creating an SSL page under non SSL site with apache1.33?

taiwf · 06-27-2006, 12:29 AM

Hi,
I have a web server running apache 1.3.33 and i recently install snort+base. I would like to turn the directory for 'base' to be ssl. So i do little experiment but it always end up my entire site inaccessiable. Can anyone help me with this problem?

==============below are lines i added in my conf file================
listen: 192.168.1.7:443
<VirtualHost *>
ServerName localhost
DocumentRoot /www/docs
Redirect /security/ https://192.168.50.254/security/
</VirtualHost>

<VirtualHost _default_:443>
SSLEngine On
SSLCertificateFile /etc/apache/ssl.crt/localhost.cert
SSLCertificateKeyFile /etc/apache/ssl.key/localhost.key

ServerName localhost
DocumentRoot /www/docs
</VirtualHost>

====================================================================

==================a openssl debug screen dump=================
2nd-fda:/etc/apache# openssl s_client -connect 192.168.1.6:443
CONNECTED(00000003)
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICKTCCAZICCQDlqxPFpwJQUzANBgkqhkiG9w0BAQQFADBZMQswCQYDVQQGEwJB
VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
cyBQdHkgTHRkMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMDYwNjI2MDIwODEzWhcN
MDYwNzI2MDIwODEzWjBZMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRIwEAYDVQQDEwls
b2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKf8KqVexXMAq6z6
dWVH+DTUrc5s4ZplZvmwZIN/BbvsbRgNjDbqqYJz0JCb4/9ZosblqisFK3yRCNg8
zbqIxNPQ1DzBlFTmC1FHcDtRZubErSCuppaHSTcutP+3xVbHWBWOVSRbJiuLu4oE
ADdw1ZgfWqA030ksZeouuruAGbMbAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEACAVN
r0ZYpwmKeAIcItdLZSSf/JgYq5XuW/IbgAzhmWj5rhj3rKA3sihC9NPH9s9LwJG/
VHpW9dnK0LKyBR4+LZdqXxTNL55+QXxffyk68r4WX8woGPUT7+VkWlCo2PJfHgrl
xbPwWzibJWVFmhcQUGdGtU/djEtmZ6aKWYOv1Gs=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
No client certificate CA names sent
---
SSL handshake has read 1089 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 52F331470F71D914943D2E6BC7ACB0DBF602C3C2F90071D90765239C2E9650FA4C58C93813439824DC1085D9142A5481
Key-Arg : None
Start Time: 1151295046
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---

closed

==================================================================

ps: when append this to my original httpd.conf (not much change since original installation), i can get certificate prompt but after that i got page not found .
ps2: i do have libapache_mod_ssl instaleld via apt-get isntall command

taiwf · 06-27-2006, 01:06 AM

ok, its silly mistake that i mistakenly specificed document root as /www/doc while my actual index.htm reside in /var/www. But i still dono how to make the directory "security" as ssl and the rest of website non-ssl. Can anyone help me with that??