<ol><li>Check that your server is binding to the right port with lsof or netstat or similar (can't remember the latest tool for this job).<br></li><li>Telnet to the port from the server.<br></li><li>Use openssl commandline tool to see if you can see the certificate on that port from the server.<br>
</li><li>Use a browser on the server to see if you can connect to the server locally.<br></li><li>Check the serverlogs and the errorlogs to see what's going on. IIRC there's some form of ssl log on many setups - you may be able to configure this somewhere also.<br>
</li></ol><div><br></div><div>Then try the last four from another machine on the same subnet, and then on other networks.</div><div><br></div><div>Cheers</div><div><br></div><div>Richard</div><div><br></div><div><br><br><div class="gmail_quote">
On Fri, May 9, 2008 at 4:11 PM, Avi Greenbury <<a href="mailto:avismailinglistaccount@googlemail.com">avismailinglistaccount@googlemail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
The webserver I look after has recently suddenly stopped serving https requests. It's got DTC Admin on it, which relies on https.<br>
<br>
I've been trying to work out why, but I don't know where to look first - I've never really used https for anything before. It's a Debian box, everything (aside from DTC) has been installed from repositories.<br>
<br>
On restarting Apache, error.log says<br>
<br>
[Fri May 09 15:19:44 2008] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch10 mod_ssl/2.2.3 OpenSSL/0.9.8c configured -- resuming normal operations<br>
<br>
Which implies (to me at least) that it is loading mod_ssl. I've not touched /etc/apache2/mods-enabled/ssl.conf since installing, but I've appended it to the email anyway.<br>
<br>
Other modules are loading and working as expected (php5, userdir, rewrite).<br>
<br>
Any ideas?<br>
<br>
<br>
<br>
ssl.conf:<br>
<br>
shrek:/var/log/apache2# cat /etc/apache2/mods-enabled/ssl.conf<br>
<IfModule mod_ssl.c><br>
#<br>
# Pseudo Random Number Generator (PRNG):<br>
# Configure one or more sources to seed the PRNG of the SSL library.<br>
# The seed data should be of good random quality.<br>
# WARNING! On some platforms /dev/random blocks if not enough entropy<br>
# is available. This means you then cannot use the /dev/random device<br>
# because it would lead to very long connection times (as long as<br>
# it requires to make more entropy available). But usually those<br>
# platforms additionally provide a /dev/urandom device which doesn't<br>
# block. So, if available, use this one instead. Read the mod_ssl User<br>
# Manual for more details.<br>
#<br>
SSLRandomSeed startup builtin<br>
SSLRandomSeed startup file:/dev/urandom 512<br>
SSLRandomSeed connect builtin<br>
SSLRandomSeed connect file:/dev/urandom 512<br>
<br>
##<br>
## SSL Global Context<br>
##<br>
## All SSL configuration in this context applies both to<br>
## the main server and all SSL-enabled virtual hosts.<br>
##<br>
<br>
#<br>
# Some MIME-types for downloading Certificates and CRLs<br>
#<br>
AddType application/x-x509-ca-cert .crt<br>
AddType application/x-pkcs7-crl .crl<br>
<br>
# Pass Phrase Dialog:<br>
# Configure the pass phrase gathering process.<br>
# The filtering dialog program (`builtin' is a internal<br>
# terminal dialog) has to provide the pass phrase on stdout.<br>
SSLPassPhraseDialog builtin<br>
<br>
# Inter-Process Session Cache:<br>
# Configure the SSL Session Cache: First the mechanism<br>
# to use and second the expiring timeout (in seconds).<br>
#SSLSessionCache dbm:/var/run/apache2/ssl_scache<br>
SSLSessionCache shmcb:/var/run/apache2/ssl_scache(512000)<br>
SSLSessionCacheTimeout 300<br>
<br>
# Semaphore:<br>
# Configure the path to the mutual exclusion semaphore the<br>
# SSL engine uses internally for inter-process synchronization.<br>
SSLMutex file:/var/run/apache2/ssl_mutex<br>
</IfModule><br>
<br>
--<br>
Avi Greenbury<br>
<font color="#888888">--<br>
Gllug mailing list - <a href="mailto:Gllug@gllug.org.uk">Gllug@gllug.org.uk</a><br>
<a href="http://lists.gllug.org.uk/mailman/listinfo/gllug" target="_blank">http://lists.gllug.org.uk/mailman/listinfo/gllug</a><br>
</font></blockquote></div><br></div>