SSL and Apache

Craig White craigwhite at azapple.com
Thu Mar 9 10:35:15 MST 2006


On Thu, 2006-03-09 at 10:13 -0700, Alex Dean wrote:
> On Mar 9, 2006, at 10:04 AM, Craig White wrote:
> 
> >> "The connection was refused when attempting to contact  
> >> www.example.org"
> >> What am I doing wrong? Did I forget something?
> > ----
> > does the 'apache' user (the uid that apache runs under) have 'read'
> > access to the crt/key files?
> 
> I believe that incorrect file permissions would trigger a 500 server  
> error, not a refused connection.  It would be in Apache's error log  
> if so.
----
you're probably right - I always struggle with alternate configurations
in apache.

In fact, I am typically loathe to do much to alter base setup and so if
I wanted to use alternate files for server.crt and server.key, I would
simply change (redhat setup)

# grep crt /etc/httpd/conf.d/ssl.conf
AddType application/x-x509-ca-cert .crt
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt

the one crt entry above (perhaps the CA Cert path/file if I am
generating my own certs and acting as my own CA)

and not muck with anything like virtualhosts in regular httpd.conf file
at all - but that's because when I do, I am tripping over my own two
feet.

Craig



More information about the PLUG-discuss mailing list