IdentifiantMot de passe
Loading...
Mot de passe oublié ?Je m'inscris ! (gratuit)
Navigation

Inscrivez-vous gratuitement
pour pouvoir participer, suivre les réponses en temps réel, voter pour les messages, poser vos propres questions et recevoir la newsletter

Apache Discussion :

Illegal instructions Certificats


Sujet :

Apache

  1. #1
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut Illegal instructions Certificats
    Bonjour,

    Dans le cadre d'un projet utilisant un serveur apache et ssl j'ai un petit problème lors du lancement du serveur.
    En effet lorsque je lance mon serveur le message d'erreur "Illegal Instruction" apparaît. Il semblerait que l'erreur vient de la ligne "SSLCertificateFile " car l'erreur n'apparait plus lorsque je la met en commentaire mais le server ne se lance pas .
    J'utilise une version 2.0.54 modifié d'apache qui inclut l'OCSP pour l'utilisation des certificats lié à la carte d'identité belge.

    Merci d'avance pour l'aide que vous pourriez m'apporter

    Voici mon fichier httpd.conf
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169
    170
    171
    172
    173
    174
    175
    176
    177
    178
    179
    180
    181
    182
    183
    184
    185
    186
    187
    188
    189
    190
    191
    192
    193
    194
    195
    196
    197
    198
    199
    200
    201
    202
    203
    204
    205
    206
    207
    208
    209
    210
    211
    212
    213
    214
    215
    216
    217
    218
    219
    220
    221
    222
    223
    224
    225
    226
    227
    228
    229
    230
    231
    232
    233
    234
    235
    236
    237
    238
    239
    240
    241
    242
    243
    244
    245
    246
    247
    248
    249
    250
    251
    252
    253
    254
    255
    256
    257
    258
    259
    260
    261
    262
    263
    264
    265
    266
    267
    268
    269
    270
    271
    272
    273
    274
    275
    276
    277
    278
    279
    280
    281
    282
    283
    284
    285
    286
    287
    288
    289
    290
    291
    292
    293
    294
    295
    296
    297
    298
    299
    300
    301
    302
    303
    304
    305
    306
    307
    308
    309
    310
    311
    312
    313
    314
    315
    316
    317
    318
    319
    320
    321
    322
    323
    324
    325
    326
    327
    328
    329
    330
    331
    332
    333
    334
    335
    336
    337
    338
    339
    340
    341
    342
    343
    344
    345
    346
    347
    348
    349
    350
    351
    352
    353
    354
    355
    356
    357
    358
    359
    360
    361
    362
    363
    364
    365
    366
    367
    368
    369
    370
    371
    372
    373
    374
    375
    376
    377
    378
    379
    380
    381
    382
    383
    384
    385
    386
    387
    388
    389
    390
    391
    392
    393
    394
    395
    396
    397
    398
    399
    400
    401
    402
    403
    404
    405
    406
    407
    408
    409
    410
    411
    412
    413
    414
    415
    416
    417
    418
    419
    420
    421
    422
    423
    424
    425
    426
    427
    428
    429
    430
    431
    432
    433
    434
    435
    436
    437
    438
    439
    440
    441
    442
    443
    444
    445
    446
    447
    448
    449
    450
    451
    452
    453
    454
    455
    456
    457
    458
    459
    460
    461
    462
    463
    464
    465
    466
    467
    468
    469
    470
    471
    472
    473
    474
    475
    476
    477
    478
    479
    480
    481
    482
    483
    484
    485
    486
    487
    488
    489
    490
    491
    492
    493
    494
    495
    496
    497
    498
    499
    500
    501
    502
    503
    504
    505
    506
    507
    508
    509
    510
    511
    512
    513
    514
    515
    516
    517
    518
    519
    520
    521
    522
    523
    524
    525
    526
    527
    528
    529
    530
    531
    532
    533
    534
    535
    536
    537
    538
    539
    540
    541
    542
    543
    544
    545
    546
    547
    548
    549
    550
    551
    552
    553
    554
    555
    556
    557
    558
    559
    560
    561
    562
    563
    564
    565
    566
    567
    568
    569
    570
    571
    572
    573
    574
    575
    576
    577
    578
    579
    580
    581
    582
    583
    584
    585
    586
    587
    588
    589
    590
    591
    592
    593
    594
    595
    596
    597
    598
    599
    600
    601
    602
    603
    604
    605
    606
    607
    608
    609
    610
    611
    612
    613
    614
    615
    616
    617
    618
    619
    620
    621
    622
    623
    624
    625
    626
    627
    628
    629
    630
    631
    632
    633
    634
    635
    636
    637
    638
    639
    640
    641
    642
    643
    644
    645
    646
    647
    648
    649
    650
    651
    652
    653
    654
    655
    656
    657
    658
    659
    660
    661
    662
    663
    664
    665
    666
    667
    668
    669
    670
    671
    672
    673
    674
    675
    676
    677
    678
    679
    680
    681
    682
    683
    684
    685
    686
    687
    688
    689
    690
    691
    692
    693
    694
    695
    696
    697
    698
    699
    700
    701
    702
    703
    704
    705
    706
    707
    708
    709
    710
    711
    712
    713
    714
    715
    716
    717
    718
    719
    720
    721
    722
    723
    724
    725
    726
    727
    728
    729
    730
    731
    732
    733
    734
    735
    736
    737
    738
    739
    740
    741
    742
    743
    744
    745
    746
    747
    748
    749
    750
    751
    752
    753
    754
    755
    756
    757
    758
    759
    760
    761
    762
    763
    764
    765
    766
    767
    768
    769
    770
    771
    772
    773
    774
    775
    776
    777
    778
    779
    780
    781
    782
    783
    784
    785
    786
    787
    788
    789
    790
    791
    792
    793
    794
    795
    796
    797
    798
    799
    800
    801
    802
    803
    804
    805
    806
    807
    808
    809
    810
    811
    812
    813
    814
    815
    816
    817
    818
    819
    820
    821
    822
    823
    824
    825
    826
    827
    828
    829
    830
    831
    832
    833
    834
    835
    836
    837
    838
    839
    840
    841
    842
    843
    844
    845
    846
    847
    848
    849
    850
    851
    852
    853
    854
    855
    856
    857
    858
    859
    860
    861
    862
    863
    864
    865
    866
    867
    868
    869
    870
    871
    872
    873
    874
    875
    876
    877
    878
    879
    880
    881
    882
    883
    884
    885
    886
    887
    888
    889
    890
    891
    892
    893
    894
    895
    896
    897
    898
    899
    900
    901
    902
    903
    904
    905
    906
    907
    908
    909
    910
    911
    912
    913
    914
    915
    916
    917
    918
    919
    920
    921
    922
    923
    924
    925
    926
    927
    928
    929
    930
    931
    932
    933
    934
    935
    936
    937
    938
    939
    940
    941
    942
    943
    944
    945
    946
    947
    948
    949
    950
    951
    952
    953
    954
    955
    956
    957
    958
    959
    960
    961
    962
    963
    964
    965
    966
    967
    968
    969
    970
    971
    972
    973
    974
    975
    976
    977
    978
    979
    980
    981
    982
    983
    984
    985
    986
    987
    988
    989
    990
    991
    992
    993
    994
    995
    996
    997
    998
    999
    1000
    1001
    1002
    1003
    1004
    1005
    1006
    1007
    1008
    1009
    1010
    1011
    1012
    1013
    1014
    1015
    1016
    1017
    1018
    1019
    1020
    1021
    1022
    1023
    1024
    1025
    1026
    1027
    1028
    1029
    1030
    1031
    1032
    1033
    1034
    1035
    1036
    1037
    1038
    1039
    1040
     
    #
    # Based upon the NCSA server configuration files originally by Rob McCool.
    #
    # This is the main Apache server configuration file.  It contains the
    # configuration directives that give the server its instructions.
    # See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about
    # the directives.
    #
    # Do NOT simply read the instructions in here without understanding
    # what they do.  They're here only as hints or reminders.  If you are unsure
    # consult the online docs. You have been warned.  
    #
    # The configuration directives are grouped into three basic sections:
    #  1. Directives that control the operation of the Apache server process as a
    #     whole (the 'global environment').
    #  2. Directives that define the parameters of the 'main' or 'default' server,
    #     which responds to requests that aren't handled by a virtual host.
    #     These directives also provide default values for the settings
    #     of all virtual hosts.
    #  3. Settings for virtual hosts, which allow Web requests to be sent to
    #     different IP addresses or hostnames and have them handled by the
    #     same Apache server process.
    #
    # Configuration and logfile names: If the filenames you specify for many
    # of the server's control files begin with "/" (or "drive:/" for Win32), the
    # server will use that explicit path.  If the filenames do *not* begin
    # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
    # with ServerRoot set to "/usr/local/apache2" will be interpreted by the
    # server as "/usr/local/apache2/logs/foo.log".
    #
     
    ### Section 1: Global Environment
    #
    # The directives in this section affect the overall operation of Apache,
    # such as the number of concurrent requests it can handle or where it
    # can find its configuration files.
    #
     
    #
    # ServerRoot: The top of the directory tree under which the server's
    # configuration, error, and log files are kept.
    #
    # NOTE!  If you intend to place this on an NFS (or otherwise network)
    # mounted filesystem then please read the LockFile documentation (available
    # at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>);
    # you will save yourself a lot of trouble.
    #
    # Do NOT add a slash at the end of the directory path.
    #
    ServerRoot "/usr/local/apache2"
     
    #
    # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
    #
    <IfModule !mpm_winnt.c>
    <IfModule !mpm_netware.c>
    #LockFile logs/accept.lock
    </IfModule>
    </IfModule>
     
    #
    # ScoreBoardFile: File used to store internal server process information.
    # If unspecified (the default), the scoreboard will be stored in an
    # anonymous shared memory segment, and will be unavailable to third-party
    # applications.
    # If specified, ensure that no two invocations of Apache share the same
    # scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK.
    #
    <IfModule !mpm_netware.c>
    <IfModule !perchild.c>
    #ScoreBoardFile logs/apache_runtime_status
    </IfModule>
    </IfModule>
     
     
    #
    # PidFile: The file in which the server should record its process
    # identification number when it starts.
    #
    <IfModule !mpm_netware.c>
    PidFile logs/httpd.pid
    </IfModule>
     
    #
    # Timeout: The number of seconds before receives and sends time out.
    #
    Timeout 300
     
    #
    # KeepAlive: Whether or not to allow persistent connections (more than
    # one request per connection). Set to "Off" to deactivate.
    #
    KeepAlive On
     
    #
    # MaxKeepAliveRequests: The maximum number of requests to allow
    # during a persistent connection. Set to 0 to allow an unlimited amount.
    # We recommend you leave this number high, for maximum performance.
    #
    MaxKeepAliveRequests 100
     
    #
    # KeepAliveTimeout: Number of seconds to wait for the next request from the
    # same client on the same connection.
    #
    KeepAliveTimeout 15
     
    ##
    ## Server-Pool Size Regulation (MPM specific)
    ## 
     
    # prefork MPM
    # StartServers: number of server processes to start
    # MinSpareServers: minimum number of server processes which are kept spare
    # MaxSpareServers: maximum number of server processes which are kept spare
    # MaxClients: maximum number of server processes allowed to start
    # MaxRequestsPerChild: maximum number of requests a server process serves
    <IfModule prefork.c>
    StartServers         5
    MinSpareServers      5
    MaxSpareServers     10
    MaxClients         150
    MaxRequestsPerChild  0
    </IfModule>
     
