Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
the problem is right there in your error log. it says your server name your certificate does not match the server name on your computer...thus the error. When you configure it, the server names have to match otherwise it looks like there are shinanigans going on between the two compturs. When you configure your certificate, you must use the same name as your server...
Last edited by Matir; 02-08-2008 at 12:33 PM.
Reason: Removed commercial link.
in /etc/hosts you have a defined server name in there...also i think there is one is /etc/sysconfig/networking or something like that...when you are doing your ssl cert, all the names have to be the same...when you connect to the server, it sends a name...when your cert file is sent, it has a name...if these do not match the error occurs.
baldur
Last edited by Matir; 02-08-2008 at 12:32 PM.
Reason: Removed commercial link.
Ah ha, yes of course. However I added the IP address of my secure site (which is an IP alias) with the domain I used to register my certificate with.
Still getting the same error "12233", however now there is nothing in my SSL_error_log. Logging level is set to Debug.
Is there anything I need to do to reload /etc/hosts??
I thought it was named, but its not a running service.
I do "apachectl graceful" and restart my browser.
When I browse to the WAN IP (https://IP), I get a certificate, and I can view the certificate. But when I hit "ok" the page does not load, it just hangs. Here is the last few lines of the log file:
Code:
:
:
[Sat Feb 02 16:07:07 2008] [debug] ssl_engine_io.c(1662): | 01b0: e2 c9 87 cb 1c d3 59 32-f4 59 d8 f4 fe 89 4f 86 ......Y2.Y....O. | [Sat Feb 02 16:07:07 2008] [debug] ssl_engine_io.c(1668): +-------------------------------------------------------------------------+
[Sat Feb 02 16:07:07 2008] [info] Initial (No.1) HTTPS request received for child 0 (server SERVER.com:443) [Sat Feb 02 16:07:07 2008] [debug] ssl_engine_kernel.c(1745): OpenSSL: Write: SSL negotiation finished successfully [Sat Feb 02 16:07:07 2008] [info] Connection to child 0 closed with standard shutdown(server SERVER.com:443, client 75.74.16.196)
When I connect to https://domain.com. I do not get prompted for a certificate, and nothing happens.
Do you have a Directory entry for your DocumentRoot? For example:
Code:
<Directory "PATH/estore">
SSLRequireSSL
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
I'd also recommend using apachectl -k stop && apachectl -k start and checking the logs again in case anything strange happened with apachectl graceful (open connections aren't aborted and log files aren't closed immediately).
It depends. If you have an "upstream" directive that forbids access to that directory, then you need to explicitly allow it. If, for example, your default root level access is deny (as the Apache docs recommend) like the following, then you will need it:
Code:
<Directory />
Order Deny,Allow
Deny from All
</Directory>
Hey, Thanks for the reply.
Before I installed my SSL certs, and change the virtual host to 443, the directory was readable, and accesable via http. So i would have to believe there is no directive restricting it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.