Solved: Apache SSL virtual host says "\x16\x03\x01"

When setting up a second SSL Apache virtual host, you may be frustrated when your browser can't connect and tells you something like

Safari can't establish a secure connection to the server "servername"

In your ssl_request_log you see baffling entries like this:

"\x16\x03\x01" 240
"\x16\x03" 240

This is because you have forgotten to enable SSL for your virtual host with the following:

SSLEngine on

You'll probably need some other SSL-based directives in there, too.



Solved: pubcookie access to file failed, reason: verification of user id '<null>' not configured

You've spent hours getting your encryption keys in order. You've successfully got a granting key and a crypt key from your pubcookie server. Your Apache ssl.conf is finely honed and your external SSL tests are flawless.

Yet your users can't log in. They're not being redirected to the central login server. Instead, they see messages like

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

And in your ssl_access.log you're just seeing 401 after 401.

In your ssl_error.log you see

access to [file] failed, reason: verification of user id '<null>' not configured

You can curse. You can jump up and down. You can throw things on the floor. But what's really going to help you is this tidbit of knowledge:

Something is overriding your PubcookieAuthTypeNames directive.

What is happening is that when your .htaccess file is read, the AuthType directive there doesn't match anything in your mod_pubcookie.conf file because your directive got overridden by another line somewhere, probably something like

PubcookieAuthTypeNames WebISO

Fix that error, restart Apache, and go have a nice lie-down somewhere.


Darwin Streaming Server RPM for RHEL6

I wanted to run Darwin Streaming Server on Red Hat Enterprise Linux 6.

I made binary RPMs for 64-bit RHEL6 using these instructions. My changes:

  • fixed the symlink at /var/dss/modules to point to the correct directory
  • worked around the fact that DarwinStreamingServer -x does not exit when run
  • changed config path so that login to the Web Admin is possible

To install on RHEL6 (or CentOS 6, I presume):

yum install perl-Net-SSLeay
rpm -Uh DarwinStreamingServer-6.0.3-4.x86_64.rpm
qtpasswd -c -p yourpassword yourusername

You'll need to open firewall ports:

iptables -A INPUT --protocol tcp --destination $ip --dport 554 -m state --state NEW -j ACCEPT
# Cheesy perl-based web GUI started by /usr/sbin/
iptables -A INPUT --protocol tcp --destination $ip --dport 1220 -m state --state NEW -j ACCEPT
iptables -A INPUT --protocol udp --destination $ip --dport 6970:6989 -m state --state NEW -j ACCEPT
iptables -A INPUT --protocol tcp --destination $ip --dport 7070 -m state --state NEW -j ACCEPT

You can get to the web admin screen at

Also, Apple seems to be moving toward HTTP Live Streaming and away from Darwin Streaming Server.


EnGenius ECB9500 firmware 2.3.3 enables SNMP monitoring

I've been using the EnGenius ECB9500 wireless access point quite a bit. It has a lot going for it: small in size, power-over-ethernet, low cost.

One thing that has been a thorn in my side is that up til now, SNMP monitoring has been difficult because the built-in firewall rejects packets that are not from the same subnet that the IP of the WAP is on. Naturally my monitoring lives in the server room which is on a different subnet.

The firmware changelog notes that this was fixed in 2.3.0:

Add SNMP management IP. (If IP is set to, will allow any IP to access DUT via SNMP; otherwise only allow the specific IP to access DUT.)





Subscribe to SysArchitects RSS