SSL Server setup

2025-04-09

Hello,

(forgive the monster post)

I finished installing an Apache 2.x server with SSL on a windows box. I have a few virtual hosts set up (ssl and non-ssl) on the server. Regular port 80 requests work fine as well as cgi, shtml, etc. but not my secure port 443 connections.

Geting a bit stuck with some of the configurations though...

It appears my ssl keeps on shutting down when i start the server since i keep seeing the following when i start the server.

Code:

[Mon May 03 15:44:27 2004] [notice] Parent: Created child process 12776
[Mon May 03 15:44:27 2004] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon May 03 15:44:27 2004] [notice] Child 11720: Released the start mutex
[Mon May 03 15:44:28 2004] [notice] Child 12776: Child process is running
[Mon May 03 15:44:28 2004] [notice] Child 12776: Acquired the start mutex.
[Mon May 03 15:44:28 2004] [notice] Child 12776: Starting 250 worker threads.
[Mon May 03 15:44:28 2004] [notice] Child 11720: Waiting for 250 worker threads to exit.
[Mon May 03 15:44:28 2004] [notice] Child 11720: All worker threads have exited.
[Mon May 03 15:44:28 2004] [notice] Child 11720: Child process is exiting

so then i tested the Server manually using the following from the command line:

Code:

openssl s_client -connect secure.domain1.com:443 -state -debug

and i get:

Code:

Loading 'screen' into random state - done
connect: Bad file descriptor
connect:errno=10061

Naturally i thought the directives were denying access but i checked and they seem ok.

some sample config info (i use external files for the virual hosts):
virtual host file:

Code:

<VirtualHost *:80>
	ServerAdmin  webmaster@domain1.com
	ServerName   domain1.com
	ServerAlias  www.domain1.com
	DocumentRoot C:/www/domain1.com/docs
	TransferLog  C:/www/domain1.com/logs/access.log
	ErrorLog     C:/www/domain1.com/logs/error.log
	ScriptAlias  /cgi-bin/ C:/www/domain1.com/docs/cgi-bin/
#	ErrorDocument 500 "/cgi-bin/errors/error500.cgi"
#	ErrorDocument 404 "/cgi-bin/errors/error404.cgi"
#	ErrorDocument 401 "/cgi-bin/errors/error401.cgi"
#	ErrorDocument 403 "/cgi-bin/errors/error403.cgi"
</VirtualHost>

virtual host ssl file:

Code:

<VirtualHost *:443>
	SSLEngine    on
	ServerName   secure.domain1.com
	ServerAlias  ssl.domain1.com
	ServerAdmin  webmaster@domain1.com
	DocumentRoot C:/www/domain1.com/docs
	TransferLog  C:/www/domain1.com/logs/ssl-access.log
	ErrorLog     C:/www/domain1.com/logs/ssl-error.log
        CustomLog    C:/www/domain1.com/logs/ssl-request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        SSLCACertificateFile  C:/www/domain1.com/ssl/secure.domain1.com.cert
	SSLCertificateFile    C:/www/domain1.com/ssl/secure.domain1.com.crt
	SSLCertificateKeyFile C:/www/domain1.com/ssl/secure.domain1.com.key
	SSLCipherSuite        ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
	<Files ~ "\.(cgi|shtml|phtml|php3?)$">
	    SSLOptions +StdEnvVars
	</Files>
	<Directory "C:/www/domain1.com/docs/cgi-bin">
	    SSLOptions +StdEnvVars
	</Directory>
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

ssl.conf

Code:

# Note: Virtual host SSL config information is stored in the appropriate virtual host files.

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

<IfDefine SSL>
	#
	# When we also provide SSL we have to listen to the 
	# standard HTTP port (see above) and to the HTTPS port
	#
	# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
	#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
	#
	Listen *:443
	#Listen [::]:443 
	#Listen 0.0.0.0:443

	##
	##  SSL Global Context
	##
	##  All SSL configuration in this context applies both to
	##  the main server and all SSL-enabled virtual hosts.
	##

	#
	#   Some MIME-types for downloading Certificates and CRLs
	#
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl    .crl

	#   Pass Phrase Dialog:
	#   Configure the pass phrase gathering process.
	#   The filtering dialog program (`builtin' is a internal
	#   terminal dialog) has to provide the pass phrase on stdout.
	SSLPassPhraseDialog builtin
	

	#   Inter-Process Session Cache:
	#   Configure the SSL Session Cache: First the mechanism 
	#   to use and second the expiring timeout (in seconds).
	#SSLSessionCache         none
	#SSLSessionCache         shmht:logs/ssl_scache(512000)
	#SSLSessionCache         shmcb:logs/ssl_scache(512000)
	SSLSessionCache         dbm:logs/ssl_scache
	SSLSessionCacheTimeout  300


	#   Semaphore:
	#   Configure the path to the mutual exclusion semaphore the
	#   SSL engine uses internally for inter-process synchronization. 
	SSLMutex  file:logs/ssl_mutex
	
	#added
	SSLLog          logs/SSL.log
	SSLLogLevel     info
	SSLVerifyClient 1
	SSLVerifyDepth  10
	SSLCacheServerPath      logs/ssl_cache
	SSLCacheServerPort      1234
</IfDefine>

relevant httpd.conf parts:

Code:

LoadModule ssl_module modules/mod_ssl.so

<IfDefine SSL>
	AddModule mod_ssl.c
</IfDefine>

.
.
.
<IfDefine SSL>
    # General ssl config goes here; Specific config found in each virtual host
    Include conf/ssl.conf
</IfDefine>

NameVirtualHost *:80
Include conf/vhosts/*.conf

<IfDefine SSL>
	NameVirtualHost *:443
	Include conf/vhosts/*.sslconf
	<Directory "C:/www/*/ssl">
	    Options Indexes MultiViews
	    AllowOverride None
	    Order allow,deny
	    Allow from all
	</Directory>
</IfDefine>

I have no clue what this means or how to fix it.
Any suggestions would be appreciated.