I am interested in running a secure IRC server (can't remember what it is called). What is the deamon I need to do that and where can I get it?

Also, Apache SSL came with keys when I installed RedHat 7.1. Were those generated then or do I need to regenerate them? It works just like a vritual host, right?

Thanks a bunch,
Falcon

As for Apache, if you haven't set your hostname correctly prior to installing it, yes, you have to regenerate a cert and more than likely you need to reinstall Apache.

>> It works just like a vritual host, right?

I don't see any relationship here. If you referred to the cert that should work with all virtual hosts, yes, IP-based vhosts only. Apache SSL or mod_ssl doesn't (will never) work with name-based vhosts.

I am pretty sure I set my hostname right on install. The internet worked on the first boot. I think the apache ServerName was set to localhost.localdomain though so I had to change it. As for my SSL question, isn't it set up as a virtual host that runs on the same system but at port 443? I looked at the config and thats what it looked like.

Thanks,
Falcon

>> isn't it set up as a virtual host that runs on the same system but at port 443?

yes.

>> I looked at the config and thats what it looked like

So what is your question now?

I want my SSL site to be the same as my normal site. Should I just copy the directory info into that part of the config? Are there any other directives that I need to copy?

Also, I ran a nessus scan on my box and it said that if GET /cgi-bin/view-source?/ (or something like that) it will reset my cisco router. I don't have a cisco router and I tried it and my system worked fine. Is Nessus just messed up or do I have a problem? :confused:

Forget the IRC server question, I don't want to run one.

Thanks,
Falcon

>> Should I just copy the directory info into that part of the config?

Not at all. You need to use the same docroot as your default docroot. Say your box hostname is called falcon.mydomain.com (not localdomain, falcon.mydomain.com must be nslookup'able by anyone), then define this globally:

Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
ServerAdmin webmaster@mydomain.com
ServerName falcon.mydomain.com
DocumentRoot "/www/htdocs"
UseCanonicalName Off

Then this:

NameVirtualHost *
# Make sure www.mydomain.com (http://www.mydomain.com) has an A record pointing to the same IP as falcon.mydomain.com
# You don't need to redefine anything above since they already defined globally
<VirtualHost *>
DocumentRoot "/www/htdocs"
ServerName www.mydomain.com (http://www.mydomain.com)
ServerAlias mydomain.com
</VirtualHost>
#next vhost would be:
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot "/www/htdocs"
ServerName www.mydomain.com (http://www.mydomain.com)
ErrorLog /var/log/apache/error_log
TransferLog /var/log/apache/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL
SSLCertificateFile /usr/local/etc/apache/certs/server.cert
SSLCertificateKeyFile /usr/local/etc/apache/certs/server.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
</IfDefine>

That is it. To start ssl, simply run /path/to/apachectl startssl. You can then go to http://www.mydomain.com/ and https://www.mydomain.com/