httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Purswani, Prakash" <Prakash.Pursw...@elemica.com>
Subject RE: [users@httpd] VeriSign signatures with Apache server
Date Wed, 10 Jan 2007 16:52:10 GMT
Folks,
This issue is resolved, it was due to the VeriSign certs. I requested
the new trial certs from VeriSign and it worked great!!
The other change i made in the config file was, I commented
SSLCACertificateFile and kept SSLCACertificatePath because both the
settings are required only in case of SelfSigned Certs.
 
Thanks everyone for your help.
 
Prakash

________________________________

From: Roger Hendrix at Baldor-IS [mailto:RHendrix@baldor.com] 
Sent: Wednesday, January 10, 2007 10:42 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] VeriSign signatures with Apache server


Greetings Nancy et al,
 
Please take a look at the following information:
 
    http://www.apache-ssl.org/docs.html#SSLVerifyClient
 
I think you may have coded you SSLVerifyClient statement incorrectly.
 
Also, about the Virtual host logs, if the following statements point to
unique files for the virtual host in question, then the errors contained
in these logs refer to this virtual host only.  If the statements point
to a common set of files used by all hosts, then the errors reported
could be for any of the hosts using the log files:
 
    ErrorLog logs/ssl-error_log
    TransferLog logs/ssl-access_log

Best regards. 

Roger Hendrix 
Information Services 
-----Original Message-----
From: Booterbaugh, Nancy [mailto:nbooterbaugh@Elemica.com]
Sent: Tuesday, January 09, 2007 10:20 AM
To: users@httpd.apache.org
Subject: [users@httpd] Verisign signatures with Apache server



Roger et al, 
Thanks for your help.  I have been able to resolve the Private key issue
by installing the new Verisign certificates, but now I am running into a
new issue:

Error_Log has the following warning message :   Session Cache is not
configured [hint: SSLSessionCache] 
ssl-error_log has the following error message :    [error] Unable to
configure verify locations for client authentication 

I use following command to start the Apache server instead of
"apachectl": 
./httpd -k start -f /usr/local/apache2/conf/httpd-cob-certs.conf 
Here is the Virtual host configuration we have in the
"httpd-cob-certs.conf" file. The only difference between this and the
one we were using for self-signed is the directory location in the SSL
parameters.

<VirtualHost serverName:PortNumber>
ProxyRequests Off
SSLProxyEngine On
ProxyVia On
RequestHeader set Front-End-Htps "On"
SSLEngine On
SSLProtocol ALL
SSLCertificateFile /export/home/pp/newVersignCerts/pubkey.crt
SSLCertificateKeyFile /export/home/pp/newVersignCerts/key.key
SSLCACertificateFile /export/home/pp/newVersignCerts/IntermediateCA.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificatePath
/app1/webMethods6/IntegrationServer/config/certs/cas
#end of setup the Require Certificate
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log
ProxyPass / https://ServerName:PortNumber/
<https://ServerName:PortNumber/>  
ProxyPassReverse / https://ServerName:PortNumber/
<https://ServerName:PortNumber/>  
ProxyPreserveHost On
</VirtualHost>

Did you get this resolved? Private key issue has been resolved by
installing the new verisign certs. 
If not, then what OS version and APACHE version are you running on? 
Its Solaris9 & Apache2 
When does the error occur? 
When we start the Apache server with Verisign certs the warning & error
messages are logged in the Error_log and ssl-error_log files. The
strange thing is we dont get any issue when using self-signed certs. 

Did you enable logging at the Virtual host level? If so, have you looked
at the logs. 
I m not sure, Could you tell us how do we check if logging is enabled at
Virtual host level? Where can we find the log files? 


Mime
View raw message