Can't get ssl to work with apache
Hi everybody, i've been trying to get ssl to work on my box. I have all the certificates created signed by a CA. I restart apache and it asks me for the pass phrase, i type it in... everything works fine. When I use my browser to get to https://server.org, i get a can't connect message.
I have two virtual hosts. the one i want ssl on has two 2 vh declarations one for port 80 the other one for port 443. Apache is listening to 443 in the main config file. this is the vh include file <VirtualHost *:443> #SSLEnable SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key ServerName server.org ServerAlias server2.org # NOTE: This is the correct document root. This is what the clients want. DocumentRoot /var/www/main </VirtualHost> <Virtualhost *:80> ServerName server.org ServerAlias server2.org DocumentRoot /var/www/main </VirtualHost> [root@tobacco conf]# netstat -nalp | grep httpd tcp 0 0 :::80 :::* LISTEN 29037/httpd tcp 0 0 :::443 :::* LISTEN 29037/httpd [root@tobacco conf]# /usr/bin/openssl s_client -connect localhost:443 /usr/bin/openssl s_client -connect localhost:443 CONNECTED(00000003) depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net verify error:num=18:self signed certificate verify return:1 depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net verify return:1 --- Certificate chain 0 s:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net i:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net --- Server certificate -----BEGIN CERTIFICATE----- MIID9jCCA1+gAwIBAgIFANog+qQwDQYJKoZIhvcNAQEEBQAwgbExCzAJBgNVBAYT AlVTMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQK EwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMScwJQYDVQQDEx52cHMtdG1wbC1j NC1jcGFuZWwuc2VydmludC5uZXQxMTAvBgkqhkiG9w0BCQEWInNzbEB2cHMtdG1w bC1jNC1jcGFuZWwuc2VydmludC5uZXQwHhcNMDgwNjE3MTkzNTI1WhcNMDkwNjE3 MTkzNTI1WjCBsTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNV BAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24x JzAlBgNVBAMTHnZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDExMC8GCSqG SIb3DQEJARYic3NsQHZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv8T8Vg/wlGU6kU6FTeYd9Sp70lIlCGtA GZpAXm1sV6uKu+ClhZaxlQ7yrw2uteSfH4jAaElo7xdnpBjLn9NHSxuOUQ3NTL8d ObVwhSM+qsAyv7NOcaH5z6lIo30bssHqzJuBiXrKINzx+9vDFSYTvXxdHn5v3g8Q JDhmHb8VrD8CAwEAAaOCARYwggESMB0GA1UdDgQWBBQ3q1iFuefMGMuuV+OfGloa YhKFADCB4gYDVR0jBIHaMIHXgBQ3q1iFuefMGMuuV+OfGloaYhKFAKGBt6SBtDCB sTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25v d24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xJzAlBgNVBAMT HnZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDExMC8GCSqGSIb3DQEJARYi c3NsQHZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldIIFANog+qQwDAYDVR0T BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAftqZDmPIWbllhkI7dWUueUPvKh0Rk KylD2Rc8RZlgQrFCJoMeetVtToRF8JsGBVJYgzim0RQkbPOjuyJeFUZMIrex2szB DaVhWgBYpLySdlBWDanSuO4dybeEt35J2E+U4C6nSzCekEEUXlFwyzXNVnCwAjLa bEGYyUMdAvs5+g== -----END CERTIFICATE----- subject=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net issuer=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net --- No client certificate CA names sent --- SSL handshake has read 1582 bytes and written 331 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 7B5A36707B59E132110F20DA35082540861BCB8DBD02EAE2C286AB7279BE1747 Session-ID-ctx: Master-Key: F5802B8E7BC1E0A4E176AE9B51191351A6CA9C968A3E2997C6A2BD173D67963EA0262298CE42AE0B3D51809616BBB553 Key-Arg : None Krb5 Principal: None Start Time: 1229392455 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- [/CODE] I was using a self signed certificate here, as you can see i am not getting the HTTP response. Also seems like port 443 is opened. any help is greatly appreciated |
There are some things you might check:
1. Does server.org resolves to the ip of your ssl server? 2. What happens when you use locally https://localhost? 3. Is there a firewall in between that blocks port 443? 4. The new firefox 3.x gives a different kind of warning when you visit ssl sites with "untrusted" certificates. If you don't pay attention you might disable access to these sites permanently. |
All times are GMT -5. The time now is 06:58 AM. |