apache 1.3.27, https url returns error -12263 in Firefox, fatal error (40) in Opera

leo22838 · 04-04-2008, 01:51 PM

Hello all. This is my situation:

I've got apache 1.3.27 running on a RedHat 7.3 server. We have several virtual hosts for the same domain, one of which has ssl enabled. Another vhost was recently added, but this one is for a different domain from the others and needs to be running ssl. We purchased another ssl certificate (wildcard type, unlike the first; both are from different CA's) and, due to ssl not working with different domains for the same ip address, configured the vhosts so that https requests are served on port 81 for the recent vhost with different domain.

Here are my relevant httpd.conf file lines:

------------------------------------
<IfDefine HAVE_SSL>
Listen 80
Listen 81
Listen 443
</IfDefine>

ServerName www.domain1.com

NameVirtualHost 10.1.20.2

************
(the following lines are not in the httpd.conf file but on a Vhosts.conf file)

<VirtualHost 10.1.20.2>
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/vhosts/domain1.com/htdocs
ScriptAlias /cgi-bin/ "/var/www/vhosts/domain1.com/cgi-bin/"
ServerName domain1.com
ErrorLog /var/www/vhosts/domain1.com/data/logs/domain1.com-error_log
CustomLog /var/www/vhosts/domain1.com/data/logs/domain1.com-access_log common
</VirtualHost>

<VirtualHost 10.1.20.2>
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/vhosts/domain1.com/htdocs
ScriptAlias /cgi-bin/ "/var/www/vhosts/domain1.com/cgi-bin/"
ServerName www.domain1.com
ErrorLog /var/www/vhosts/domain1.com/data/logs/domain1.com-error_log
CustomLog /var/www/vhosts/domain1.com/data/logs/domain1.com-access_log common
</VirtualHost>

<VirtualHost 10.1.20.2>
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/vhosts/test.domain1.com/htdocs
ScriptAlias /cgi-bin/ "/var/www/vhosts/test.domain1.com/cgi-bin/"
ServerName test.domain1.com
ErrorLog /var/www/vhosts/test.domain1.com/data/logs/test.domain1.com-error_log
CustomLog /var/www/vhosts/test.domain1.com/data/logs/test.domain1.com-access_log common
</VirtualHost>

.
.
.

<VirtualHost 10.1.20.2>
ServerAdmin webmaster@domain2.com
DocumentRoot /path/to/domain2.com/htdocs
ScriptAlias /cgi-bin/ "/var/www/vhosts/domain2.com/cgi-bin/"
ServerName www.domain2.com
ErrorLog /var/www/vhosts/domain2.com/data/logs/domain2.com-error_log
CustomLog /var/www/vhosts/domain2.com/data/logs/domain2.com-access_log common
</VirtualHost>

*************

<IfDefine HAVE_SSL>
<VirtualHost 10.1.20.2:443>
ServerName domain1.com
DocumentRoot "/var/www/vhosts/domain1.com/htdocs"
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/intermediate.crt

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/vhosts/domain1.com/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

<VirtualHost 10.1.20.2:81>
ServerName www.domain2.com
DocumentRoot "/var/www/vhosts/domain2.com/htdocs"
ErrorLog logs/error_log
TransferLog logs/access_log

SSLEngine On

SSLCertificateFile /etc/httpd/conf/domain2-certs/dom2-server.crt
SSLCertificateKeyFile /etc/httpd/conf/domain2-certs/dom2-key.key
SSLCertificateChainFile /etc/httpd/conf/domain2-certs/dom2-intermediate.txt

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/vhosts/domain2.com/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

</IfDefine>

---------------------------------------------------

Domain1.com is working just fine, http and http requests. When trying to access http://www.domain1.com, the index.htm page loads fine, but when trying to access https://www.domain2.com:81, Firefox displays an alert that says "www.domain2.com has sent an incorrect or unexpected message. Error Code: -12263", Opera displays a page with the lines "Error! Could not connect to remote server... Secure connection: fatal error (40).

I ran the "openssl s_client -connect localhost:81 -state -debug" command, showed me the numerous ssl handshake lines, then when I typed "GET" it did show the code of my index.htm file.

I've been struggling with this issue for around two weeks now and have been unable to solve it

. Any help will be greatly appreciated.

Thanks,

Leonel