Bonjour à tous,
J'ai essayé de mettre en place une connexion https, avec SSL.
Je suis sur MAC OS X server, autant dire trés proche de linux.
Par défault openssl est installé. Il y a aussi mod_ssl.
Voilà la procédure que j'ai suivi afin de créer mes clefs, mon certificat :
http://developer.apple.com/interne [...] odssl.html
Bref un truc bien simple, assez souvent repris donc que je qualifierai de valable.
Au redémarrage d'apache, j'ai eu cette erreur :
Code :
- [19/Oct/2007 14:53:34 29081] [info] Init: Loading certificate & private key of SSL-aware server phpmyadmin:1
- 6080
- [19/Oct/2007 14:53:34 29082] [info] Init: Configuring server phpmyadmin:16080 for SSL protocol
- [19/Oct/2007 14:53:34 29082] [warn] Init: (phpmyadmin:16080) RSA server certificate CommonName (CN) `Default
- ' does NOT match server name!?
- [19/Oct/2007 14:53:44 29083] [info] Connection to child 0 established (server phpmyadmin:16080, client 127.0
- .0.1)
- [19/Oct/2007 14:53:44 29083] [info] Seeding PRNG with 1160 bytes of entropy
- [19/Oct/2007 14:53:44 29083] [error] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML err
- or page (OpenSSL library error follows)
- [19/Oct/2007 14:53:44 29083] [error] OpenSSL: error:1407609C:lib(20):func(118):reason(156)
- [19/Oct/2007 14:53:44 29083] [info] Connection to child 0 established (server phpmyadmin:16080, client 127.0
- .0.1)
- Bon bref j'ai cherché un peu sur le web, et j'ai du modifier mon httpd.conf.
- Maintenant j'obtiens cette erreur :
- 22/Oct/2007 15:43:40 28660] [info] Server: Apache/1.3.33, Interface: mod_ssl/2.8.24, Library: OpenSSL/0.9.7l
- [22/Oct/2007 15:43:40 28660] [info] Init: 1st startup round (still not detached)
- [22/Oct/2007 15:43:40 28660] [info] Init: Initializing OpenSSL library
- [22/Oct/2007 15:43:40 28660] [info] Init: Loading certificate & private key of SSL-aware server secure:443
- [22/Oct/2007 15:43:40 28660] [info] Init: Requesting pass phrase via builtin terminal dialog
- [22/Oct/2007 15:43:43 28660] [info] Init: Loading certificate & private key of SSL-aware server 127.0.0.1:443
- [22/Oct/2007 15:43:43 28660] [error] Init: Unable to read server certificate from file /etc/httpd/ssl.key/serveur.crt (OpenSSL library error follows)
- [22/Oct/2007 15:43:43 28660] [error] OpenSSL: error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
|
Voici mon fichier httpd.conf (enfin que ce qui nous intéresse) :
Code :
- #Port 80
- ## SSL Support
- ##
- ## When we also provide SSL we have to listen to the
- ## standard HTTP port (see above) and to the HTTPS port
- ##
- <IfModule mod_ssl.c>
- SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
- #SSLPassPhraseDialog exec:/etc/httpd/getsslpassphrase
- SSLPassPhraseDialog builtin
- SSLSessionCache dbm:/var/log/httpd/ssl_scache
- SSLSessionCacheTimeout 300
- SSLMutex file:/var/log/httpd/ssl_mutex
- SSLRandomSeed startup builtin
- SSLRandomSeed connect builtin
- SSLLogLevel info
- AddType application/x-x509-ca-cert crt
- AddType application/x-pkcs7-crl crl
- SSLProtocol all -SSLv2
- SSLLog "/var/log/httpd/ssl_engine_log"
- ## SSL Virtual Host Context
- ##
- <VirtualHost 127.0.0.1:80>
- #Just to keep things sane...
- DocumentRoot "/Library/WebServer/html"
- ServerName 127.0.0.1
- ServerAdmin admin@gg.fr
- SSLEngine Off
- </VirtualHost>
- <VirtualHost Secure443>
- # General setup for the virtual host
- DocumentRoot "/Library/WebServer/html/secure"
- #ServerName has to match the server you entered into the CSR
- ServerName 127.0.0.1
- ServerAdmin admin@gg.fr
- ErrorLog "/var/log/httpd/error_log"
- TransferLog /var/log/httpd/access_log
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine On
- # enable SSLv3 but not SSLv2
- SSLProtocol all -SSLv2
- SSLCipherSuite "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
- # Path to your certificates and private key
- SSLCertificateFile "/etc/httpd/ssl.key/serveur.crt"
- SSLCertificateKeyFile "/etc/httpd/ssl.key/serveur.key"
- <Files ~ "\.(cgi|shtml|phtml|php3?)$">
- SSLOptions +StdEnvVars
- </Files>
- <Directory "/Library/WebServer/CGI-Executables">
- SSLOptions +StdEnvVars
- </Directory>
- # correction for browsers that don't always handle SSL connections well
- SetEnvIf User-Agent ".*MSIE.*" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # Per-Server Logging:
- # The home of a custom SSL log file. Use this when you want a
- # compact non-error SSL logfile on a virtual host basis.
- CustomLog /var/log/httpd/ssl_request_log \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
- </VirtualHost>
- Listen 443
- Listen 80
- </IfModule>
- <IfModule mod_jk.c>
- JKWorkersFile /etc/httpd/workers.properties
- JKLogFile /var/log/httpd/mod_jk.log
- JKLogLevel error
- JKMount /*.jsp JBoss1
- JKMount /servlet/* JBoss1
- JKMount /examples/* JBoss1
- </IfModule>
- ##
|
Alors voilà je ne sais plus quoi faire.
Une aide me serait trés utile.