Coyote6
08-21-2009, 06:05 PM
Hi,
I am trying to enable SSL on my Mac running OS Leopard client (not server). I followed the direction on http://www.afp548.com/articles/web/sslcert.html as suggested by another thread but I fall short on where to place the files and how to enable the SSLEngine manual. I have gone in and made sure that the mod_ssl is not commented out in my httpd.conf file and that the include to the extra httpd-ssl.conf file is not commented out.
My httpd-ssl.conf looks like this:
Listen 443
<VirtualHost *:443>
#My doc root has been changed to my user sites folder.
DocumentRoot "/Users/MyName/Sites"
ServerName localhost:443
ServerAdmin my@email.com
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/private/etc/ca/server.crt"
SSLCertificateKeyFile "/private/etc/ca/server.key"
SSLCACertificatePate "/private/etc/ca/"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/Library/WebServer/CGI-Executables">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/private/var/log/apache2/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
MY ssl files created from the site listed above are located in the /private/etc/ca folder.
Every time I turn the SSLEngine to on in the config file I get the error 'Safari can't open the page "http://localhost/" because Safari can't connect to the server "localhost". I get the same if I try "https://". If turn the SSLEngine off then everything works fine. In my error logs I get these messages.
[Time Date][error] Init:Unable to read pas phrase [Hint: key introduced or changed before restart?]
[Time Date][error] SSL Library Error: 218710120 error: 0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Time Date][error] SSL Library Error: 218529960 error: 0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Time Date][error] SSL Library Error: 218595386 error: 0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Time Date][error] SSL Library Error: 218734605 error: 0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
Can some please tell me what I am doing wrong here? Any help is appreciated thanks.
I am trying to enable SSL on my Mac running OS Leopard client (not server). I followed the direction on http://www.afp548.com/articles/web/sslcert.html as suggested by another thread but I fall short on where to place the files and how to enable the SSLEngine manual. I have gone in and made sure that the mod_ssl is not commented out in my httpd.conf file and that the include to the extra httpd-ssl.conf file is not commented out.
My httpd-ssl.conf looks like this:
Listen 443
<VirtualHost *:443>
#My doc root has been changed to my user sites folder.
DocumentRoot "/Users/MyName/Sites"
ServerName localhost:443
ServerAdmin my@email.com
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/private/etc/ca/server.crt"
SSLCertificateKeyFile "/private/etc/ca/server.key"
SSLCACertificatePate "/private/etc/ca/"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/Library/WebServer/CGI-Executables">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/private/var/log/apache2/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
MY ssl files created from the site listed above are located in the /private/etc/ca folder.
Every time I turn the SSLEngine to on in the config file I get the error 'Safari can't open the page "http://localhost/" because Safari can't connect to the server "localhost". I get the same if I try "https://". If turn the SSLEngine off then everything works fine. In my error logs I get these messages.
[Time Date][error] Init:Unable to read pas phrase [Hint: key introduced or changed before restart?]
[Time Date][error] SSL Library Error: 218710120 error: 0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Time Date][error] SSL Library Error: 218529960 error: 0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Time Date][error] SSL Library Error: 218595386 error: 0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Time Date][error] SSL Library Error: 218734605 error: 0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
Can some please tell me what I am doing wrong here? Any help is appreciated thanks.