    # worker MPM
    # StartServers: initial number of server processes to start
    # MaxClients: maximum number of simultaneous client connections
    # MinSpareThreads: minimum number of worker threads which are kept spare
    # MaxSpareThreads: maximum number of worker threads which are kept spare
    # ThreadsPerChild: constant number of worker threads in each server process
    # MaxRequestsPerChild: maximum number of requests a server process serves
    <IfModule worker.c>
    StartServers         2
    MaxClients         150
    MinSpareThreads     25
    MaxSpareThreads     75 
    ThreadsPerChild     25
    MaxRequestsPerChild  0
    </IfModule>
     
    # perchild MPM
    # NumServers: constant number of server processes
    # StartThreads: initial number of worker threads in each server process
    # MinSpareThreads: minimum number of worker threads which are kept spare
    # MaxSpareThreads: maximum number of worker threads which are kept spare
    # MaxThreadsPerChild: maximum number of worker threads in each server process
    # MaxRequestsPerChild: maximum number of connections per server process
    <IfModule perchild.c>
    NumServers           5
    StartThreads         5
    MinSpareThreads      5
    MaxSpareThreads     10
    MaxThreadsPerChild  20
    MaxRequestsPerChild  0
    </IfModule>
     
    # WinNT MPM
    # ThreadsPerChild: constant number of worker threads in the server process
    # MaxRequestsPerChild: maximum  number of requests a server process serves
    <IfModule mpm_winnt.c>
    ThreadsPerChild 250
    MaxRequestsPerChild  0
    </IfModule>
     
    # BeOS MPM
    # StartThreads: how many threads do we initially spawn?
    # MaxClients:   max number of threads we can have (1 thread == 1 client)
    # MaxRequestsPerThread: maximum number of requests each thread will process
    <IfModule beos.c>
    StartThreads               10
    MaxClients                 50
    MaxRequestsPerThread       10000
    </IfModule>    
     
    # NetWare MPM
    # ThreadStackSize: Stack size allocated for each worker thread
    # StartThreads: Number of worker threads launched at server startup
    # MinSpareThreads: Minimum number of idle threads, to handle request spikes
    # MaxSpareThreads: Maximum number of idle threads
    # MaxThreads: Maximum number of worker threads alive at the same time
    # MaxRequestsPerChild: Maximum  number of requests a thread serves. It is 
    #                      recommended that the default value of 0 be set for this
    #                      directive on NetWare.  This will allow the thread to 
    #                      continue to service requests indefinitely.                          
    <IfModule mpm_netware.c>
    ThreadStackSize      65536
    StartThreads           250
    MinSpareThreads         25
    MaxSpareThreads        250
    MaxThreads            1000
    MaxRequestsPerChild      0
    MaxMemFree             100
    </IfModule>
     
    # OS/2 MPM
    # StartServers: Number of server processes to maintain
    # MinSpareThreads: Minimum number of idle threads per process, 
    #                  to handle request spikes
    # MaxSpareThreads: Maximum number of idle threads per process
    # MaxRequestsPerChild: Maximum number of connections per server process
    <IfModule mpmt_os2.c>
    StartServers           2
    MinSpareThreads        5
    MaxSpareThreads       10
    MaxRequestsPerChild    0
    </IfModule>
     
    #
    # Listen: Allows you to bind Apache to specific IP addresses and/or
    # ports, instead of the default. See also the <VirtualHost>
    # directive.
    #
    # Change this to Listen on specific IP addresses as shown below to 
    # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
    #
    #Listen 12.34.56.78:80
     
    Listen 80
     
    #
    # Dynamic Shared Object (DSO) Support
    #
    # To be able to use the functionality of a module which was built as a DSO you
    # have to place corresponding `LoadModule' lines at this location so the
    # directives contained in it are actually available _before_ they are used.
    # Statically compiled modules (those listed by `httpd -l') do not need
    # to be loaded here.
    #
    # Example:
    # LoadModule foo_module modules/mod_foo.so
    #
     
    #
    # ExtendedStatus controls whether Apache will generate "full" status
    # information (ExtendedStatus On) or just basic information (ExtendedStatus
    # Off) when the "server-status" handler is called. The default is Off.
    #
    #ExtendedStatus On
     
    ### Section 2: 'Main' server configuration
    #
    # The directives in this section set up the values used by the 'main'
    # server, which responds to any requests that aren't handled by a
    # <VirtualHost> definition.  These values also provide defaults for
    # any <VirtualHost> containers you may define later in the file.
    #
    # All of these directives may appear inside <VirtualHost> containers,
    # in which case these default settings will be overridden for the
    # virtual host being defined.
    #
     
    <IfModule !mpm_winnt.c>
    <IfModule !mpm_netware.c>
    #
    # If you wish httpd to run as a different user or group, you must run
    # httpd as root initially and it will switch.  
    #
    # User/Group: The name (or #number) of the user/group to run httpd as.
    #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
    #  . On HPUX you may not be able to use shared memory as nobody, and the
    #    suggested workaround is to create a user www and use that user.
    #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
    #  when the value of (unsigned)Group is above 60000; 
    #  don't use Group #-1 on these systems!
    #
    User nobody
    Group #-1
    </IfModule>
    </IfModule>
     
    #
    # ServerAdmin: Your address, where problems with the server should be
    # e-mailed.  This address appears on some server-generated pages, such
    # as error documents.  e.g. admin@your-domain.com
    #
    ServerAdmin you@example.com
     
