Re: SSL and Apache

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
To: Main PLUG discussion list
Subject: Re: SSL and Apache
On Thu, 2006-03-09 at 10:13 -0700, Alex Dean wrote:
> On Mar 9, 2006, at 10:04 AM, Craig White wrote:
>
> >> "The connection was refused when attempting to contact
> >> www.example.org"
> >> What am I doing wrong? Did I forget something?
> > ----
> > does the 'apache' user (the uid that apache runs under) have 'read'
> > access to the crt/key files?
>
> I believe that incorrect file permissions would trigger a 500 server
> error, not a refused connection. It would be in Apache's error log
> if so.

----
you're probably right - I always struggle with alternate configurations
in apache.

In fact, I am typically loathe to do much to alter base setup and so if
I wanted to use alternate files for server.crt and server.key, I would
simply change (redhat setup)

# grep crt /etc/httpd/conf.d/ssl.conf
AddType application/x-x509-ca-cert .crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

the one crt entry above (perhaps the CA Cert path/file if I am
generating my own certs and acting as my own CA)

and not muck with anything like virtualhosts in regular httpd.conf file
at all - but that's because when I do, I am tripping over my own two
feet.

Craig

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss