LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-15-2008, 08:56 PM   #1
murlopaz
LQ Newbie
 
Registered: Dec 2008
Posts: 1

Rep: Reputation: 0
Can't get ssl to work with apache


Hi everybody, i've been trying to get ssl to work on my box. I have all the certificates created signed by a CA. I restart apache and it asks me for the pass phrase, i type it in... everything works fine. When I use my browser to get to https://server.org, i get a can't connect message.
I have two virtual hosts.

the one i want ssl on has two 2 vh declarations one for port 80 the other one for port 443. Apache is listening to 443 in the main config file.

this is the vh include file

<VirtualHost *:443>
#SSLEnable
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

ServerName server.org
ServerAlias server2.org
# NOTE: This is the correct document root. This is what the clients want.
DocumentRoot /var/www/main

</VirtualHost>

<Virtualhost *:80>

ServerName server.org
ServerAlias server2.org
DocumentRoot /var/www/main
</VirtualHost>

[root@tobacco conf]# netstat -nalp | grep httpd
tcp 0 0 :::80 :::* LISTEN 29037/httpd
tcp 0 0 :::443 :::* LISTEN 29037/httpd


[root@tobacco conf]# /usr/bin/openssl s_client -connect localhost:443

/usr/bin/openssl s_client -connect localhost:443
CONNECTED(00000003)
depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
verify return:1
---
Certificate chain
0 s:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
i:/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID9jCCA1+gAwIBAgIFANog+qQwDQYJKoZIhvcNAQEEBQAwgbExCzAJBgNVBAYT
AlVTMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQK
EwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMScwJQYDVQQDEx52cHMtdG1wbC1j
NC1jcGFuZWwuc2VydmludC5uZXQxMTAvBgkqhkiG9w0BCQEWInNzbEB2cHMtdG1w
bC1jNC1jcGFuZWwuc2VydmludC5uZXQwHhcNMDgwNjE3MTkzNTI1WhcNMDkwNjE3
MTkzNTI1WjCBsTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNV
BAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24x
JzAlBgNVBAMTHnZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDExMC8GCSqG
SIb3DQEJARYic3NsQHZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv8T8Vg/wlGU6kU6FTeYd9Sp70lIlCGtA
GZpAXm1sV6uKu+ClhZaxlQ7yrw2uteSfH4jAaElo7xdnpBjLn9NHSxuOUQ3NTL8d
ObVwhSM+qsAyv7NOcaH5z6lIo30bssHqzJuBiXrKINzx+9vDFSYTvXxdHn5v3g8Q
JDhmHb8VrD8CAwEAAaOCARYwggESMB0GA1UdDgQWBBQ3q1iFuefMGMuuV+OfGloa
YhKFADCB4gYDVR0jBIHaMIHXgBQ3q1iFuefMGMuuV+OfGloaYhKFAKGBt6SBtDCB
sTELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25v
d24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xJzAlBgNVBAMT
HnZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldDExMC8GCSqGSIb3DQEJARYi
c3NsQHZwcy10bXBsLWM0LWNwYW5lbC5zZXJ2aW50Lm5ldIIFANog+qQwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAftqZDmPIWbllhkI7dWUueUPvKh0Rk
KylD2Rc8RZlgQrFCJoMeetVtToRF8JsGBVJYgzim0RQkbPOjuyJeFUZMIrex2szB
DaVhWgBYpLySdlBWDanSuO4dybeEt35J2E+U4C6nSzCekEEUXlFwyzXNVnCwAjLa
bEGYyUMdAvs5+g==
-----END CERTIFICATE-----
subject=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
issuer=/C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=vps-tmpl-c4-cpanel.servint.net/emailAddress=ssl@vps-tmpl-c4-cpanel.servint.net
---
No client certificate CA names sent
---
SSL handshake has read 1582 bytes and written 331 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 7B5A36707B59E132110F20DA35082540861BCB8DBD02EAE2C286AB7279BE1747
Session-ID-ctx:
Master-Key: F5802B8E7BC1E0A4E176AE9B51191351A6CA9C968A3E2997C6A2BD173D67963EA0262298CE42AE0B3D51809616BBB553
Key-Arg : None
Krb5 Principal: None
Start Time: 1229392455
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---

[/CODE]

I was using a self signed certificate here, as you can see i am not getting the HTTP response.


Also seems like port 443 is opened.

any help is greatly appreciated
 
Old 12-16-2008, 05:51 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,319

Rep: Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701Reputation: 1701
There are some things you might check:
1. Does server.org resolves to the ip of your ssl server?
2. What happens when you use locally https://localhost?
3. Is there a firewall in between that blocks port 443?
4. The new firefox 3.x gives a different kind of warning when you visit ssl sites with "untrusted" certificates. If you don't pay attention you might disable access to these sites permanently.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Servers vs Apache SSL mlewis Linux - Networking 2 04-02-2008 11:13 AM
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 05:11 PM
apache and apache-ssl questions merana Debian 4 03-10-2005 11:10 AM
Totaly new to SSL via apache (i want https to work) bpk Linux - Newbie 2 06-14-2004 11:19 PM
Apache and SSL odius Linux - Networking 0 03-13-2003 03:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration