Raible's Wiki

Raible Designs
Wiki Home
News
Recent Changes

AppFuse

Homepage
  - Korean
  - Chinese
  - Italian
  - Japanese

QuickStart Guide
  - Chinese
  - French
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish
  - Japanese

User Guide
  - Korean
  - Chinese

Tutorials
  - Chinese
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish

FAQ
  - Korean

Latest Downloads

Other Applications

Struts Resume
Security Example
Struts Menu

Set your name in
UserPreferences


Referenced by
Articles
Articles_cn
Articles_de
Articles_pt
Articles_zh




JSPWiki v2.2.33

[RSS]


Hide Menu

ApacheSSL


Difference between version 17 and version 3:

At line 1 added 46 lines.
<style type="text/css" media="all">
span.highlight {background: yellow; color: black}
div.highlight {background: #ffc; color: black; border: 1px solid black; padding: 10px}
p.testedBy {border-top: 1px dashed black; padding-top: 5px; color: #666; background: transparent; font-size: .9em;}
</style>
<div class="canvas">
<!--
Changelog:
1.7.1 2006-11-16 Added default test certificate pass phrase
1.7.0 2005-12-29 Added "unknown protocol" issue and solution
1.6.9 2005-01-24 Added link to new Windows+Apache+SSL Tutorial
1.6.8 2004-12-13 Links updated; OpenSSL configfile explained; other clarifications
1.6.7 2004-05-18 Moved to Wiki so users can edit when they find mistakes/updates
1.6.6 2003-12-30 Added user comments
1.6.5 2002-09-27 Added instructions for Linux
1.6.4 2002-09-26 Added information for Apache 2.0 and added a little formatting
1.6.3 2002-05-18 info about better not overwriting the configuration files
1.6.2 2002-05-10 more info about "couldn't load..."; apache 2 warning
1.6.1 2002-04-10 AddModule clarification, more debugging
1.6 2001-12-28 Windows XP information, common problems section
1.5.3 2001-11-27 Added link to French translation
1.5.2 2001-11-06 Added AddModule
1.5.1 2001-10-26 Added link to Spanish translation
1.5 2001-10-20 Lots of clarifications based on input from many people
1.4.4 2001-05-26 Added Peter Holm to the contributors
1.4.3 2001-05-25 "Port" directive commented out, some fixes for current versions
1.4.2 2001-04-06 Remark about .so files
1.4.1 2001-02-20 Success on ME
1.4 2001-01-28 Information about debugging connect errors
1.3.14 2000-12-28 Small fixes; right-click to download the openssl.cnf file
1.3.13 2000-12-19 Added feedback section
1.2.12 2000-11-21 Information about the languages I speak
1.2.11 2000-11-15 Removed outdated information about M$ IIS
1.2.10 2000-11-05 OpenSSL.exe fixes
1.2.9.2 2000-09-11 Minor tweaks, corrected HTML
1.2.9.1 2000-07-26 IfDefine Directive added, thanks to Torsten Stanienda
1.2.8 2000-05-09 OpenSSL -config corrected
1.2.7 2000-04-29 Peter Barany corrected my English
1.2.6 2000-04-28 Added info on converting the certificate to DER format for MSIE 4
1.2.5 2000-04-21 The HOWTO is now hosted on my on server. Updated the URL
Added -config parameter for openssl to work with the provided config file
1.2 2000-01-24 Christoph Zich tested the HOWTO on Windows 98
1.1 1999-10-22 Included Horst Brauner's openssl.conf file
1.0 Initial release
-->
At line 48 added 500 lines.
<div style="float: right; margin-top: 20px;">
<script type="text/javascript"><!--
google_ad_client = "pub-7968247362757416";
google_ad_width = 468;
google_ad_height = 60;1
google_ad_format = "468x60_as";
google_color_border = "990000";
google_color_bg = "FFFFFF";
google_color_link = "000000";
google_color_url = "CC0000";
google_color_text = "333333";
//--></script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
</div>
<h1>The Apache + SSL HOWTO</h1>
<p>Version 1.6.8 (changelog: view source)</p>
<p>
<a href="http://www.geocities.com/sartigas/apachessl.html">Spanish
translation</a> maintained by <a href="mailto:[email protected]">Sergio
Artigas</a>
</p>
<p>
<a href="http://netsafe.free.fr/index.php?Chap=A1">French
translation</a> maintained by <a href="mailto:[email protected]">Jean-Francois
Moreau</a>
</p>
<p>
Revised September 26, 2002 by <a href="mailto:[email protected]">Matt Raible</a> for Apache 2.0.42.
Original Article at <a href="http://tud.at/programm/apache-ssl-win32-howto.php3/">http://tud.at/programm/apache-ssl-win32-howto.php3</a>.
</p>
%%note __NEW!__ (January 23, 2005) Chris Thompson has written an [an updated and simplified|http://www.thompsonbd.com/tutorials/apachessl.php] Apache+SSL HowTo for Windows.%%
