[TriLUG] Apache2 SSL - misconfig followup..
lug at blackwizard.net
Mon Apr 17 17:32:59 EDT 2006
Okay, I'm not terribly familiar with https... so bearing that..
If the Listen 443 is in listen.conf, but the flag isn't set in apache...
Does this mean https:// is just serving http on 443 without actual
encrypting the session?
Visually in the browser how is this signalled, no lock?
I'm mostly curious for signs of misconfiguration than anything.
I am just taking a class that sort of touches on https but doesn't give
specifics of implementation.
I was contemplating setting one up to get some hands on..
As I understand it, https is usually 3 things to an end-user.
1. A web server running on 443 typically.
Is this just done by the browser trying to connect to a web server
on port 443 if https:// is used?
I also assume the port can be changed as usual, (e.g.
https://securedwebserver.com:<unusual port number>)
2. A guarantee that this web server will encrypt traffic with the client
browser, usually signalled by a lock icon in the browser.
Otherwise it is regular http protocol traffic.
3. Verification of a certificate through a trusted third party like
Finally, I understand the specific encryption implementations might vary
between web servers.
I didn't find any site that touches on common misconfigurations or their
Anyway, thanks for help on correcting my perceptions/comprehension at
Brian Blater (BBList) wrote:
>It is in the /etc/sysconfig/apache2 file and it is called APACHE_SERVER_FLAGS= on SLES9.
>>>>On Mon, Apr 17, 2006 at 11:56 am, in message
><20060417155631.GA12388 at mail.trilug.org>, oberry at trilug.org wrote:
>>I can't comment on SLES 9, but on a RHEL 4 box I have
>>/etc/sysconfig/httpd, which has a section as follows:
>># To pass additional options (for instance, - D definitions) to the
>># httpd binary at startup, set OPTIONS here.
>>Maybe you have the same system config file, or similar?
>>On Mon, Apr 17, 2006 at 10:59:40AM - 0400, Brian Blater (BBList) wrote:
>>>I have a SLES 9 box running Apache 2.0.54 happily. However, I would like to
>>setup SSL an be able to access pages on the box using https://. Easy enough I
>>thought. I looked in the listen.conf file and saw the following:
>>> <IfDefine !NOSSL>
>>> <IfModule mod_ssl.c>
>>> Listen 443
>>>This should mean that the server will listen on port 443, however it isn't.
>>If I add a Listen 443 right under the Listen 80 it works. So, that got me
>>wondering what this <ifdefine ssl> does and why it wasn't working. I did the
>>google search and found a couple of things, one which mentioned apache2
>>should be started with the - DSSL option (as seen in a ps awx | grep http), but
>>I just see the following:
>>>21671 ? Ss 0:00 /usr/sbin/httpd2- prefork - f /etc/apache2/httpd.conf
>>>So, what do I need to do to get apache2 to start on SLES with SSL support? I
>>know I can just add the Listen 443 option manually, but this has become more
>>of a quest for learning what the <ifdefine ssl> is for and why it isn't
>>>Thanks for your help.
More information about the TriLUG