Results 1 to 8 of 8

Thread: https for apache2

  1. #1

    Default https for apache2

    Hello;

    I am facing a problem to enable the https with the apache2, I feel it is related to the certificate as I am creating a dummy certificate, but until now I am not able to know the reason, kindly find below my data and configuration for the opensuse machine:

    ANASKW:~ # cat /etc/SuSE-release
    openSUSE 12.1 (x86_64)
    VERSION = 12.1
    CODENAME = Asparagus



    vi /var/log/apache2/error.log



    [Sat May 25 23:37:26 2013] [info] Init: Seeding PRNG with 144 bytes of entropy
    [Sat May 25 23:37:26 2013] [info] Loading certificate & private key of SSL-aware server
    [Sat May 25 23:37:26 2013] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
    [Sat May 25 23:37:26 2013] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Sat May 25 23:37:26 2013] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Sat May 25 23:37:26 2013] [info] Init: Initializing (virtual) servers for SSL
    [Sat May 25 23:37:26 2013] [info] Configuring server for SSL protocol
    [Sat May 25 23:37:26 2013] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: TLSv1)
    [Sat May 25 23:37:26 2013] [debug] ssl_engine_init.c(666): Configuring permitted SSL ciphers [ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH]
    [Sat May 25 23:37:26 2013] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
    [Sat May 25 23:37:26 2013] [debug] ssl_engine_init.c(797): Configuring RSA server certificate
    [Sat May 25 23:37:26 2013] [debug] ssl_engine_init.c(836): Configuring RSA server private key
    [Sat May 25 23:37:26 2013] [info] mod_ssl/2.2.21 compiled against Server: Apache/2.2.21, Library: OpenSSL/1.0.0k



    ANASKW:/var/log/apache2 # rcapache2 restart
    redirecting to systemctl
    Job failed. See system logs and 'systemctl status' for details.

    ANASKW:/var/log/apache2 # systemctl status apache2.service
    apache2.service - apache
    Loaded: loaded (/lib/systemd/system/apache2.service; enabled)
    Active: failed since Sat, 25 May 2013 23:44:32 +0300; 36s ago
    Process: 27659 ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -k start (code=exited, status=0/SUCCESS)
    CGroup: name=systemd:/system/apache2.service



    vi /etc/apache2/listen.conf

    Listen 443
    Listen 80

    vi /etc/apache2/vhosts.d/vhost-ssl.conf

    <VirtualHost _default_:443>
    # <VirtualHost *:443>


    <VirtualHost _default_:443>
    # <VirtualHost *:443>


    # General setup for the virtual host
    DocumentRoot "/srv/www/htdocs"
    ServerName 192.168.0.5:443
    ServerAdmin webmaster@anas.com
    ErrorLog /var/log/apache2/error_log
    TransferLog /var/log/apache2/access_log



    SSLCertificateFile /etc/apache2/ssl.crt/server.crt

    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key



    The certificate was generated using the following command:

    gensslcert -c KW -s Farwaneyyah -o anas -e webmaster@anas.com -n 192.168.0.5

    subject=/C=KW/ST=Farwaneyyah/L=unknown/O=anas/OU=web server/CN=192.168.0.5/emailAddress=webmaster@anas.com

    About the /etc/sysconfig/apache2, the ssl existed in the APACHE_MODULES and the APACHE_SERVER_FLAGS and I tried APACHE_SERVER_FLAGS="-D SSL" and I tried APACHE_SERVER_FLAGS="SSL" but no luck



    What is the wrong thing that I have? I feel it is related to the certificate .. but what it could be?

    Regards
    Bilal

  2. #2

    Default Re: https for apache2

    Any Help?

    Regards
    Bilal

  3. #3

    Default Re: https for apache2

    Now I used:

    openssl genrsa -des3 -out server.key -rand randomfile
    and
    openssl req -new -x509 -key server.key -out server.crt

    And I placed the ServerName anaskw:443 and I used this name (anaskw) to create the crt file.

    Now, when I am typing rcapache2 restart, I am getting the following:

    anaskw:/etc/apache2/vhosts.d # rcapache2 restart
    redirecting to systemctl
    Enter SSL pass phrase for anaskw:443 (RSA): *********
    Job failed. See system logs and 'systemctl status' for details.

    And the logs is:

    vi /var/log/apache2/error_log:

    [Sun May 26 14:05:58 2013] [info] Init: Seeding PRNG with 144 bytes of entropy
    [Sun May 26 14:05:58 2013] [info] Loading certificate & private key of SSL-aware server
    [Sun May 26 14:05:58 2013] [info] Init: Requesting pass phrase from dialog filter program (/usr/sbin/apache2-systemd-ask-pass)
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_pphrase.c(476): encrypted RSA private key - pass phrase requested
    [Sun May 26 14:06:01 2013] [info] Loading certificate & private key of SSL-aware server
    [Sun May 26 14:06:01 2013] [info] anaskw:443 reusing existing RSA private key on restart
    [Sun May 26 14:06:01 2013] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Sun May 26 14:06:01 2013] [info] Init: Generating temporary DH parameters (512/1024 bits)
    [Sun May 26 14:06:01 2013] [info] Init: Initializing (virtual) servers for SSL
    [Sun May 26 14:06:01 2013] [info] Configuring server for SSL protocol
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(666): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(797): Configuring RSA server certificate
    [Sun May 26 14:06:01 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(836): Configuring RSA server private key
    [Sun May 26 14:06:01 2013] [info] Configuring server for SSL protocol
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: TLSv1)
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(666): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(797): Configuring RSA server certificate
    [Sun May 26 14:06:01 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sun May 26 14:06:01 2013] [debug] ssl_engine_init.c(836): Configuring RSA server private key
    [Sun May 26 14:06:01 2013] [info] mod_ssl/2.2.21 compiled against Server: Apache/2.2.21, Library: OpenSSL/1.0.0k

    What I have to do?
    Really I got to be very tired.

    Regards
    Bilal

  4. #4
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,051
    Blog Entries
    14

    Default Re: https for apache2

    Hi,

    Please be patient. We are all here as volunteers¸ have our daily jobs, and sometimes are limited in our time here for personal reasons. Plus...... you posted this on a friday night.
    Some advice: post output between CODE tags, the way it is now is hard to read.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  5. #5

    Default Re: https for apache2

    Hello;

    I am big sorry for this ..

    I have the following settings right now:

    at the default-server.conf

    ServerName 192.168.0.5
    #ServerName anaskw
    ServerAdmin bilal.ghayad@helloonet.com


    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key

    At listen.conf:

    Listen 80
    Listen 443


    <IfDefine SSL>
    <IfDefine !NOSSL>
    <IfModule mod_ssl.c>


    Listen 443


    </IfModule>
    </IfDefine>
    </IfDefine>

    I decided not to use the virtual as it is going to be one application only to be browsed.
    About the certifications:
    It is placed in the /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/ and /etc/apache2/ssl.csr/ and I used the following techniques from the following link:

    OpenSUSE Linux: Creating Self-Signed SSL Certificates | Mr.Novell\'s Blog

    openssl genrsa -des3
    openssl req -new -x509
    openssl x509 -req

    Also, I tried to use the virtual, and in the virtual configuration, I placed the ServerName to be 192.168.0.5:443 , but no luck.
    Could be something related to the generated certificate and the ssl module that I have (if they are compatible or not)? How I can adjust this?

    Regards
    Bilal

  6. #6
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,394

    Default Re: https for apache2

    I wil repeat Knurohts last question, which for some reason you did not understand (which is quite possible, but you did not tell you didn't understand). Please post all computers texts in your post between CODE tags. You get those tags by clicking on the # button in the toolbar of the post editor.

    And then copy/paste it complete: prompt, command, output, next prompt between those tags. Then you have to add almost no comment, because we can all read who you were, where you were and what you did to get the output.
    Henk van Velden

  7. #7

    Default Re: https for apache2

    Hello;

    Please help me to learn: Is it like this good? Really I am new for the forum. Again, sorry.

    By the way: to be able to generate certificate, is it required to have a domain (www.forexample.com) and to be directed for the IP address of the machine? Actually I am trying to generate license on a machine that does not have domain (I am writing in the Server Name 192.168.0.5, which is the IP address of the computers).

    I have the following settings right now:

    at the default-server.conf


    Code:
    
    ServerName 192.168.0.5
    ServerAdmin bilal.ghayad@helloonet.com
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key

    At listen.conf:


    Code:
    
    Listen 80
    Listen 443
    
    
    <IfDefine SSL>
    <IfDefine !NOSSL>
    <IfModule mod_ssl.c>
    
    
    Listen 443
    
    
    </IfModule>
    </IfDefine>
    </IfDefine>
    I decided not to use the virtual as it is going to be one application only to be browsed.

    About the certifications:

    It is placed in the /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/ and /etc/apache2/ssl.csr/ and I used the following techniques from the following link:

    OpenSUSE Linux: Creating Self-Signed SSL Certificates | Mr.Novell\'s Blog

    openssl genrsa -des3
    openssl req -new -x509
    openssl x509 -req

    Also, I tried to use the virtual, and in the virtual configuration, I placed the ServerName to be 192.168.0.5:443 , but no luck.
    Could be something related to the generated certificate and the ssl module that I have (if they are compatible or not)? How I can adjust this?

    Regards
    Bilal

  8. #8

    Default Re: https for apache2

    I would like to add that I kept the ssl-global.conf as it, and I need to know if this is effecting to the type of the certificate files that I have to generate:

    Code:
            AddType application/x-x509-ca-cert .crt
            AddType application/x-pkcs7-crl    .crl
    
    
            #   Pass Phrase Dialog:
            #   Configure the pass phrase gathering process.
            #   The filtering dialog program (`builtin' is a internal
            #   terminal dialog) has to provide the pass phrase on stdout.
            <IfDefine SYSTEMD>
            SSLPassPhraseDialog exec:/usr/sbin/apache2-systemd-ask-pass
            </IfDefine>
            <IfDefine !SYSTEMD>
            SSLPassPhraseDialog  builtin
            </IfDefine>
    Regards
    Bilal

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •