trying to proxy SSL requests to another port to hide port # in URL
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
trying to proxy SSL requests to another port to hide port # in URL
Hey all,
Got a toughie.
At least it is for me.
server:
LAMP - debian, apache2, mysql, php5
a bit info on my network:
There is a another service here that already uses port 443 already. It made my website time out, hence the move to another port. PLus, i dont want the 2 services sharing the port.
What I am trying to do is forward 443 requests to another port where the SSL service is running so I can hide my port number in the URL.
No. Just used mod_gnutls instead of mod_ssl for https, it supports Server Name Indication in SSL handshake, most browsers support it too, so you will get name-based virtual hosts with SSL
No. Just used mod_gnutls instead of mod_ssl for https, it supports Server Name Indication in SSL handshake, most browsers support it too, so you will get name-based virtual hosts with SSL
GnuTLS: Failed to Import Private Key - ASN1 parser: Error in DER parsing.
here is my conf file:
Code:
#Mod_GNUTLS currently enabled
GnuTLSEnable on
GnuTLSCertificateFile /etc/apache2/ssl.crt/mysite.crt
GnuTLSKeyFile /etc/apache2/ssl.key/mysite.key
GnuTLSPriorities NORMAL
I'm not understanding the issue. This is a cert that was bought from a service.
Hmm, I only use files in PEM format and have no such issues -- maybe you could try converting your key from DER to PEM format using the openssl commandline utility?
Hmm, but when OpenSSL /as well as/ GnuTLS have problems reading the file, there must be something broken in the file. So the same file actually DID work with mod_ssl? This is kind of surprising because mod_ssl uses OpenSSL, so OpenSSL should be capable of reading it....
Hmm, but when OpenSSL /as well as/ GnuTLS have problems reading the file, there must be something broken in the file. So the same file actually DID work with mod_ssl? This is kind of surprising because mod_ssl uses OpenSSL, so OpenSSL should be capable of reading it....
Thank you for all your help thus far.
Yea, I was thinking the same thing. mod_ssl worked fine, even on another port, I just simply can not show the port on the URL and can't use 443 because something already sits on it.
Hmm, but when OpenSSL /as well as/ GnuTLS have problems reading the file, there must be something broken in the file. So the same file actually DID work with mod_ssl? This is kind of surprising because mod_ssl uses OpenSSL, so OpenSSL should be capable of reading it....
Is it possible the cert i bought is the problem???, I figured they were standard for either mod.
Wait, now I remember I once had problems with a bought cert with a GnuTLS build of exim (mailserver) while the OpenSSL build worked perfectly. In the end, I found out the cert was encoded in some PKCS format (PKCS12? I'm not sure any more) and while OpenSSL auto-detected that, GnuTLS assumed plain DER and failed. Could be the same thing for your cert. If this is the case, just "unpack" the PKCS with the OpenSSL commandline to get a plain PEM format cert and key.
Wait, now I remember I once had problems with a bought cert with a GnuTLS build of exim (mailserver) while the OpenSSL build worked perfectly. In the end, I found out the cert was encoded in some PKCS format (PKCS12? I'm not sure any more) and while OpenSSL auto-detected that, GnuTLS assumed plain DER and failed. Could be the same thing for your cert. If this is the case, just "unpack" the PKCS with the OpenSSL commandline to get a plain PEM format cert and key.
Well, I was able to use OpenSSL to convert the crt file to a pem file, but I still got the same error that GnuTLS could not import the key file followed by '(-69) ASN1 parser: Error in DER parsing.'
I have received the same error in the past when a certificate file already exists that it is trying to create. Deleting the old one got rid of the error.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.