Apache 2.2.3 SSL ignores self-signed certificate

nshewmaker · 03-25-2007, 08:23 PM

I am trying to set up a simple Apache server with both standard and secure areas, using the default ports of 80 and 443. I am trying to apply a self-signed certificate, but can't seem to make Apache use it. Instead it defaults to the generic "localhost.localdomain" one.

I'm using a VirtualHost to attempt this.

Code:

NameVirtualHost *:443

<IfModule mod_ssl.c>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateKeyFile .cert/privkey.pem
    SSLCertificateFile .cert/mycert.cert
</VirtualHost>
</IfModule>

If I remove the vhost wrapper, my site gives me

Quote:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

To my understanding, this just means that I've enabled SSL exclusively. However, in this case the secure site does use mycert.cert.

Why is my cert not working on the vhost? I get no errors, and everything seems to be as expected, except for the certificate displayed.

[I can provide more configuration info if requested.]

bathory · 03-26-2007, 02:32 AM

You should put a ServerName inside your vhost, so that the server that is defined by ServerName is the secure one and can use your certificate.

nshewmaker · 03-26-2007, 08:10 PM

That didn't work. I tried 127.0.0.1, the static IP for this machine on my router, and the name registered at DynDNS for my ISP-provided IP#.

Again, everything starts okay, and I don't get any problems with the client. The problem must be with the certificate commands within the vhost. I can get the cert to work outside the vhost (same lines, vhost just commented-out), and within the vhost, I'm able to change the docroot (for example). I have tried both relative and full paths to the certificate.

The relevant (I hope) parts of my config file are

Code:

Listen 80
#Listen 443 https

ServerName mydomain.with.dyndns:80
UseCanonicalName Off

#NameVirtualHost *:80
#NameVirtualHost *:443
NameVirtualHost mydomain.with.dyndns:443

<IfModule mod_ssl.c>
#<VirtualHost *:443>
<VirtualHost mydomain.with.dyndns:443>
#    ServerName 192.168.x.x
    ServerName mydomain.with.dyndns
#    ServerName 127.0.0.1
#    DocumentRoot /var/www/html2
    SSLEngine on
    SSLCertificateKeyFile .cert/privkey.pem
    SSLCertificateFile .cert/mycert.cert
</VirtualHost>
</IfModule>

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so

nshewmaker · 03-27-2007, 06:18 PM

The problem was that the commands were being overridden by those in conf.d/ssl.conf. Making the changes there, instead of in httpd.conf, fixed my problem.