Hi, I'm trying to get SSL working on UniServer Zero XI 11.3.2. Here are the steps I've taken so far: I've enabled the ssl_module Copied my websites.crt, websites.key and websites.ca-bundle files to C:\UniServerZ\core\apache2\server_certs Uncommented 'Include conf/extra/httpd-ssl.conf' in C:\UniServerZ\core\apache2\conf\httpd.conf Edited my httpd-ssl.conf to be:
#=========================================================
# File name: httpd-ssl.conf
# Created By: The Uniform Server Development Team
# Edited Last By: Mike Gleaves (ric)
# Apache HTTP server configuration file.
# V 1.0 15-3-2013
#=========================================================
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailed information about these
# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
#################### Global SSL ##########################
Listen ${AP_SSL_PORT} https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#== Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is an internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:c:/Apache24/logs/ssl_scache"
SSLSessionCache shmcb:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300
#== Pseudo Random Number Generator (PRNG):
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
##
## SSL Virtual Host Context
##
<VirtualHost _default_:${AP_SSL_PORT}>
# General setup for the virtual host
ServerName ${US_SERVERNAME}
DocumentRoot ${US_ROOTF_SSL}
ServerAdmin you@example.com
ErrorLog logs/error_ssl.log
TransferLog logs/access_ssl.log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLOptions +StrictRequire
#== SSL Cipher Suite:
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
#== Server Certificate:
SSLCertificateFile ${US_ROOTF}/core/apache2/server_certs/websites.crt
#== Server Private Key:
SSLCertificateKeyFile ${US_ROOTF}/core/apache2/server_certs/websites.key
#== StartSSL certificate chain for class 1 certificates
# Disable when using a self-signed certificate
# Enable remove # disable add #
SSLCertificateChainFile ${US_ROOTF}/core/apache2/server_certs/websites.ca-bundle
#SSLCertificateChainFile ${US_ROOTF}/core/apache2/server_certs/sub.class1.server.ca.pem
#SSLCACertificateFile ${US_ROOTF}/core/apache2/server_certs/ca.pem
SSLVerifyClient none
SSLProxyEngine off
#== Server Root folder:
<Directory "${US_ROOTF_SSL}">
AllowOverride All
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
#== Most problems of broken clients are related to the HTTP
# keep-alive facility. Disable keep-alive for those clients.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
I've tried to start Apache, but UniServer Zero gives a 'Apache failed to start' dialog. I've looked in error.log and there's nothing to indicate a problem. error_ssl.log didn't exist, so I created it and tried to restart Apache again. After the error dialog, error_ssl.log remains empty. Where am I going wrong?