From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003 Description of problem: Ok, I see I should upgrade to 8.0 and use redhat-config-httpd. Maybe all this is fixed there... If not, * apacheconf doesn't have a way to start over from scratch. (other than erasing and reinstalling the rpm). * It doesn't have a way to switch between various configurations. * Documents (except the man page) don't mention the alchemist files or explain _where_ the configuration data is remembered or even state clearly that the config file is _not_ parsed. * loglevel changes didn't appear in the config file. I tried to set up a webserver serving SSL with a locally generated certificate. It took a _LONG_ time (8 hours), because I ran into two unilluminating error messages. First, I got failure to start apache, and the log said Hint: SSLCertificateFile. There was such an entry, in the <VirtualHost _default_:443> section (right after ## ## SSL Virtual Host Context ## ), but I needed one farther down, after the # Virtual hosts <IfDefine HAVE_SSL> section. I also needed a SSLCertificateKeyFile entry. This was not easy to figure out. I did it by googling for the error message, and by reading the source code. After I got that fixed (by editing the config file), apache would start up, but immediately exited with [crit] (98)Address already in use: make_sock: could not bind to port 443 This was caused by the presence of two "Listen 443" statements in the file. The one after the comment "Apache will only listen on port 80 by default" needed to be removed. This was also not easy to figure out. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. clear apacheconf by erasing and reinstalling it (how else?) 2. rpm -e apacheconf; rpm -ivh apacheconf-0.8.2-2.noarch.rpm 3. run apacheconf (Is there a way to make it record everthing that was done?). It comes up with default settings. 4. Select virtual server, SSL, enable SSL, OK, Ok (alert server name cannot be blank), enter server name, Ok, Ok to exit, Ok to overwrite config. 5. start httpd. (it fails) 6. edit config file to insert second set of SSLCertificate... entries. 7. it comes up and runs. But if I do what the customization guide says, I get two Listen 443 statements and it fails. 8. stop httpd, run apacheconf, select "all available addresses on port 80", click "edit", change 80 to 443, click Ok, Ok, Ok save and exit, Ok overwrite, edit the conf file again to add the missing SSLCertificate entries. 9. start httpd, get status: "httpd dead but subsys locked" examine log: [crit] (98)Address already in use: make_sock: could not bind to port 443 Actual Results: Only one "SSLCertificateFile" and "...KeyFile" entry. Two "Listen 443" entries. (well, with the above instructions, I got only one, because I didn't change the default from 80 to 443 -- but the RedHat customization guide said I should add a port 443.) Expected Results: Two "SSLCertificateFile" and "...KeyFile" entries. Is the first one needed? Only one "Listen 443" entry. Additional info: *** httpd.conf Fri Dec 20 07:27:53 2002 --- httpd.conf~ Fri Dec 20 07:24:59 2002 *************** *** 732,739 **** ServerSignature email SSLEngine on - SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt - SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Reassinging to r-c-h and myself. Read ya, Phil
Most of the SSL stuff should be fixed in the lastest rawhide version. Read ya, Phil