Search the Community

Hi, I'm trying to get SSL working on UniServer Zero XI 11.3.2. Here are the steps I've taken so far: I've enabled the ssl_module Copied my websites.crt, websites.key and websites.ca-bundle files to C:\UniServerZ\core\apache2\server_certs Uncommented 'Include conf/extra/httpd-ssl.conf' in C:\UniServerZ\core\apache2\conf\httpd.conf Edited my httpd-ssl.conf to be: #========================================================= # File name: httpd-ssl.conf # Created By: The Uniform Server Development Team # Edited Last By: Mike Gleaves (ric) # Apache HTTP server configuration file. # V 1.0 15-3-2013 #========================================================= # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailed information about these # directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Required modules: mod_log_config, mod_setenvif, mod_ssl, # socache_shmcb_module (for default value of SSLSessionCache) # # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # #################### Global SSL ########################## Listen ${AP_SSL_PORT} https ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## #== Some MIME-types for downloading Certificates and CRLs AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is an internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCache "dbm:c:/Apache24/logs/ssl_scache" SSLSessionCache shmcb:logs/ssl_scache(512000) SSLSessionCacheTimeout 300 #== Pseudo Random Number Generator (PRNG): SSLRandomSeed startup builtin SSLRandomSeed connect builtin ## ## SSL Virtual Host Context ## <VirtualHost _default_:${AP_SSL_PORT}> # General setup for the virtual host ServerName ${US_SERVERNAME} DocumentRoot ${US_ROOTF_SSL} ServerAdmin you@example.com ErrorLog logs/error_ssl.log TransferLog logs/access_ssl.log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLOptions +StrictRequire #== SSL Cipher Suite: SSLProtocol -all +TLSv1 +SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM #== Server Certificate: SSLCertificateFile ${US_ROOTF}/core/apache2/server_certs/websites.crt #== Server Private Key: SSLCertificateKeyFile ${US_ROOTF}/core/apache2/server_certs/websites.key #== StartSSL certificate chain for class 1 certificates # Disable when using a self-signed certificate # Enable remove # disable add # SSLCertificateChainFile ${US_ROOTF}/core/apache2/server_certs/websites.ca-bundle #SSLCertificateChainFile ${US_ROOTF}/core/apache2/server_certs/sub.class1.server.ca.pem #SSLCACertificateFile ${US_ROOTF}/core/apache2/server_certs/ca.pem SSLVerifyClient none SSLProxyEngine off #== Server Root folder: <Directory "${US_ROOTF_SSL}"> AllowOverride All Order allow,deny Allow from all SSLRequireSSL </Directory> #== Most problems of broken clients are related to the HTTP # keep-alive facility. Disable keep-alive for those clients. SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> I've tried to start Apache, but UniServer Zero gives a 'Apache failed to start' dialog. I've looked in error.log and there's nothing to indicate a problem. error_ssl.log didn't exist, so I created it and tried to restart Apache again. After the error dialog, error_ssl.log remains empty. Where am I going wrong?