<h2>Overview</h2>
<p>This page describes the installation of the Win32 version of Apache with
the mod_ssl extension. The newest version should always be available from <a
href="http://tud.at/programm/apache-ssl-win32-howto.php3">http://tud.at/programm/apache-ssl-win32-howto.php3</a>.
</p>
<p> This process worked for many people on Windows NT, 98, ME, 2000 and XP;
please <a href="mailto:[email protected]">mail me</a> your suggestions and
bug reports. You can even install Apache with SSL in addition to the Microsoft
Internet Information Server if you need to.</p>
<p>
Note: sometimes, there are changes between the precompiled apache
distributions so that this HOWTO is not correct anymore. In this case,
if the current version does not work for you, download an older version -
one that was published before the modification date of this HOWTO.
Or, if you like adventures, try to make it run, and <a href="mailto:[email protected]">mail
me</a> if you needed to change anything.
</p>
<p>Apache with mod_ssl seems to be the only free (as in speech, not in beer)
solution for Win32. Please note that Apache on Win32 is considered beta
quality as it doesn&#39;t reach the stability and performance of Apache on
Un*x platforms.</p>
<h2>1.: <a name="install" id="install"></a>Installing Apache</h2>
<p>Get the Win32 version of the Apache web server from one of the <a
href="http://www.apache.org/mirrors/">mirrors</a>. It is called something like
<code>apache_x_y_z_win32.exe</code>. This is a self-extracting archive that
contains the Apache base system and sample configuration files.</p>
<p>
Don't mix Apache versions 1.3 and 2! It won't work. If you find 1.3.x on
modssl.org, you cannot expect it to work with 2.0.x.
</p>
<p>Install Apache as described in <a href="http://www.apache.org/docs/windows.html">http://www.apache.org/docs/windows.html</a>.</p>
<a name="install-linux" id="install-linux"></a>
<div class="highlight">
For Linux, to install Apache 2.0.42 with mod_sll installed, I performed the following steps:
I used <a href="http://httpd.apache.org/docs-2.0/install.html">http://httpd.apache.org/docs-2.0/install.html</a> as a reference.
<code>$ lynx http://www.apache.org/dist/httpd/httpd-2.0.42.tar.gz</code><br />
<code>$ gzip -d httpd-2.0.42.tar.gz</code><br />
<code>$ tar xvf httpd-2.0.42.tar</code><br />
<code>$ ./configure --enable-mods-shared=most --enable-ssl=shared</code><br />
<code>$ make</code><br />
<code>$ make install</code>
If you're using Apache 2.0.42 with Tomcat, you can download the binary mod_jk.so from<a href="http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-2.0.42.so"> http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-2.0.42.so</a>.
After downloading, put this file into your <code>modules</code> directory
and rename it <code>mod_jk.so</code>. <a href="http://www.raibledesigns.com/tomcat">Click
here</a> for more information on configuring Apache and Tomcat.
</div>
<p>Note: You can skip this step and get a full Apache+SSL distribution from
modssl.org, as described below. There will be no fancy installation program but
you won't need to overwrite the stock Apache files. This is the better way if
you are experienced and don't fear editing configuration files (which you will
need to do anyway).</p>
<p>Change at least the following parameters in <code>
Apache-dir/conf/httpd.conf</code>:<br />
<b>[[Replace all occurences of <code>www.my-server.dom</code> with the real
domain name!]</b></p>
<ul>
<li><code>Port 80</code> to <code><b>#</b> Port 80</code> (Comment it out;
<code>Port</code> is not necessary, <code>Listen</code> overrides it
later.)</li>
<li>(if <b>not</b> in addition to IIS) <code>Listen 80</code></li>
<li><code>ServerName</code> <b>www.my-server.dom</b></li>
<li>(if in addition to IIS) <code>DocumentRoot</code> and the corresponding
<code>&lt;Directory</code> some-dir<code>&gt;</code> to your <code>Inetpub\wwwroot</code></li>
</ul>
<p>Install the Apache service (NT only) and start the server. Verify that
everything works before proceeding to the SSL installation because this
limits the possible errors.</p>
<p>Try <u><b>http://www.my-server.dom:443/</b></u>. It won&#39;t be encrypted yet but if
this works then the port configuration (port 443) is right.</p>