    #
    # ServerName gives the name and port that the server uses to identify itself.
    # This can often be determined automatically, but we recommend you specify
    # it explicitly to prevent problems during startup.
    #
    # If this is not set to valid DNS name for your host, server-generated
    # redirections will not work.  See also the UseCanonicalName directive.
    #
    # If your host doesn't have a registered DNS name, enter its IP address here.
    # You will have to access it by its address anyway, and this will make 
    # redirections work in a sensible way.
    #
    #ServerName www.example.com:80
     
    #
    # UseCanonicalName: Determines how Apache constructs self-referencing 
    # URLs and the SERVER_NAME and SERVER_PORT variables.
    # When set "Off", Apache will use the Hostname and Port supplied
    # by the client.  When set "On", Apache will use the value of the
    # ServerName directive.
    #
    UseCanonicalName Off
     
    #
    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    #
    DocumentRoot "/usr/local/apache2/htdocs"
     
    #
    # Each directory to which Apache has access can be configured with respect
    # to which services and features are allowed and/or disabled in that
    # directory (and its subdirectories). 
    #
    # First, we configure the "default" to be a very restrictive set of 
    # features.  
    #
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
     
    #
    # Note that from this point forward you must specifically allow
    # particular features to be enabled - so if something's not working as
    # you might expect, make sure that you have specifically enabled it
    # below.
    #
     
    #
    # This should be changed to whatever you set DocumentRoot to.
    #
    <Directory "/usr/local/apache2/htdocs">
     
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs-2.0/mod/core.html#options
    # for more information.
    #
        Options Indexes FollowSymLinks
     
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
        AllowOverride None
     
    #
    # Controls who can get stuff from this server.
    #
        Order allow,deny
        Allow from all
     
    </Directory>
     
    #
    # UserDir: The name of the directory that is appended onto a user's home
    # directory if a ~user request is received.
    #
    UserDir public_html
     
    #
    # Control access to UserDir directories.  The following is an example
    # for a site where these directories are restricted to read-only.
    #
    #<Directory /home/*/public_html>
    #    AllowOverride FileInfo AuthConfig Limit Indexes
    #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    #    <Limit GET POST OPTIONS PROPFIND>
    #        Order allow,deny
    #        Allow from all
    #    </Limit>
    #    <LimitExcept GET POST OPTIONS PROPFIND>
    #        Order deny,allow
    #        Deny from all
    #    </LimitExcept>
    #</Directory>
     
    #
    # DirectoryIndex: sets the file that Apache will serve if a directory
    # is requested.
    #
    # The index.html.var file (a type-map) is used to deliver content-
    # negotiated documents.  The MultiViews Option can be used for the 
    # same purpose, but it is much slower.
    #
    DirectoryIndex index.html index.html.var
     
    #
    # AccessFileName: The name of the file to look for in each directory
    # for additional configuration directives.  See also the AllowOverride 
    # directive.
    #
    AccessFileName .htaccess
     
    #
    # The following lines prevent .htaccess and .htpasswd files from being 
    # viewed by Web clients. 
    #
    <Files ~ "^\.ht">
        Order allow,deny
        Deny from all
    </Files>
     
    #
    # TypesConfig describes where the mime.types file (or equivalent) is
    # to be found.
    #
    TypesConfig conf/mime.types
     
    #
    # DefaultType is the default MIME type the server will use for a document
    # if it cannot otherwise determine one, such as from filename extensions.
    # If your server contains mostly text or HTML documents, "text/plain" is
    # a good value.  If most of your content is binary, such as applications
    # or images, you may want to use "application/octet-stream" instead to
    # keep browsers from trying to display binary files as though they are
    # text.
    #
    DefaultType text/plain
     
    #
    # The mod_mime_magic module allows the server to use various hints from the
    # contents of the file itself to determine its type.  The MIMEMagicFile
    # directive tells the module where the hint definitions are located.
    #
    <IfModule mod_mime_magic.c>
        MIMEMagicFile conf/magic
    </IfModule>
     
    #
    # HostnameLookups: Log the names of clients or just their IP addresses
    # e.g., www.apache.org (on) or 204.62.129.132 (off).
    # The default is off because it'd be overall better for the net if people
    # had to knowingly turn this feature on, since enabling it means that
    # each client request will result in AT LEAST one lookup request to the
    # nameserver.
    #
    HostnameLookups Off
     
    #
    # EnableMMAP: Control whether memory-mapping is used to deliver
    # files (assuming that the underlying OS supports it).
    # The default is on; turn this off if you serve from NFS-mounted 
    # filesystems.  On some systems, turning it off (regardless of
    # filesystem) can improve performance; for details, please see
    # http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
    #
    #EnableMMAP off
     
    #
    # EnableSendfile: Control whether the sendfile kernel support is 
    # used  to deliver files (assuming that the OS supports it).
    # The default is on; turn this off if you serve from NFS-mounted 
    # filesystems.  Please see
    # http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
    #
    #EnableSendfile off
     
    #
    # ErrorLog: The location of the error log file.
    # If you do not specify an ErrorLog directive within a <VirtualHost>
    # container, error messages relating to that virtual host will be
    # logged here.  If you *do* define an error logfile for a <VirtualHost>
    # container, that host's errors will be logged there and not here.
    #
    ErrorLog logs/error_log
     
    #
    # LogLevel: Control the number of messages logged to the error_log.
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    #
    LogLevel info
     
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
     
    # You need to enable mod_logio.c to use %I and %O
    #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
     
    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog logs/access_log common
     
    #
    # If you would like to have agent and referer logfiles, uncomment the
    # following directives.
    #
    #CustomLog logs/referer_log referer
    #CustomLog logs/agent_log agent
     
