created a self-signed certicate as follows

        cd /usr/local/ssl/certs
        /usr/local/ssl/bin/openssl genrsa -des3 1024 > advanced-it_key.tmp
        /usr/local/ssl/bin/openssl rsa -in advanced-it_key.tmp -out
advanced-it.key
        /usr/local/ssl/bin/openssl req -new -key advanced-it.key -x509 -days
365 -out advanced-it.crt
        cp advanced-it.key /usr/local/apache/conf
        cp advanced-it.crt /usr/local/apache/conf

with www.advanced-it.org as the CN. I then started the guy with

        /usr/local/apache/bin/apachectl start

In /usr/local/apache/logs/error_log I get

[Fri Dec 17 16:34:31 2004] [error] mod_ssl: SSL handshake failed
(server www.advanced-it.org:443, client 192.168.1.5) (OpenSSL library
error follows)
[Fri Dec 17 16:34:31 2004] [error] OpenSSL: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Fri Dec 17 16:41:20 2004] [notice] caught SIGTERM, shutting down
[Fri Dec 17 16:41:29 2004] [notice] Apache/1.3.27 (Unix) mod_ssl/2.8.12
OpenSSL/0.9.6g configured -- resuming normal operations
[Fri Dec 17 16:41:29 2004] [notice] Accept mutex: fcntl (Default: fcntl)

Don't know what this means, but it looks bad. I can connect to
http://www.advanced-it.org, but when I try https://www.advanced-it.org
I get

Cannot Load Address

Unable to connect, SSL_connect() failed: [436:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not
01:rsa_pk1.c:100: 436:error:04067072:rsa
routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:478:
436:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
signature:s3_clnt.c:1158: ]

So what am I missing here? Thanks for any hint that gets me further
with this.

Regards,

   Andreas
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:54 EDT