PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : SSL + httpd.conf



Nobber
02.09.02, 14:29
Seit wir unser ssl-Zertifikat bei Thwake verlängert und neu installiert haben, treten Probleme mit der entsprechenden SSL-Seite auf.

Der Bowser kann die htpps://-Seite nicht mehr finden. Hier ein Auszug aus der htttpd.conf:

NameVirtualHost 194.111.11.11
<VirtualHost xy.se:443>
ServerAdmin webmaster@xy.de
DocumentRoot /home/xy/www/
ScriptAlias /cgi-bin/ /home/xy/www/cgibin/
ServerName www.xy.de
CustomLog /home/xy/serverlog/access_log combined
ErrorLog /home/clock/serverlog/error_log
SSLEngine On
SSLCertificateFile /home/clock/ssl/clock.crt
SSLCertificateKeyFile /home/clock/ssl/clock.key
SSLLog /home/xy/serverlog/ssl_engine_log
SSLLogLevel info
</VirtualHost>

...
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfDefine>

<IfModule mod_ssl.c>

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shmht:/var/run/ssl_scache(512000)
#SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 1440

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/var/run/ssl_mutex

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel info

</IfModule>

<IfDefine SSL>

# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0