    #
    # If you prefer a single logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog logs/access_log combined
     
    #
    # ServerTokens
    # This directive configures what you return as the Server HTTP response
    # Header. The default is 'Full' which sends information about the OS-Type
    # and compiled in modules.
    # Set to one of:  Full | OS | Minor | Minimal | Major | Prod
    # where Full conveys the most information, and Prod the least.
    #
    ServerTokens Full
     
    #
    # Optionally add a line containing the server version and virtual host
    # name to server-generated pages (internal error documents, FTP directory 
    # listings, mod_status and mod_info output etc., but not CGI generated 
    # documents or custom error documents).
    # Set to "EMail" to also include a mailto: link to the ServerAdmin.
    # Set to one of:  On | Off | EMail
    #
    ServerSignature On
     
    #
    # Aliases: Add here as many aliases as you need (with no limit). The format is 
    # Alias fakename realname
    #
    # Note that if you include a trailing / on fakename then the server will
    # require it to be present in the URL.  So "/icons" isn't aliased in this
    # example, only "/icons/".  If the fakename is slash-terminated, then the 
    # realname must also be slash terminated, and if the fakename omits the 
    # trailing slash, the realname must also omit it.
    #
    # We include the /icons/ alias for FancyIndexed directory listings.  If you
    # do not use FancyIndexing, you may comment this out.
    #
    Alias /icons/ "/usr/local/apache2/icons/"
     
    <Directory "/usr/local/apache2/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>
     
    #
    # This should be changed to the ServerRoot/manual/.  The alias provides
    # the manual, even if you choose to move your DocumentRoot.  You may comment
    # this out if you do not care for the documentation.
    #
    AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/local/apache2/manual$1"
     
    <Directory "/usr/local/apache2/manual">
        Options Indexes
        AllowOverride None
        Order allow,deny
        Allow from all
     
        <Files *.html>
            SetHandler type-map
        </Files>
     
        SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
        RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
    </Directory>
     
    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the realname directory are treated as applications and
    # run by the server when requested rather than as documents sent to the client.
    # The same rules about trailing "/" apply to ScriptAlias directives as to
    # Alias.
    #
    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
     
    <IfModule mod_cgid.c>
    #
    # Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
    # for setting UNIX socket for communicating with cgid.
    #
    #Scriptsock            logs/cgisock
    </IfModule>
     
    #
    # "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have that configured.
    #
    <Directory "/usr/local/apache2/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>
     
    #
    # Redirect allows you to tell clients about documents which used to exist in
    # your server's namespace, but do not anymore. This allows you to tell the
    # clients where to look for the relocated document.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar
     
    #
    # Directives controlling the display of server-generated directory listings.
    #
     
    #
    # IndexOptions: Controls the appearance of server-generated directory
    # listings.
    #
    IndexOptions FancyIndexing VersionSort
     
    #
    # AddIcon* directives tell the server which icon to show for different
    # files or filename extensions.  These are only displayed for
    # FancyIndexed directories.
    #
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
     
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*
     
    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
     
    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
     
    #
    # DefaultIcon is which icon to show for files which do not have an icon
    # explicitly set.
    #
    DefaultIcon /icons/unknown.gif
     
    #
    # AddDescription allows you to place a short description after a file in
    # server-generated indexes.  These are only displayed for FancyIndexed
    # directories.
    # Format: AddDescription "description" filename
    #
    #AddDescription "GZIP compressed document" .gz
    #AddDescription "tar archive" .tar
    #AddDescription "GZIP compressed tar archive" .tgz
     
    #
    # ReadmeName is the name of the README file the server will look for by
    # default, and append to directory listings.
    #
    # HeaderName is the name of a file which should be prepended to
    # directory indexes. 
    ReadmeName README.html
    HeaderName HEADER.html
     
    #
    # IndexIgnore is a set of filenames which directory indexing should ignore
    # and not include in the listing.  Shell-style wildcarding is permitted.
    #
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
     
    #
    # DefaultLanguage and AddLanguage allows you to specify the language of 
    # a document. You can then use content negotiation to give a browser a 
    # file in a language the user can understand.
    #
    # Specify a default language. This means that all data
    # going out without a specific language tag (see below) will 
    # be marked with this one. You probably do NOT want to set
    # this unless you are sure it is correct for all cases.
    #
    # * It is generally better to not mark a page as 
    # * being a certain language than marking it with the wrong
    # * language!
    #
    # DefaultLanguage nl
    #
    # Note 1: The suffix does not have to be the same as the language
    # keyword --- those with documents in Polish (whose net-standard
    # language code is pl) may wish to use "AddLanguage pl .po" to
    # avoid the ambiguity with the common suffix for perl scripts.
    #
    # Note 2: The example entries below illustrate that in some cases 
    # the two character 'Language' abbreviation is not identical to 
    # the two character 'Country' code for its country,
    # E.g. 'Danmark/dk' versus 'Danish/da'.
    #
    # Note 3: In the case of 'ltz' we violate the RFC by using a three char
    # specifier. There is 'work in progress' to fix this and get
    # the reference data for rfc1766 cleaned up.
    #
    # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
    # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
    # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
    # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
    # Norwegian (no) - Polish (pl) - Portugese (pt)
    # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
    # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
    #
    AddLanguage ca .ca
    AddLanguage cs .cz .cs
    AddLanguage da .dk
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage en .en
    AddLanguage eo .eo
    AddLanguage es .es
    AddLanguage et .et
    AddLanguage fr .fr
    AddLanguage he .he
    AddLanguage hr .hr
    AddLanguage it .it
    AddLanguage ja .ja
    AddLanguage ko .ko
    AddLanguage ltz .ltz
    AddLanguage nl .nl
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddLanguage pt .pt
    AddLanguage pt-BR .pt-br
    AddLanguage ru .ru
    AddLanguage sv .sv
    AddLanguage zh-CN .zh-cn
    AddLanguage zh-TW .zh-tw
     
