LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-25-2007, 08:23 PM   #1
nshewmaker
LQ Newbie
 
Registered: Jul 2006
Distribution: Ubuntu
Posts: 9

Rep: Reputation: 0
Question Apache 2.2.3 SSL ignores self-signed certificate


I am trying to set up a simple Apache server with both standard and secure areas, using the default ports of 80 and 443. I am trying to apply a self-signed certificate, but can't seem to make Apache use it. Instead it defaults to the generic "localhost.localdomain" one.

I'm using a VirtualHost to attempt this.
Code:
NameVirtualHost *:443

<IfModule mod_ssl.c>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateKeyFile .cert/privkey.pem
    SSLCertificateFile .cert/mycert.cert
</VirtualHost>
</IfModule>
If I remove the vhost wrapper, my site gives me
Quote:
Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
To my understanding, this just means that I've enabled SSL exclusively. However, in this case the secure site does use mycert.cert.

Why is my cert not working on the vhost? I get no errors, and everything seems to be as expected, except for the certificate displayed.

[I can provide more configuration info if requested.]
 
Old 03-26-2007, 02:32 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,895

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
You should put a ServerName inside your vhost, so that the server that is defined by ServerName is the secure one and can use your certificate.
 
Old 03-26-2007, 08:10 PM   #3
nshewmaker
LQ Newbie
 
Registered: Jul 2006
Distribution: Ubuntu
Posts: 9

Original Poster
Rep: Reputation: 0
That didn't work. I tried 127.0.0.1, the static IP for this machine on my router, and the name registered at DynDNS for my ISP-provided IP#.

Again, everything starts okay, and I don't get any problems with the client. The problem must be with the certificate commands within the vhost. I can get the cert to work outside the vhost (same lines, vhost just commented-out), and within the vhost, I'm able to change the docroot (for example). I have tried both relative and full paths to the certificate.

The relevant (I hope) parts of my config file are
Code:
Listen 80
#Listen 443 https

ServerName mydomain.with.dyndns:80
UseCanonicalName Off

#NameVirtualHost *:80
#NameVirtualHost *:443
NameVirtualHost mydomain.with.dyndns:443

<IfModule mod_ssl.c>
#<VirtualHost *:443>
<VirtualHost mydomain.with.dyndns:443>
#    ServerName 192.168.x.x
    ServerName mydomain.with.dyndns
#    ServerName 127.0.0.1
#    DocumentRoot /var/www/html2
    SSLEngine on
    SSLCertificateKeyFile .cert/privkey.pem
    SSLCertificateFile .cert/mycert.cert
</VirtualHost>
</IfModule>

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so

Last edited by nshewmaker; 03-27-2007 at 03:47 PM.
 
Old 03-27-2007, 06:18 PM   #4
nshewmaker
LQ Newbie
 
Registered: Jul 2006
Distribution: Ubuntu
Posts: 9

Original Poster
Rep: Reputation: 0
Lightbulb solved

The problem was that the commands were being overridden by those in conf.d/ssl.conf. Making the changes there, instead of in httpd.conf, fixed my problem.
 
  


Reply

Tags
apache, certificate, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem Creating Apache SSL Certificate kaplan71 Linux - Software 0 12-27-2005 12:52 PM
apache-ssl certificate no good ocularbob Linux - Software 2 09-30-2003 04:37 PM
How to create new SSL certificate for apache ?? chuck77 Linux - General 7 05-15-2003 01:16 PM
How do I create a self signed SSL certificate? mongoose Linux - Software 2 04-15-2003 06:46 PM
2 certificate ssl in 1 server apache simquest Linux - Software 2 07-24-2002 11:47 AM


All times are GMT -5. The time now is 03:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration