LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Can't get ssl to work with apache (https://www.linuxquestions.org/questions/linux-server-73/cant-get-ssl-to-work-with-apache-690826/)

murlopaz 12-15-2008 07:56 PM
Can't get ssl to work with apache
 
Hi everybody, i've been trying to get ssl to work on my box. I have all the certificates created signed by a CA. I restart apache and it asks me for the pass phrase, i type it in... everything works fine. When I use my browser to get to https://server.org, i get a can't connect message.
I have two virtual hosts.

the one i want ssl on has two 2 vh declarations one for port 80 the other one for port 443. Apache is listening to 443 in the main config file.

this is the vh include file

<VirtualHost *:443>
#SSLEnable
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

ServerName server.org
ServerAlias server2.org
# NOTE: This is the correct document root. This is what the clients want.
DocumentRoot /var/www/main

</VirtualHost>

<Virtualhost *:80>

ServerName server.org
ServerAlias server2.org
DocumentRoot /var/www/main
</VirtualHost>

[root@tobacco conf]# netstat -nalp | grep httpd
tcp 0 0 :::80 :::* LISTEN 29037/httpd
tcp 0 0 :::443 :::* LISTEN 29037/httpd


[root@tobacco conf]# /usr/bin/openssl s_client -connect localhost:443

/usr/bin/openssl s_client -connect localhost:443
CONNECTED(00000003)
depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
verify return:1
---
Certificate chain
0 s:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
i:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID9jCCA1+gAwIBAgIFANog+qQwDQYJKoZIhvcNAQEEBQAwgbExCzAJBgNVBAYT
AlVTMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQK
EwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMScwJQYDVQQDEx52cHMtdG1wbC1j
NC1jcGFuZWwuc2VydmludC5uZXQxMTAvBgkqhkiG9w0BCQEWInNzbEB2cHMtdG1w
bC1jNC1jcGFuZWwuc2VydmludC5uZXQwHhcNMDgwNjE3MTkzNTI1WhcNMDkwNjE3
MTkzNTI1WjCBsTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNV
BAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24x
JzAlBgNVBAMTHnZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDExMC8GCSqG
SIb3DQEJARYic3NsQHZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv8T8Vg/wlGU6kU6FTeYd9Sp70lIlCGtA
GZpAXm1sV6uKu+ClhZaxlQ7yrw2uteSfH4jAaElo7xdnpBjLn9NHSxuOUQ3NTL8d
ObVwhSM+qsAyv7NOcaH5z6lIo30bssHqzJuBiXrKINzx+9vDFSYTvXxdHn5v3g8Q
JDhmHb8VrD8CAwEAAaOCARYwggESMB0GA1UdDgQWBBQ3q1iFuefMGMuuV+OfGloa
YhKFADCB4gYDVR0jBIHaMIHXgBQ3q1iFuefMGMuuV+OfGloaYhKFAKGBt6SBtDCB
sTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25v
d24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xJzAlBgNVBAMT
HnZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDExMC8GCSqGSIb3DQEJARYi
c3NsQHZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldIIFANog+qQwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAftqZDmPIWbllhkI7dWUueUPvKh0Rk
KylD2Rc8RZlgQrFCJoMeetVtToRF8JsGBVJYgzim0RQkbPOjuyJeFUZMIrex2szB
DaVhWgBYpLySdlBWDanSuO4dybeEt35J2E+U4C6nSzCekEEUXlFwyzXNVnCwAjLa
bEGYyUMdAvs5+g==
-----END CERTIFICATE-----
subject=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
issuer=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
---
No client certificate CA names sent
---
SSL handshake has read 1582 bytes and written 331 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 7B5A36707B59E132110F20DA35082540861BCB8DBD02EAE2C286AB7279BE1747
Session-ID-ctx:
Master-Key: F5802B8E7BC1E0A4E176AE9B51191351A6CA9C968A3E2997C6A2BD173D67963EA0262298CE42AE0B3D51809616BBB553
Key-Arg : None
Krb5 Principal: None
Start Time: 1229392455
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---

[/CODE]

I was using a self signed certificate here, as you can see i am not getting the HTTP response.


Also seems like port 443 is opened.

any help is greatly appreciated

bathory 12-16-2008 04:51 PM
There are some things you might check:
1. Does server.org resolves to the ip of your ssl server?
2. What happens when you use locally https://localhost?
3. Is there a firewall in between that blocks port 443?
4. The new firefox 3.x gives a different kind of warning when you visit ssl sites with "untrusted" certificates. If you don't pay attention you might disable access to these sites permanently.


All times are GMT -5. The time now is 06:58 AM.