By the way

http://gentoo-wiki.com/HOWTO_Email:_A_Complete_Virtual_System_-_Web_Access

   - Follow the steps at 
http://slacksite.com/apache/certificate.html
   - cat server.pem > poundcert.pem
   - cat server.crt >> poundcert.pem

openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key
 1024
openssl rsa -in server.key -out server.pem
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt

Now these two files as above have been put into 
poundcert.pem

and apache config as per last email is using new certificates.

(None of above is clearly explained on the debian package installed)

When i try to access the url before the 500 error I actually get the SSL request popping up on browser saying its an untrusted SSL source which is correct) but then it gives 500 once you press ok to continue




On 10/07/07, Mister V <badvad@gmail.com> wrote:
https returns

500 internal error

An internal server error occurred. Please try again later.

syslog says:

Jul 10 19:44:08 localhost pound: response error read from 127.0.0.1:82:
Connection reset by peer

apache-ssl logs says:

[Tue Jul 10 19:44:08 2007] [error] SSL_accept failed
[Tue Jul 10 19:44:08 2007] [error] error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request
From what i have researched it is passing http to https port .?

This is my config ?

(where am i going wrong or what is done wrong)
pound.cfg(ssl config)
  ListenHTTPS
                Address xxx.xxx.xxx.xxx
                Port    443
                Cert    "/etc/apache-ssl/poundcert.pem"
                AddHeader "X-Forwarded-Proto: https"

                HeadRemove "X-Forwarded-Proto"
                AddHeader "Front-End-Https: on"
                Ciphers "RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA"
        Service
               Url
"(%|`|;|\|@|\||~|<|>|\"|\$|\(|\)|\{|\}|\[|\]\*|!|')"
               Redirect    "http://www.domain/"
        End
        Service
              BackEnd
               Address  127.0.0.1
               Port  82
             End
        End
  End

(netstat - showing port 82 is up)
root@XXXXXX:# netstat -an|grep 82
tcp        0      0 127.0.0.1:82             0.0.0.0:*               LISTEN


httpd.conf in apache-ssl showing the various configs done or there for ssl.

grep 82 /etc/apache-ssl/httpd.conf
Listen 127.0.0.1:82
Port 82


grep SSL /etc/apache-ssl/httpd.conf |grep -v "#"
SSLRandomFile file /dev/urandom 1024
SSLRandomFilePerConnection file /dev/urandom 1024
SSLEnable
SSLCacheServerPath /usr/lib/apache-ssl/gcache
SSLCacheServerPort /var/run/gcache_port
SSLSessionCacheTimeout 15
SSLCertificateKeyFile /etc/apache-ssl/server.pem
SSLCertificateFile     /etc/apache-ssl/server.crt
SSLVerifyClient 0
SSLVerifyDepth 10
SSLUseCRL
SSLCRLCheckAll
SSLOnRevocationSetEnv SSL_REVOKED
SSLOnCRLExpirySetEnv SSL_CRL_EXPIRED
SSLOnNoCRLSetEnv SSL_NO_CRL
SSLFakeBasicAuth
SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA
SSLRequireCipher
SSLBanCipher NULL-MD5:NULL-SHA

thanks
vahid


--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact roseg@apsis.ch for questions.