From owner-freebsd-questions@FreeBSD.ORG Wed Jul 6 01:45:25 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF3CE16A41C for ; Wed, 6 Jul 2005 01:45:25 +0000 (GMT) (envelope-from do.you.got.root@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DC5743D45 for ; Wed, 6 Jul 2005 01:45:25 +0000 (GMT) (envelope-from do.you.got.root@gmail.com) Received: by wproxy.gmail.com with SMTP id 36so1029829wra for ; Tue, 05 Jul 2005 18:45:24 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=absDU1QPjbytmwo0X7aw5VKhYG+72sRz4otapExRpSfgDV8GElpCMZHZQ/gd5t3vT5ly6j6skaDN4Xb+AhqriCfxboXjYDD8MGmTMXGWIHE6J5+899Qe8J89Jmjaq67CRo/sUSU3yrWUylXebxHnxwkH9M5rQcKnJ312yWeBVpI= Received: by 10.54.11.79 with SMTP id 79mr53384wrk; Tue, 05 Jul 2005 18:45:24 -0700 (PDT) Received: by 10.54.78.3 with HTTP; Tue, 5 Jul 2005 18:44:54 -0700 (PDT) Message-ID: Date: Tue, 5 Jul 2005 21:44:54 -0400 From: Todd Suits To: jdyke@azimapower.com In-Reply-To: <42CB1958.10204@azimapower.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200507051119.12128.algould@datawok.com> <20050705202435.628d4783.albi@scii.nl> <42CB1958.10204@azimapower.com> Cc: freebsd-questions@freebsd.org Subject: Re: Apache 2 SSL Error X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Todd Suits List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jul 2005 01:45:26 -0000 Jeff You are correct! I was not starting Apache with SSL. I knew I had to use the startssl command however I was using webmin for ease of "clicking" start and stop and I had entered "startssl" in the wrong box in the module config so therefor I was not starting Apache with SSL. Once I started with SSL there were a few error's I had to=20 correct with the certificates I generated and in the ssl.conf but starting it correctly was the problem. Thank you.. I have spent many hours trying to get this set up and was very frustrated over the whole project. Thanks again to everyone who took the time to reply. This list is a great resource and without everyones participation it would not work. 7/5/05, jdyke wrote: >=20 >=20 >=20 > Todd Suits wrote: > > Sorry for all the responses but Googling has brought up possible > > problems or questions. I am starting Apache with > > /usr/local/sbin/apachectl startssl is this correct for the FreeBSD > > compiled version? > > > you don't *have to* use that, you can just use /usr/local/etc/rc.d/apache= .sh and > make sure that apache2ssl_enable=3D"YES" in /etc/rc.conf >=20 > to my knowledge, which may be lacking, you should be able to execute apac= hes > start script as well. >=20 > if you run `ps -waux | grep httpd` from the prompt do you see httpd liste= d with > -DSSL ?? the errors about 'invalid method' lead me to believe that you i= ts only > started as http not https. >=20 > what is in the error log as soon as you run /usr/local/sbin/apachectl sta= rtssl > and what does the above ps show. >=20 > jeff > > On 7/5/05, Todd Suits wrote: > > > >>As an update the command: $ openssl s_client -connect localhost:443 > >>-state -debug from the Apache documents, produces the following > >>output: > >> > >>killians# openssl s_client -connect localhost:443 -state -debug > >>CONNECTED(00000003) > >>SSL_connect:before/connect initialization > >>write to 0809A500 [080B1000] (142 bytes =3D> 142 (0x8E)) > >>0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9= .. > >>0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5..........= .. > >>0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....= f. > >>0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c= .. > >>0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a..........= .@ > >>0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`.....= .. > >>0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46 ..............= .F > >>0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a .....eN9.`....= .. > >>0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q. > >>SSL_connect:SSLv2/v3 write client hello A > >>read from 0809A500 [080B7000] (7 bytes =3D> 7 (0x7)) > >>0000 - 3c 21 44 4f 43 54 59 >>SSL_connect:error in SSLv2/v3 read server hello A > >>50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > >>protocol:/usr/s > >>rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475: > >> > >>I'm just not sure how to deal with it. > >> > >> > >>On 7/5/05, Todd Suits wrote: > >> > >>>I have no problem accessing other https sites and there is not a > >>>router, the jail is set up on a dedicated server in a data center > >>>where serives like this are provided. > >>> > >>>On 7/5/05, albi@scii.nl wrote: > >>> > >>>>On Tue, 5 Jul 2005 14:21:03 -0400 > >>>>Todd Suits wrote: > >>>> > >>>> > >>>>>https:// is what im trying to use. http:// just brings my normal > >>>>>index.html page. > >>>> > >>>>---cut--- > >>>> > >>>>>>> I get the following error in httpd-error.log: > >>>>>>> > >>>>>>>[Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid > >>>>>>>method in request \x80g\x01\x03 > >>>> > >>>>are you using a hardware-router or something ? > >>>>if so, did you open the 443 port on that router and set up > >>>>portforwarding to port 443 ? > >>>> > >>>> > >>> > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd= .org" > > >