From: Andreas Höschler (ahoesch@smartsoft.de)
Date: Fri Dec 17 2004 - 10:45:32 EST
Dear manager,
I am desparately trying to get Apache (https) working on a Soalris 9
machine. I did
pkgadd -d openssl-0.9.6i-sol9-sparc-local
pkgadd -d apache-1.3.27-sol9-sparc-local
and then configured prngd as follows
cd /var/adm
cat messages > /usr/local/etc/prngd/prngd-seed
mkdir /var/spool/prngd
/usr/local/sbin/prngd /var/spool/prngd/pool
The daemon is running. I then configured
/usr/local/apache/conf/httpd.conf as follows
Port 80
Listen 80
Listen 443
ServerAdmin ahoesch@advanced-it.org
ServerName www.advanced-it.org
DocumentRoot "/usr/local/apache/htdocs"
<VirtualHost *>
ServerName www.advanced-it.org
DocumentRoot /usr/local/apache/htdocs
</VirtualHost>
<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/advanced-it.crt
SSLCertificateKeyFile /usr/local/apache/conf/advanced-it.key
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
I created a self-signed certicate as follows
cd /usr/local/ssl/certs
/usr/local/ssl/bin/openssl genrsa -des3 1024 > advanced-it_key.tmp
/usr/local/ssl/bin/openssl rsa -in advanced-it_key.tmp -out
advanced-it.key
/usr/local/ssl/bin/openssl req -new -key advanced-it.key -x509 -days
365 -out advanced-it.crt
cp advanced-it.key /usr/local/apache/conf
cp advanced-it.crt /usr/local/apache/conf
with www.advanced-it.org as the CN. I then started the guy with
/usr/local/apache/bin/apachectl start
In /usr/local/apache/logs/error_log I get
[Fri Dec 17 16:34:31 2004] [error] mod_ssl: SSL handshake failed
(server www.advanced-it.org:443, client 192.168.1.5) (OpenSSL library
error follows)
[Fri Dec 17 16:34:31 2004] [error] OpenSSL: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Fri Dec 17 16:41:20 2004] [notice] caught SIGTERM, shutting down
[Fri Dec 17 16:41:29 2004] [notice] Apache/1.3.27 (Unix) mod_ssl/2.8.12
OpenSSL/0.9.6g configured -- resuming normal operations
[Fri Dec 17 16:41:29 2004] [notice] Accept mutex: fcntl (Default: fcntl)
Don't know what this means, but it looks bad. I can connect to
http://www.advanced-it.org, but when I try https://www.advanced-it.org
I get
Cannot Load Address
Unable to connect, SSL_connect() failed: [436:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not
01:rsa_pk1.c:100: 436:error:04067072:rsa
routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:478:
436:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
signature:s3_clnt.c:1158: ]
So what am I missing here? Thanks for any hint that gets me further
with this.
Regards,
Andreas
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:54 EDT