Forum OpenACS Q&A: openSSL doesn't work

Collapse
1: openSSL doesn't work
Posted by tadashi nagao on 08/01/02 04:18 AM
I did setup SSL according to
http://pascal.scheffers.net/patch/openssl.txt

config file setup is  as follows.
ns_section "ns/server/{server name}/modules/nsopenssl"
ns_param port                    443
ns_param hostname                xxx.xxx.xx.jp
ns_param Address xx.xxx.xxx.xx
ns_param CertFile                /home/aol31/ssl/cert.pem
ns_param KeyFile                  /home/aol31/ssl/key.pem
ns_param Protocol                All
#ns_param Protocol                SSLv2
#ns_param Protocol                SSLv3
#ns_param Protocol                TLSv1
#ns_param CipherSuite              "ALL:!
ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
ns_param ClientVerify            false
ns_param CADir                    ca
ns_param CAFile                  ca.pem
ns_param Trace                    false

but https protocol is not show up
and in error-log
[01/Aug/2002:02:34:03][15999.1024][-main-] Notice: Caching
RestrictToSSL for 1625 to acs-admin/*
[01/Aug/2002:02:34:04][15999.1024][-main-] Notice: Caching
RestrictToSSL for 94289 to admin/*

What was wrong ? Is anyone have some idea to improve situation.

Collapse
2: Response to openSSL doesn't work (response to 1)
Posted by David Siktberg on 08/01/02 04:34 AM
Did you open up access to port 443 in your firewall? (probably iptables if you are running Linux)
Collapse
3: Response to openSSL doesn't work (response to 1)
Posted by tadashi nagao on 08/01/02 05:01 AM
Port 443 is OK. Apache Port 443 is running same machine.
is "RestrictToSSL for xxx " message related to SSL error ?
Collapse
4: Response to openSSL doesn't work (response to 1)
Posted by David Siktberg on 08/01/02 06:24 AM
Judging from the ns_param variable names, I think you are using an older version of nsopenssl.  I recommend that you go to Scott Goodwin's site at www.scottg.net, where you will find good documentation as well as nsopenssl downloads.  The latest version has a trace feature that can help you figure out what is going on - though I never used earlier versions, and perhaps they did too.
Collapse
5: Response to openSSL doesn't work (response to 1)
Posted by David Walker on 08/01/02 07:50 AM
Check to make sure that the apache on the same machine isn't keeping
aolserver from listening on that port.  "netstat --inet -nlp" should
list all services listening.
Collapse
6: Response to openSSL doesn't work (response to 1)
Posted by tadashi nagao on 08/01/02 12:30 PM
when apache doesn't running,Aolserver could not listening Port 443