From owner-FreeBSD-users-jp@jp.freebsd.org  Tue Aug 19 10:21:05 1997
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta6/8.7.3) id KAA09043
	Tue, 19 Aug 1997 10:21:05 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta6/8.7.3) with ESMTP id KAA09021
	for <freebsd-users-jp@jp.freebsd.org>; Tue, 19 Aug 1997 10:21:01 +0900 (JST)
Received: from uru.kuc-jp.com (localhost [127.0.0.1]) by uru.kuc-jp.com (8.8.5/3.5W-kuc-jp.com) with ESMTP id KAA01981 for <freebsd-users-jp@jp.freebsd.org>; Tue, 19 Aug 1997 10:23:37 +0900 (JST)
Message-Id: <199708190123.KAA01981@uru.kuc-jp.com>
To: freebsd-users-jp@jp.freebsd.org
X-Mailer: Mew version 1.54 on Emacs 19.28.1, Mule 2.3
Mime-Version: 1.Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Tue, 19 Aug 1997 10:23:36 +0900
From: Shizuhiro Urushidani <uru@kuc-jp.com>
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: bulk
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=20]
X-Sequence: FreeBSD-users-jp 17025
Subject: [FreeBSD-users-jp 17025] apache_ssl 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org

----
$B<?C+$H8@$$$^$9!#(B
$B$3$3$G<ALd$5$;$F$$$?$@$$$FNI$$$N$+$H;W$$$^$7$?$,(Bwww.freebsd.org/ports$B$N$J$+$K5-:\$,$"$k$N$G$H$j$"$($:$3$3$+$J$H;W$$<ALd$5$;$FD:$/;v$K$7$^$7$?!#(B

$B4D6-(B
 FreeBSD 2.2.1(4/1)
 SSLeay-0.8.1
 apache_1.2.0+ssl_1.8.tar.gz
 Netscape 4.02b7

$B>I>u(B
Netscape$B$G(Bhttp://www.xx.xx:8887/$B$H%5!<%P!<$K%"%/%;%9$9$k$H(B
"Document contains no data"$B$J$k%(%i!<$,$G$^$9!#(B

apache_ssl
apache$B$N%9%?!<%H%"%C%W;~$N%a%C%;!<%8$O(B
Reading certificate and key for server uru.kuc-jp.com:8887
httpsd# Attempt to reinitialise SSL for server uru.kuc-jp.com
$B$G(B
Netscape$B$G%"%/%;%9$7$?>l9g$N(B/var/log/httpsd-error.log$B$N%(%i!<%m%0$O(B
[Mon Aug 18 13:32:19 1997] Server configured -- resuming normal operations
[Mon Aug 18 13:32:56 1997] SSL_Accept failed
[Mon Aug 18 13:32:56 1997] error:140760EC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
$B$H$J$C$F$$$^$9!#(B

$B$A$J$_$K(Bhttpd.conf$B$NFbMF$O(B

# Copyright (C) 1995,6 Ben Laurie

# SSL Servers MUST be standalone, currently.
ServerType standalone

# The default port for SSL is 443...
Port 8887

# My test document root
DocumentRoot /usr/local/www/data/public_html

# Note that all SSL options can apply to virtual hosts.

# Disable SSL. Useful in combination with virtual hosts.
#SSLDisable

# Set the CA certificate verification path (must be PEM encoded).
# (in addition to getenv("SSL_CERT_DIR"), I think).
SSLCACertificatePath /usr/local/certs

# Set the CA certificate verification file (must be PEM encoded).
# (in addition to getenv("SSL_CERT_FILE"), I think).
#SSLCACertificateFile /some/where/somefile
#SSLCACertificateFile /u/ben/apache/apache_1.2.0-ssl/SSLconf/conf/httpsd.pem

# Point SSLCertificateFile at a PEM encoded certificate.
# If the certificate is encrypted, then you will be prompted for a pass phrase.
# Note that a kill -1 will prompt again.
# A test certificate can be generated with "make certificate".
SSLCertificateFile /usr/local/certs/cert.pem

# If the key is not combined with the certificate, use this directive to
# point at the key file. If this starts with a '/' it specifies an absolute
# path, otherwise it is relative to the default certificate area. That is, it
# means "<default>/private/<keyfile>".
#SSLCertificateKeyFile /some/place/with/your.key

# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not required to
#   have a valid CA
SSLVerifyClient 3
# How deeply to verify before deciding they don't have a valid certificate
SSLVerifyDepth 10

# Translate the client X509 into a Basic authorisation. This means that the
# standard Auth/DBMAuth methods can be used for access control. The user name
# is the "one line" version of the client's X509 certificate. Note that no
# password is obtained from the user. Every entry in the user file needs this
# password: xxj31ZMTZzkVA. See the code for further explanation.
SSLFakeBasicAuth

# A home for miscellaneous rubbish generated by SSL. Much of it is duplicated
# in the error log file.
SSLLogFile /tmp/ssl.log

# Custom logging
CustomLog       logs/ssl_log "%t %{version}c %{cipher}c %{clientcert}c"

# New and undocumented directives
#SSLRequiredCiphers
#SSLRequireCipher
#SSLBanCipher

# Experiment with authorization...
#<Directory /u/ben/www/1/docs>
#AuthType Basic
#AuthName Experimental
#AuthGroupFile /dev/null
#AuthUserFile /u/ben/www/1/users
#<Limit PUT GET>
#allow from all
#require valid-user
#</Limit>
#</Directory>

ScriptAlias     /scripts        /u/ben/www/scripts

$B$G$9!#(B

$B0J>e$G$*<j>e$2>uBV$G$9!#(B
$B$h$m$7$/$*4j$$$7$^$9!#(B
--------------------------------------
Shizuhiro Urushidani($B<?C+@E9-(B)
e-mail:uru@kuc-jp.com