<h2>2.: <a name="openssl" id="openssl"></a>Getting OpenSSL and mod_ssl</h2>
<p>
If you want to compile the mod_ssl.so module, you can use the latest
sources, available at
<a href="http://www.modssl.org/contrib/ftp/source/">http://www.modssl.org/contrib/ftp/source/</a>
for Apache 1.3.x and included in Apache HTTP server sources,
accesible as a CVS code repository (see the instructions at <a href="http://httpd.apache.org/dev/anoncvs.txt">http://httpd.apache.org/dev/anoncvs.txt</a>)
for Apache 2.0.x.</p>
<p>For Windows, the precompiled module is available at
<a href="http://hunter.campbus.com/">http://hunter.campbus.com/</a>
(where you will find there Apache 1.3 and 2.0 binaries with
the corresponding mod_ssl.so module versions included), while binaries for Linux are
included in the major Linux distributions.
</li>
</ul>
Apache Software Foundation mades a point in not offering the compiled binaries
for the SSL module, due to the export regulations for cryptographic software from USA.
Don&#39;t ask for binaries if they will not be available at the currently indicated locations.
Various ISVs provide free binaries for this module in various projects such as
<a href="http://www.nusphere.com/products/index.htm#NuSphereTechPlatform">NuSphere
Technology Platform</a>, <a href="http://www.apache-ssl.org/">Apache-SSL</a> etc.
</p>
<p>OpenSSL is required for getting a certificate to use with your web server. You may
download its sources and compile it from
<a href="http://www.openssl.org/source/">http://www.openssl.org/source/</a>. Compiled
binaries are available at <a href="http://gnuwin32.sourceforge.net/packages/openssl.htm">http://gnuwin32.sourceforge.net/packages/openssl.htm</a>
for Windows and are included in major Linux distributions.</p>
<p>OpenSSL for Windows might also be obtained by downloading and installing
<strong>Cygwin </strong>from <a href="http://www.cygwin.com">http://www.cygwin.com</a>.</p>
<p><span class="highlight">Put the files <code>ssleay32.dll</code> and <code>libeay32.dll</code>
from the Apache/modssl distribution directory to <code>WINNT\System32</code>
(or in another folder mentioned in the PATH environment variable).
This is important! About 70&nbsp;% of the e-mails I receive is because people
forget to do this.</span></p>
<h2>3.: <a name="create-cert" id="create-cert"></a>Creating a test certificate</h2>
<p>The following instructions are adapted from
<a href="http://www.apache-ssl.org/#FAQ">http://www.apache-ssl.org/#FAQ</a>.</p>
<p>Open a shell window (Command Prompt in Windows) and change the current directory to
the directory where you have the openssl.exe file (openssl file for Linux).</p>
<p><code>openssl req -config openssl.cnf -new -out server.csr</code><br />
This creates a certificate signing request (<code>server.csr</code>) and a
private key (<code>privkey.pem</code>), using the configuration
file that is provided with the binary distribution of OpenSSL or with
Cygwin (<code>openssl.cnf</code>) that will make the OpenSSL application to
prompt for each detail of the certificate. When asked for
<code>&quot;Common Name (eg, your websites domain name)&quot;</code>,
give the exact domain name of your web server (e.g. <b>www.my-server.dom</b>).
The certificate belongs to this server name and browsers complain if the
name doesn&#39;t match.</p>
<p style="margin-left: 20px; font-style: italic; color: green">
If you didn't provide a config file, OpenSSL will try to use the file specified
by the OPENSSL_CONF environment variable. This variable is usually not defined
and if you follow the instructions from the original tutorial (linked at the
top of this page), which does not use the <code>-conf</code> switch, you will
get an error about &quot;distinguished name&quot;. (Thanks to
<strong>Olivier Gambier</strong> for clearing this problem, using information from
<a href="http://www.openssl.org/docs/apps/req.html">http://www.openssl.org/docs/apps/req.html</a>.)</p>
<p style="margin-left: 20px; font-style: italic; color: green">
On a Windows system, files with <code>cnf</code> extensions are treated as special files
(of type SpeedDial) and Windows Explorer will refuse to display its extension, regardless
of display settings, and the file will have a strongly modified context menu that
