Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 12-23-2015, 11:00 AM   #1
LQ Newbie
Registered: May 2009
Posts: 4

Rep: Reputation: 0
SSL on Apache2 host with multiple Virtual Hosts...

I cannot connect to port 443 (https) on a server with multiple Virtual Hosts. Needless to say, I've spend hours googling, analyzing, experimenting before coming here. Below is a synopsis, can anyone please point out the obvious omission???

Basic problem:
No secure protocols supported*- if you get this message, but you know that the site supports SSL, wait until the cache expires on its own, then try again, making sure the hostname you enter uses the "www" prefix (e.g., "", not just "").


This is all quite maddening. I'm sure it's easy when you know how, but at present I do not know how. My logs show that it used to work (05/01/14) but following that log does not work now

I cannot get SSL to work on the URLs:

even though normal port 80 connections work just fine. These are all virtual hosts on an OpenSUSE 13.1 Apache server at

Firefox returns
An error occurred during a connection to SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
No secure protocols supported
We are not using a proxy server to my knowledge.

I have added the CA certificate to the browser(s) (Firefox, Chromium).

The site ( has eight virtual hosts:

All of them are set to listen *. I tried changing one to listen *:443, no change.

SNI is enabled by default on openSUSE.
yast2 defaults to identifying the virtual hosts by name, rather than IP:
Determine Request Server by HTTP Headers
although there is no explicit setting I can find in yast2 to specify settings for Named Based Virtual Hosts:
so it may have to be configured by hand... This option is configured in the configuration file
All the *NameVirtualHost* entries are commented out.
I uncommented
	Listen *:80
	Listen *:443
but no change.

Apache2 is configured by /etc/apache2/httpd.conf*and its "
"d subordinate xxx.conf files, in particular
This file claims
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
So I should not have to enter entries into each vhost module, although I tried changing one host from
listen *
listen *:443
and it didn't make any difference.
/etc/apache2/listen.conf contains
#NameVirtualHost *
Listen *:80
Listen *:443
I have enabled SSL in yast2 http-server by enabling the ssl module under yast2 http-server →Server Modules

The system is opensuse 13.1. The configurator (yast2 http-server) claims to overwrite any manual changes to the configuration file httpd.conf and its included files, including /etc/apache2/listen.conf and /etc/apache2/ssl-global.conf. However, yast2 http-server does not apparently have any way to set the document locations, so I do so manually in /etc/apache2/ssl-global.conf. I have placed verified and validated keys and certs in the right places, and edited the included /etc/apache2/ssl-global.conf to point to them correctly:
SSLCertificateFile /etc/apache2/ssl.crt/privustech.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/privustech.key
SSLCertificateChainFile /etc/apache2/ssl.crt/startssl_ca.pem
SSLCACertificatePath /etc/apache2/ssl.crt/
SSLCACertificateFile  /etc/apache2/ssl.crt/startssl_ca.pem
I have tried both self-signed and StartSSL-signed documents:
They all both verify (key-cert combination) and chain verify (key-cert-CA cert).
openssl verify ...
The server is happy with the configuration files
apachectl configtest
		Syntax OK
and happily restarts after any amendments to the .conf files.

All the readings I've done say to include:
SSLEngine On
But this switch does not appear in either /etc/apache2/httpd.conf or /etc/apache2/ssl-global.conf, not even commented out, so may be deprecated.

The key and certs reside in

I'm sure the answer is easy, but I haven't found it.

Thanks in advance, Andy
Old 12-25-2015, 12:56 PM   #2
Registered: Jan 2015
Posts: 35

Rep: Reputation: 4
Were you able to telnet to port 443 locally on the server?
telnet localhost 443 or telnet 443
If so, did you make sure the hostbases firewalls like iptables and network firewalls are allowed to talk to port 443?

If port 443 is not listening inside the hosts, what do you see in ssl_error.log file?
Old 12-28-2015, 06:46 AM   #3
Registered: Nov 2015
Posts: 104

Rep: Reputation: 38
Your server is listening to port 443. Can easily be tested by telnetting to port 443

> telnet 443
Connected to
Escape character is '^]'.
But https doesn't work, as you said. However http on port 443 DOES work.
> wget
--2015-12-28 12:38:49--
Resolving (
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 345 [text/html]
Saving to: index.html
You need to setup a separate Virtualhost for the domain in question and enable SSL in that Virtualhost.

Create a file like /etc/apache2/sites-available/www.privustech.com_ssl.conf and the contents need to look something like the following.
<VirtualHost *:443>

    SSLEngine On
    SSLCertificateFile      ssl/
    SSLCertificateKeyFile   ssl/
    SSLCertificateChainFile ssl/digicert.intermediates.crt
And then enable that virtualhost with something like
# a2ensite www.privustech.com_ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
apache2 reverse proxy setting up 2 virtual hosts + ssl Linux - Networking 0 06-14-2012 05:41 AM
How to set up multiple SSL sites for multiple IP based and name based Virtual Hosts. Rohit_4739 Linux - Server 11 02-28-2011 09:28 AM
NameVirtualHost *:80 has no virtual hosts apache2 hosting multiple sites without DNS tkmsr Linux - Server 9 06-21-2010 11:27 AM
Multiple SSL Virtual Hosts with Apache/mod_ssl/SNI ddenton Linux - Server 3 12-03-2008 03:20 AM
Apache2, SSL, 2 Virtual Hosts franticbob Linux - Software 0 04-07-2004 10:48 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:04 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration