Cant Get SSL working on Ubuntu Server 8.04

kustomjs · 05-23-2008, 11:58 PM

Hi Guys
I cant get my ssl to work and I cant even get my https working what do I need to do? here is my server info:

Server Host: XXXXXXconnection (XXX.XXX.X.X) Database Host: localhost (127.0.0.1)
Server OS: Linux 2.6.24-16-server Database: MySQL 5.0.51a-3ubuntu5
Server Date: 05/22/2008 21:21:16 Datebase Date: 05/22/2008 21:21:16
Server Up Time: 21:21:16 up 4:58, 1 user, load average: 0.00, 0.00, 0.00
HTTP Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.1 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
PHP Version: 5.2.4-2ubuntu5.1 (Zend: 2.2.0)

kustomjs · 05-24-2008, 02:26 PM

~~~bump~~~

harsshal · 05-26-2008, 05:42 AM

try disabling firewall or setting SSL as trusted in firewall.
you can do this at

System->firewall tab

kustomjs · 07-13-2008, 10:14 PM

well having the problem and yes I enabled it in my router but this is the error i get from firefox.

Secure Connection Failed
An error occurred during a connection to cbcperformance.net.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

and i have 2 sites running on the same server.
sites i am running is:
jbodyconnection.com
cbcperformance.net

Wim Sturkenboom · 07-14-2008, 12:50 AM

If http://cbcperformance.net/ is indeed your site (some oscommerce stuff), I get the following error when accessing it over https:

Code:

cbcperformance.net has sent an incorrect or unexpected message. Error code -12263

I tested this on my own http site (using https instead of http) and get the same error.

It basically means that you haven't setup ssl for the sites. You can check the apache error logs and you will probably see something like

Code:

[Mon Jul 14 07:18:10 2008] [error] [client 172.18.32.2] Invalid method in request \x16\x03\x01

I don't use Ubuntu for servers so can not really advise. On Slackware 12, there are two config files for virtual hosts, one for normal sites (http) and one for secure sites (https).

Your https site (virtualhost) should look like this:

Code:

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

#SSLSessionCache         dbm:/var/run/httpd/ssl_scache
SSLSessionCache        shmcb:/var/run/httpd/ssl_scache(512000)
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/httpd/ssl_mutex

# command centre incident logging virtual host
<VirtualHost 172.18.32.234:443>

DocumentRoot "/home/cc/www/ils/web"
ServerName cc.btd-techweb02:443
ServerAdmin a@bc.c
ErrorLog /var/log/httpd/error_log.cc
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/webcertificates/cc_btd-techweb02.crt
SSLCertificateKeyFile /etc/httpd/webcertificates/btd-techweb02.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/httpd/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    <Directory "/home/cc/www/ils/web">
        Order allow,deny
        Allow from all
    </Directory>

</VirtualHost>
# tacroom scheduler and  incident logging virtual host
<VirtualHost 172.18.32.235:443>
...
...
...
</VirtualHost>

The italic part is generic and the bold section is per site. You need to have certificates in place for both sites and both sites need to have their own ip-address.

PS I've visited both sites and they look the same which might be another problem that you have.