might prevent you from editing it and might mislead you to believe you don't have this file.
Just look for a SpeedDial-type file displayed simply as <code>openssl</code>.</p>
<p><code>openssl rsa -in privkey.pem -out server.key</code><br />
This removes the passphrase from the private key. You MUST understand
what this means; <code>server.key</code> should be only readable by the
Apache server and the administrator.<br />
You should delete the <code>.rnd</code> file because it contains the entropy
information for creating the key and could be used for cryptographic attacks
against your private key.</p>
<p><code>openssl x509 -in server.csr -out server.crt -req -signkey server.key
-days 365</code><br />
This creates a self-signed certificate that you can use until you get a
&quot;real&quot; one from a certificate authority. (Which is optional; if you
know your users, you can tell them to install the certificate into their
browsers.) Note that this certificate expires after one year, you can
increase <code>-days 365</code> if you don't want this.</p>
<p>If you have users with MS Internet Explorer 4.0+ and want them to be able
to install the certificate into their certificate storage (by downloading and
opening it), you need to create a DER-encoded version of the certificate:<br />
<code>openssl x509 -in server.crt -out server.der.crt -outform DER</code></p>
<p>Create an <code>Apache/conf/ssl</code> directory and move <code> server.key</code>
and <code>server.crt</code> into it. <strong>For Linux</strong> create
two directories: <code>ssl.key</code> and <code>ssl.crt</code>. Move <code>server.crt</code>
into <code>ssl.crt</code> and move <code>server.key</code> into <code>ssl.key</code>.</p>
<p><span class="highlight">__Note:__ The default pass phrase shipped with openssl.cnf is ''aaaa''.</span></p>
<h2>4.: <a name="configuring" id="configuring"></a>Configuring Apache and mod_ssl</h2>
<p>Copy the executable files (*.exe, *.dll, *.so) from the downloaded
apache-mod_ssl distribution over your original Apache installation directory
(remember to stop Apache first and DO NOT overwrite your edited config files
etc.!).</p>
<p>Find the LoadModule directives in your <code>httpd.conf</code> file and
add this after the existing ones, according to the file you have found in the
distribution:</p>
<p><code>LoadModule ssl_module modules/ApacheModuleSSL.dll</code> <br /> or<br />
<code>LoadModule ssl_module modules/ApacheModuleSSL.so</code> <br /> or<br />
<code>LoadModule ssl_module modules/mod_ssl.so</code>
<br />
in newer versions. (Use this for 2.0.42 on Windows, on Linux, this will
be done for you when you compile with <code>--enable-ssh=shared</code>)</p>
<p>In newer versions of the distribution for Apache 1.x, it could also be necessary to add<br />
<code>AddModule mod_ssl.c</code><br />
after the AddModule lines that are already in the config file. </p>
<p>Copy <code>ssl.conf</code> from the OpenSSL distribution to Apache/conf/.
For Windows, you can download from <a href="http://www.raibledesigns.com/tomcat/ssl.conf">http://www.raibledesigns.com/tomcat/ssl.conf</a>
(Right click -> Save Target As...). <span class="highlight">Make sure
and change the <code>DocumentRoot</code> and <code>ServerName</code> values
on lines 93 and 94.</span></p>
<p>Add the following to the end of <code>httpd.conf</code>: <span class="highlight">Make sure and change <b>www.my-server.dom</b> in the example below.</span></p>
<pre>
<code><i># see <a
href="http://www.modssl.org/docs/2.4/ssl_reference.html">http://www.modssl.org/docs/2.4/ssl_reference.html</a> for more info</i>
SSLMutex sem
SSLRandomSeed startup builtin
SSLSessionCache none
ErrorLog logs/ssl.log
LogLevel info
<i># You can later change &quot;info&quot; to &quot;warn&quot; if everything is OK</i>
&lt;VirtualHost <b>www.my-server.dom</b>:443&gt;
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
&lt;/VirtualHost&gt;</code></pre>
<p>Don't forget to call apache with <code>-D SSL</code> if the <code>IfDefine</code>
directive is active in the config file! <span class="highlight">In other words,
either start Apache from the command line with <code>-D SSL</code> or comment
out the <code>IfDefine</code> start/end tags in <code>ssl.conf</code>.</span></p>
<div class="highlight">
<p><span class="c1"><strong>NOTE</strong>:</span> When using SSL with