    #
    # LanguagePriority allows you to give precedence to some languages
    # in case of a tie during content negotiation.
    #
    # Just list the languages in decreasing order of preference. We have
    # more or less alphabetized them here. You probably want to change this.
    #
    LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
     
    #
    # ForceLanguagePriority allows you to serve a result page rather than
    # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
    # [in case no accepted languages matched the available variants]
    #
    ForceLanguagePriority Prefer Fallback
     
    #
    # Commonly used filename extensions to character sets. You probably
    # want to avoid clashes with the language extensions, unless you
    # are good at carefully testing your setup after each change.
    # See http://www.iana.org/assignments/character-sets for the
    # official list of charset names and their respective RFCs.
    #
    AddCharset ISO-8859-1  .iso8859-1  .latin1
    AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
    AddCharset ISO-8859-3  .iso8859-3  .latin3
    AddCharset ISO-8859-4  .iso8859-4  .latin4
    AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
    AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
    AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
    AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
    AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
    AddCharset ISO-2022-JP .iso2022-jp .jis
    AddCharset ISO-2022-KR .iso2022-kr .kis
    AddCharset ISO-2022-CN .iso2022-cn .cis
    AddCharset Big5        .Big5       .big5
    # For russian, more than one charset is used (depends on client, mostly):
    AddCharset WINDOWS-1251 .cp-1251   .win-1251
    AddCharset CP866       .cp866
    AddCharset KOI8-r      .koi8-r .koi8-ru
    AddCharset KOI8-ru     .koi8-uk .ua
    AddCharset ISO-10646-UCS-2 .ucs2
    AddCharset ISO-10646-UCS-4 .ucs4
    AddCharset UTF-8       .utf8
     
    # The set below does not map to a specific (iso) standard
    # but works on a fairly wide range of browsers. Note that
    # capitalization actually matters (it should not, but it
    # does for some browsers).
    #
    # See http://www.iana.org/assignments/character-sets
    # for a list of sorts. But browsers support few.
    #
    AddCharset GB2312      .gb2312 .gb 
    AddCharset utf-7       .utf7
    AddCharset utf-8       .utf8
    AddCharset big5        .big5 .b5
    AddCharset EUC-TW      .euc-tw
    AddCharset EUC-JP      .euc-jp
    AddCharset EUC-KR      .euc-kr
    AddCharset shift_jis   .sjis
     
    #
    # AddType allows you to add to or override the MIME configuration
    # file mime.types for specific file types.
    #
    #AddType application/x-tar .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    # Despite the name similarity, the following Add* directives have nothing
    # to do with the FancyIndexing customization directives above.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
     
    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi
     
    #
    # For files that include their own HTTP headers:
    #
    #AddHandler send-as-is asis
     
    #
    # For server-parsed imagemap files:
    #
    #AddHandler imap-file map
     
    #
    # For type maps (negotiated resources):
    # (This is enabled by default to allow the Apache "It Worked" page
    #  to be distributed in multiple languages.)
    #
    AddHandler type-map var
     
    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
     
    #
    # Action lets you define media types that will execute a script whenever
    # a matching file is called. This eliminates the need for repeated URL
    # pathnames for oft-used CGI file processors.
    # Format: Action media/type /cgi-script/location
    # Format: Action handler-name /cgi-script/location
    #
     
    #
    # Customizable error responses come in three flavors:
    # 1) plain text 2) local redirects 3) external redirects
    #
    # Some examples:
    #ErrorDocument 500 "The server made a boo boo."
    #ErrorDocument 404 /missing.html
    #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
    #ErrorDocument 402 http://www.example.com/subscription_info.html
    #
     
    #
    # Putting this all together, we can internationalize error responses.
    #
    # We use Alias to redirect any /error/HTTP_<error>.html.var response to
    # our collection of by-error message multi-language collections.  We use 
    # includes to substitute the appropriate text.
    #
    # You can modify the messages' appearance without changing any of the
    # default HTTP_<error>.html.var files by adding the line:
    #
    #   Alias /error/include/ "/your/include/path/"
    #
    # which allows you to create your own set of files by starting with the
    # /usr/local/apache2/error/include/ files and copying them to /your/include/path/, 
    # even on a per-VirtualHost basis.  The default include files will display
    # your Apache version number and your ServerAdmin email address regardless
    # of the setting of ServerSignature.
    #
    # The internationalized error documents require mod_alias, mod_include
    # and mod_negotiation.  To activate them, uncomment the following 30 lines.
     
    #    Alias /error/ "/usr/local/apache2/error/"
    #
    #    <Directory "/usr/local/apache2/error">
    #        AllowOverride None
    #        Options IncludesNoExec
    #        AddOutputFilter Includes html
    #        AddHandler type-map var
    #        Order allow,deny
    #        Allow from all
    #        LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
    #        ForceLanguagePriority Prefer Fallback
    #    </Directory>
    #
    #    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    #    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    #    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    #    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    #    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    #    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    #    ErrorDocument 410 /error/HTTP_GONE.html.var
    #    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    #    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    #    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    #    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    #    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
    #    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    #    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    #    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    #    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    #    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
     
     
    #
    # The following directives modify normal HTTP response behavior to
    # handle known problems with browser implementations.
    #
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
     
    #
    # The following directive disables redirects on non-GET requests for
    # a directory that does not include the trailing slash.  This fixes a 
    # problem with Microsoft WebFolders which does not appropriately handle 
    # redirects for folders with DAV methods.
    # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
    #
    BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
    BrowserMatch "^WebDrive" redirect-carefully
    BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
    BrowserMatch "^gnome-vfs" redirect-carefully
     
    #
    # Allow server status reports generated by mod_status,
    # with the URL of http://servername/server-status
    # Change the ".example.com" to match your domain to enable.
    #
    #<Location /server-status>
    #    SetHandler server-status
    #    Order deny,allow
    #    Deny from all
    #    Allow from .example.com
    #</Location>
     
    #
    # Allow remote server configuration reports, with the URL of
    #  http://servername/server-info (requires that mod_info.c be loaded).
    # Change the ".example.com" to match your domain to enable.
    #
    #<Location /server-info>
    #    SetHandler server-info
    #    Order deny,allow
    #    Deny from all
    #    Allow from .example.com
    #</Location>
     
     
    #
    # Bring in additional module-specific configurations
    #
    SSLCertificateFile /usr/local/apache2/conf/ssl/ca.crt
    SSLCertificateKeyFile /usr/local/apache2/conf/ssl/ca.key
    SSLSessionCache shmcb:logs/ssl_cache_shm
    SSLSessionCacheTimeout 600
    SSLPassPhraseDialog builtin
     
    <VirtualHost _default_:80>
    	SSLEngine on
    	SSLOptions +StrictRequire +StdEnvVars +ExportCertData
    	<Directory />
    	  SSLRequireSSL
    	</Directory>
    	SSLProtocol -all +TLSv1 +SSLv3
    	SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
    	SSLVerifyClient require
    	SSLVerifyDepth 2
    	SSLCACertificateFile conf/ssl/client-trusted-list.pem
    	SSLUseOCSP on
    	SSLForceValidation on
    	SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
    	SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
    	ErrorLog logs/pt-mda-error_log
    	CustomLog logs/pt-mda-access_log common
    	LogLevel error
    	</VirtualHost>
    	<IfModule mime.c>
    	 AddType application/x-x509-ca-cert.crt
    	 AddType application/x-pkcs7-crl.crl
    	</IfModule>
     
    	<IfModule mod_proxy.c>
    		ProxyRequests off
    		ProxyPass / http://172.20.3.1/
    		ProxyPassReverse / http://172.20.3.1/
    	</IfModule>
     
    	RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}e"
    	RequestHeader set SSL_CLIENT_M_SERIAL "%{SSL_CLIENT_M_SERIAL}e"
    	RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}e"
    	RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}e"
     
    	SetEnvIf User-Agent ".*MSIE.*" \
    	nokeepalive ssl-unclean-shutdown \
    	downgrade-1.0 force-response-1.0

  2. #2
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Lorsque j'essaye sur une version d'ubuntu server plus ancienne j'exécute la commande ./apachectl sslstart le message d'erreur suivant apparaît :
    ./apachectl: line 78 : 6553 Illegal Instructions $HTTPD -k start -DSSL
    Voilà un peu plus de précisions si quelqu'un passe par la avec une solution

    Merci

  3. #3
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Il n'y a pas de LoadModule dans ton fichier httpd.conf. Comment Apache a-t-il été compilé ? Il faut que mod_ssl soit activé. Si Apache a été compilé avec les modules en statique, fais pour lister tous les modules statiques. Vois si mod_ssl est dans la liste, s'il n'y est pas, l'erreur s'explique.

  4. #4
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Alors voila la commande que j'ai utilisé pour compiler et installer apache :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
     
    ./configure --prefix=/usr/local/apache2 --enable-modules="ssl proxy headers" --with-ssl /usr/local/ssl
    make
    make install
    J'ai fais un httpd -l et le mod_ssl.c est bien présent

  5. #5
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Je ne vois pas d'où peut venir le problème Je trouve juste étrange que tu aies des lignes en double : SSLCertificateFile et SSLCertificateKeyFile par exemple. Essaie en ne mettant la conf SSL que dans ton VH.

  6. #6
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Essaie en ne mettant la conf SSL que dans ton VH.
    Non sa ne fonctionne pas même en supprimant les lignes en doubles.

    Sa a l'air de fonctionner sur une version d'apache plus récente la 2.2 mais le problème c'est que je n'ai pas la fonction OCSP d'activer

    Si quelqu'un aurait une méthode pour activer cette fonction dans un serveur apache 2.2 merci de me la proposer sinon je me rabaterai sur les crl

  7. #7
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Désolé de ne pas pouvoir t'aider davantage. En cherchant sur Google, je suis tombé sur ces pages : http://www.securityfocus.com/infocus/1818 et http://www.securityfocus.com/infocus/1820. Tu les connais ?

  8. #8
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    En cherchant sur Google, je suis tombé sur ces pages : http://www.securityfocus.com/infocus/1818 et http://www.securityfocus.com/infocus/1820. Tu les connais ?
    Non mais merci elles pourraient m'être utiles .

    Par contre je me suis dis que c'est peut être moi qui avait fais une mauvais manipulation lors de la compilation donc j'ai tenter de reconfigurer et recompiler apache et en effet lors de la compilation j'ai cette erreur :
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
     
    collect2 : ld returned 1 exit status
    make[1] : ***[httpd] Error 1
    make[1] : Leaving directory /home/apache
    make : ***[all-recursive] Error 1
    Je pense que tous mes problème peuvent venir de la mais je ne connais pas le moyen de résoudre cette erreur.
    Si quelqu'un pourrait m'aider

  9. #9
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    C'est bizarre si la compile marchait avant et plus maintenant. Tu as fait un make clean avant de recompiler ?

    Une différence que j'ai notée entre ce que tu as fait et le premier lien que j'ai donné c'est que dans ce dernier, Apache est compilé avec mod_setenvif.

  10. #10
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Effectivement je n'avais pas fais le make clean avant et avec je n'ai plus l'erreur...
    J'ai refais toutes les manip en suivant ton lien mais sa me met toujours la même erreur.
    Serait il possible que ce soit du au fait que j'utilise une trop vieille versions d'apache (2.0.54) sur une distribution plus récente (ubuntu server 8.04) ??? Car avec la version apache2.2 je n'ai aucun problème mais pas ce foutu client ocsp intégré ^^

  11. #11
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Y a pas mal de différences entre la 2.0 et la 2.2 d'Apache. Et si ça compile, je dirais que l'OS n'y est pour rien (d'autant plus que l'erreur semble être une erreur de syntaxe du fichier de conf)...

  12. #12
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Bon c'est de plus en plus bizarre ^^, j'ai fais quelques test et j'ai remarqué que lorsque je met la directive "SSLEngine on" en commentaire le serveur se lance bien De quoi cela peut il venir ???
    Et quand je le met a "off" pas de soucis non plus

  13. #13
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Aucune idée. Il manque des librairies à mod_ssl pour qu'il fonctionne correctement ?

  14. #14
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Voici le zip avec la version d'apache que j'ai utilisé si jamais tu as le temps et l'envie ^^ de regarder de plus près : http://eid.belgium.be/fr/binaries/eI...m146-10402.zip

    Merci d'essayer de m'aider ^^

  15. #15
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Tu fais comment pour installer ? Tu lances install.sh ou tu compiles et installes séparément chaque composant ? Si c'est la 2ème option, pourquoi ne pas utiliser install.sh ?

    Ce que je soupçonne c'est que ton ./configure pour Apache ne soit pas suffisant en terme de modules compilés et/ou que openssl ne soit pas installé (dans /usr/bin/openssl, je crois).

  16. #16
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    J'ai encore une petite question (qui n'a rien a voire ^^).

    Je dois utiliser plusieurs listes de révocations de certificats qui se trouve ici et j'aimerai pouvoir récupérer tous ces crl en une fois, j'essaye avec la commande wget mais je n'arrive a récupérer que l'index.html , quelqu'un pourrais m'aider ?

    Et que dois je mettre dans la config apache pour utiliser ces crl ? car il me semble que "SSLRevocationFile " ne s'utilise que pour un seul fichier .crl

    Merci pour votre aide

  17. #17
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Attention, http://crl.eid.belgium.be/ n'est pas un serveur FTP, c'est un serveur Web, donc c'est normal que wget http://crl.eid.belgium.be/ te renvoie le code HTML de ce que tu vois dans un navigateur sur cette URL. Il faut que tu parses le code HTML récupérer pour identifier les URL des différents .crl et les télécharger un par un. Ca doit être faisable en shell.

    SSLRevocationFile ou SSLCARevocationFile ? La dernière directive ne prend effectivement qu'un fichier en entrée mais tu peux utiliser SSLCARevocationPath à la place, qui pointe sur un répertoire contenant les certificats .crl des CA révoqués.

  18. #18
    Rédacteur
    Avatar de _Mac_
    Profil pro
    Inscrit en
    Août 2005
    Messages
    9 601
    Détails du profil
    Informations personnelles :
    Localisation : France

    Informations forums :
    Inscription : Août 2005
    Messages : 9 601
    Points : 12 977
    Points
    12 977
    Par défaut
    Intéressant : je viens de tomber sur cette page. J'ai exactement cette erreur en lançant install.sh. A mon avis, tu es dans le même cas que moi, OpenSSL ne fonctionne pas bien, bien qu'il compile. Il faut utiliser une version plus récente.

    EDIT : j'ai essayé avec la dernière version 0.9.8l et install.sh passe jusqu'au bout (il faut modifier une variable en haut de install.sh pour donner le nouveau nom pour OpenSSL) et comme ça, apachectl startssl passe

  19. #19
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Je te remercie beaucoup mac je testerai sa demain en espérant ne plus avoir de soucis ^^

  20. #20
    Membre à l'essai
    Homme Profil pro
    Développeur informatique
    Inscrit en
    Mars 2008
    Messages
    21
    Détails du profil
    Informations personnelles :
    Sexe : Homme
    Âge : 36
    Localisation : Belgique

    Informations professionnelles :
    Activité : Développeur informatique

    Informations forums :
    Inscription : Mars 2008
    Messages : 21
    Points : 10
    Points
    10
    Par défaut
    Merci mac ça fonctionne parfaitement avec cette version d'OpenSSL

+ Répondre à la discussion
Cette discussion est résolue.

Discussions similaires

  1. Instructions ROL et ROR
    Par bigbang dans le forum Assembleur
    Réponses: 13
    Dernier message: 01/03/2003, 03h06
  2. Passer de la zone d'édition vers une instruction sql
    Par tripper.dim dans le forum C++Builder
    Réponses: 2
    Dernier message: 27/11/2002, 15h44
  3. Instruction pour créer un fichier text ???
    Par Soulsurfer dans le forum Langage
    Réponses: 2
    Dernier message: 06/08/2002, 12h17
  4. [Crystal Report][VB6] instruction PrintReport
    Par yyyeeeaaahhh dans le forum SDK
    Réponses: 4
    Dernier message: 29/07/2002, 15h58
  5. [TASM] Problème concernant l'instruction LGDT
    Par Ninkosen dans le forum Assembleur
    Réponses: 3
    Dernier message: 15/07/2002, 20h09

Partager

Partager
  • Envoyer la discussion sur Viadeo
  • Envoyer la discussion sur Twitter
  • Envoyer la discussion sur Google
  • Envoyer la discussion sur Facebook
  • Envoyer la discussion sur Digg
  • Envoyer la discussion sur Delicious
  • Envoyer la discussion sur MySpace
  • Envoyer la discussion sur Yahoo