multiple Virtual Hosts, you must use an ip-based configuration. This
is because SSL requires you to configure a specific port (443), whereas
name-based specifies all ports (*). You might the following error
if you try to mix name-based virtual hosts with SSL.</p>
<p><code>[[error] VirtualHost _default_:443 -- mixing * ports and non-*
ports with a NameVirtualHost address is not supported, proceeding
with undefined results</code></p>
</div>
<p>You might need to use <code>regedit</code> to change the key <code>
HKEY_LOCAL_MACHINE\SOFTWARE\Apache&nbsp;Group\Apache\X.Y.Z</code> to the
correct number if the <code>apache.exe</code> from
<code>modssl.org/contrib</code> is not the same version as the previously installed
one. (This seems not to be necessary with recent versions.)</p>
<p>Start the server, this time from the command prompt (not as a service) in order
to see the error messages that prevent Apache from starting. If everything
is OK, (optionally) press CTRL+C to stop the server and start it as a service
if you prefer.</p>
<p>
If it doesn&#39;t work, Apache should write meaningful messages to the screen
and/or into the error.log and SSL.log files in the Apache/logs directory.<br />
If something doesn&#39;t work, set all <code>LogLevel</code>s to the maximum
and <em>look into the logfiles</em>. They are very helpful.</p>
<p>DON'T e-mail me or the other contributors without having plain Apache
installed (Step 1). We will ignore your request; we are not the Free Apache
Helpdesk and there is enough good documentation on configuring Apache; if that
is not enough for you, you shouldn't run a secure server anyway. Also, DON'T
e-mail without having looked into the error.log and SSL.log with
<code>LogLevel</code> set to Debug.</p>
<h2><a name="debugging" id="debugging"></a>Debugging connect problems</h2>
<p>
Problems connecting to the server with a browser can have many reasons,
many of them on the client (proxy, DNS, general IE dumbness).
</p>
<p>
So, if you encounter problems connecting with SSL, try another browser
and/or look into the settings. If even this doesn't work, you can use
OpenSSL to debug the problem.
</p>
<pre><code>bb@www$ <b>openssl s_client -connect no-such-machine:443</b>
gethostbyname failure <i># Error resolving this DNS name. Connect with the IP address.</i>
connect:errno=2
bb@www$ <b>openssl s_client -connect www1.tud.at:443</b>
connect: Connection refused
connect:errno=111
<i># No SSL server on this port. Double-check the <b>Listen</b> and <b>Port</b> directives.</i>
bb@www$ <b>openssl s_client -connect </b>apcenter.apcinteractive.net<b>:443</b>
<i># everything OK. OpenSSL shows the information it obtained from the server.</i>
CONNECTED(00000003)
depth=0 /C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/[email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/[email protected]
verify return:1
---
Certificate chain
0 s:/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/[email protected]
i:/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/[email protected]
---
Server certificate
---BEGIN CERTIFICATE---
MIIC0TCCAjoCAQAwDQYJKoZIhvcNAQEEBQAwgbAxCzAJBgNVBAYTAmF0MQ0wCwYDV
[[...]
9ucXUnk=
---END CERTIFICATE---
subject=/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/[email protected]
issuer=/C=at/ST=Wien/L=Wien/O=APC interactive/OU=Lifecycle Management/CN=apcenter.apcinteractive.net/[email protected]
---
No client certificate CA names sent
---
SSL handshake has read 1281 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID: 49ACE1CF484A67D2C476B923D52110A6FCA1A7CE53D76DF7F233DEBF2333D4FB
Session-ID-ctx:
Master-Key: 00E9FA964253752294ECD69C18ADBA527B7170C112E2B3BCB25EA8F4FD847EC46E1FF0194EF8E16985B5E38BF6F12131
Key-Arg : None
Start Time: 980696025
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
<b>[Enter:
GET / HTTP/1.0
and press RETURN twice]</b>
HTTP/1.1 200 OK
Date: Sun, 28 Jan 2001 15:34:58 GMT
Server: Apache/1.3.9 (Win32) mod_ssl/2.4.9 OpenSSL/0.9.4
Cache-Control: no-cache, no-store, must-revalidate, private
Expires: 0
Pragma: no-cache
X-Powered-By: PHP/4.0.4
Last-Modified: Sun, 28 Jan 2001 15:35:00 GMT
Connection: close
Content-Type: text/html
&lt;!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"&gt;
&lt;html&gt;
<i># the server shows its main document</i>
</code></pre>
<h2>Common problems</h2>
<p>Q: I see the following when starting Apache:
</p><pre>Syntax error on line [[some number] of ...httpd.conf
Cannot load apache/modules/mod_ssl.so into server
(126) The module could not be found:
</pre>
<br />
A: Did you copy the openssl DLLs to WINNT/SYSTEM32 (or WINDOWS/SYSTEM on
Win9x/ME)? <br />
You can verify this by copying <code>openssl.exe</code> into a directory of its
own and executing it. If it complains about not being able to find some DLLs,
then you haven't copied them into the correct directory.
<br />
One user told me that he had this problem even when he did everything right. He
then found the problem: corrupt openssl DLLs. So if you get this error despite
having done everything correctly, try the openssl DLLs from another version from
modssl.org/contrib.
<p></p>
<p>Q: I see the following when starting Apache:
</p><pre>Syntax error on line [[some number] of apache/conf/httpd.conf:
Cannot load apache/modules/apachemodulessl.dll into server:
(127) The specified procedure could not be found:</pre>
or:
<pre>Syntax error on line [[some number] of apache/conf/httpd.conf:
Invalid command 'SSLMutex', perhaps mis-spelled or defined by a module not
included in the server configuration</pre>
<br />
A: You didn't add the AddModule line (or not where it belongs, it belongs below
the other AddModule lines).
<p></p>
<p>Q: SSL doesn't work in the browser and I see the following in some logfile:
</p><pre>
[Fri Nov 16 15:46:30 2001] [[error] OpenSSL: error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request [[Hint: speaking HTTP to
HTTPS port!?]
</pre>
A: How much clearer can an error message get? Your VirtualHost or Listen
configuration is wrong.
<p></p>
<p>Q: When trying to connect to https://www.myhost.com I kept getting an error about an unknown protocol. I could however connect to https://10.10.0.14 which is the local ip of the server.
<br /><br />
A: Under the VirtualHost section you add to the httpd.conf, I had to change __&lt;VirtualHost www.myhost.com:443>__ to __&lt;VirtualHost _default_:443>__.Not sure why this had to be done in my case, but it works.
<h3>Questions about Java servlets, OpenSSL compilation etc.</h3>
<p>
Don't ask us about installing servlet extensions, recompiling mod_ssl or
Apache with EAPI, recompiled versions etc. We have no idea and won't be able
help you. We are just users and not programmers.<br />
If your needs are so special, you are better off with a
<a href="http://www.debian.org/">Debian GNU/Linux</a> or
<a href="http://www.openbsd.org/">OpenBSD</a> server. It will save you lots
of trouble. Really. </p>
<h2>Links</h2>
<p>
Apache Web Server: <a href="http://www.apache.org">http://www.apache.org</a><br />
mod_ssl: <a href="http://www.modssl.org">http://www.modssl.org</a><br />
mod_ssl configuration: <a
href="http://www.modssl.org/docs/2.4/ssl_reference.html">http://www.modssl.org/docs/2.4/ssl_reference.html</a><br />
OpenSSL: <a href="http://www.openssl.org">http://www.openssl.org</a><br />
PHP Hypertext preprocessor: <a href="http://www.php.net">http://www.php.net</a>
</p>
<p>Author of this document: <a href="mailto:[email protected]">Bal&aacute;zs
B&aacute;r&aacute;ny</a> (<a href="http://tud.at">http://tud.at</a>) <br />
(mail me your questions, but only after having looked into the error logs with
<code>LogLevel debug</code>. You can mail me in English, German and Hungarian.
<br />
If I am constantly ignoring your e-mail, read all the hints in the HOWTO about
how to e-mail me.)</p>
<p>
Contributor: <a href="mailto:[email protected]">Horst
Br&auml;uner</a> (OpenSSL configuration on NT)<br />
Contributor: <a href="mailto:[email protected]">Christoph Zich</a>
(Windows 98)<br />
Contributor: <a href="mailto:[email protected]">Torsten Stanienda</a>
(Test with 1.3.12, IfDefine directive)<br />
Contributor: <a href="mailto:[email protected]">Peter Holm</a> (Listen and Port directives)
</p>
<p>Last change: 2002-05-18</p>
<p>This document can be redistributed under the
<a href="http://www.gnu.org/copyleft/fdl.html">GNU Free
Documentation License</a>. &copy; Bal&aacute;zs B&aacute;r&aacute;ny 1999-2002</p>
<p class="testedBy">
These instructions were tested by <a href="mailto:[email protected]">Matt Raible</a>
on Windows XP (SP1) and Red Hat Linux 7.3 with Apache 2.0.42.
</p>
</div>

Back to ApacheSSL, or to the Page History.