HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SSL Issue - Unable to connect to any site (http://www.howtoforge.com/forums/showthread.php?t=12911)

Menzor 24th May 2007 16:53

SSL Issue - Unable to connect to any site
 
Hello,

The issue I am experieancing is that i can not get to any ssl pages on any site, although ISPConfig works correctly using https://. The error that appears in FireFox is
Unable to Connect Firefox can't establish a connection to the server at www.mywebsite.com

I am a new ISPConfig user.

I followed the install procedures outlined in
http://www.howtoforge.com/installing..._fedora_core_6

The install went very smooth with out issue. I could be wrong, but i believe during the restart of appache in the instructions, i was asked all the questions for an SSL key.

I then went on to work through the site and set some configurations using ISPConfig through https:// connection with out any issue.

I restarted my server, I only have SSH access to the box, and discovered that it was not restarting. I called the data center and discovered that apache was waiting for a pass phrase. As no one can see this prompt, the data center had to enter the password in.

I then decrypted and chmoded the key so that apache would no longer ask for the pass phrase.

At this point i then decided to test and see if i could view an SSL page. I could not, upto this point i had not checked. Which seemed odd because ISPConfig was running ssl and was working fine.

I then looked through the forums here and discovered that i should have created my key in ISPConfig. So i tried creating a key in ISPConfig.

Still no ssl access.

tried
openssl genrsa -des3 -passout pass:menzor -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

tried looking to see if SSL is running
use command netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:etlservicemgr *:* LISTEN 3668/perl
tcp 0 0 *:mysql *:* LISTEN 2684/mysqld
tcp 0 0 *:781 *:* LISTEN 2295/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 2270/portmap
tcp 0 0 *:hosts2-ns *:* LISTEN 9533/ispconfig_http
tcp 0 0 209.51.199.46:domain *:* LISTEN 10017/named
tcp 0 0 209.51.199.45:domain *:* LISTEN 10017/named
tcp 0 0 209.51.199.44:domain *:* LISTEN 10017/named
tcp 0 0 www.seconddomain.com:domain *:* LISTEN 10017/named
tcp 0 0 server1.firstdomain.c:domain *:* LISTEN 10017/named
tcp 0 0 localhost:domain *:* LISTEN 10017/named
tcp 0 0 localhost:ipp *:* LISTEN 2545/cupsd
tcp 0 0 localhost:rndc *:* LISTEN 10017/named
tcp 0 0 *:smtp *:* LISTEN 9742/master
tcp 0 0 *:imaps *:* LISTEN 2713/dovecot
tcp 0 0 *:pop3s *:* LISTEN 2713/dovecot
tcp 0 0 *:pop3 *:* LISTEN 2713/dovecot
tcp 0 0 *:imap *:* LISTEN 2713/dovecot
tcp 0 0 *:http *:* LISTEN 9668/httpd
tcp 0 0 *:ftp *:* LISTEN 10038/proftpd: (acc
tcp 0 0 *:ssh *:* LISTEN 2563/sshd
tcp 0 0 server1.firstdomain.com:ipp *:* LISTEN 2545/cupsd
tcp 0 0 server1.firstdomain.com:rndc *:* LISTEN 10017/named
tcp 0 1036 server1.firstdomain.com:ssh S01060013465e3aba.wp.:59903 ESTABLISHED 8403/0

I don't see anything SSL listening to port 443
Try restarting apache with ssl
apachectl -D SSL -k start
Already running

Apache error log from /var/log/httpd/error_log
[Thu May 24 01:52:53 2007] [error] an unknown filter was not added: PHP
[Thu May 24 01:52:53 2007] [error] an unknown filter was not added: PHP
[Thu May 24 07:30:28 2007] [error] an unknown filter was not added: PHP
[Thu May 24 07:30:28 2007] [error] an unknown filter was not added: PHP
[Thu May 24 08:50:23 2007] [notice] caught SIGTERM, shutting down
[Thu May 24 08:50:23 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin
/suexec)
[Thu May 24 08:50:23 2007] [notice] Digest: generating secret for digest authent
ication ...
[Thu May 24 08:50:23 2007] [notice] Digest: done
[Thu May 24 08:50:23 2007] [notice] Apache/2.2.4 (Unix) DAV/2 PHP/5.1.6 configur
ed -- resuming normal operations
[Thu May 24 09:21:15 2007] [notice] caught SIGTERM, shutting down
[Thu May 24 09:21:15 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin
/suexec)
[Thu May 24 09:21:15 2007] [notice] Digest: generating secret for digest authent
ication ...
[Thu May 24 09:21:15 2007] [notice] Digest: done
[Thu May 24 09:21:15 2007] [notice] Apache/2.2.4 (Unix) DAV/2 PHP/5.1.6 configur
ed -- resuming normal operations

Any help is appreciated

Thank you

till 25th May 2007 14:12

You mix up the ssl setup for the controlpanel webserver and the webserver for your websites. You must create a SSL certificate for the website in ISPConfig by enabling SSL in the site settings, hit save, then go to the SSL tab of the site and reate a certificate.

Menzor 25th May 2007 16:13

Thank you for the reply

Steps taken

1. As site had ssl enabled, uncheck SSL box on control panel..save
2. Re-check SSL Box on control panel...save
3. Goto SSL Tab in control panel, select action, create certificate (although I notice that all the fields country, province .....are filled in already including both the SSL Request, and the SSL Certificate:) ...save

Result:
try to browse to https://
Firefox: Unable to connect: Firefox can't establish a connection to the server

Restart Apache
Firefox: Unable to connect: Firefox can't establish a connection to the server

Restart ISPConfig
/etc/init.d/ispconfig_server restShutting down ISPConfig system...
/root/ispconfig/httpd/bin/apachectl stop: httpd stopped
ISPConfig system stopped!
Starting ISPConfig system...
/root/ispconfig/httpd/bin/apachectl startssl: httpd started
ISPConfig system is now up and running!

try to browse to https://
Firefox: Unable to connect: Firefox can't establish a connection to the server

I am not sure but from the netstat i posted does it look like SSL is running? I know everything else says it is. Not sure.

till 26th May 2007 15:34

You apache server seems not to listen on the https port. Please reconfigure the apache webserver as described in the perfects etup guide for your linux distribution.

Menzor 27th May 2007 04:03

Solved
 
I figured it out after trying for hours, turns out the solution is really simple.

If installing on a Fedora core bare bones install (the way i recieved it from the data center) make sure mod_ssl is installed!

Thank you all for helping!

Great app by the way!


All times are GMT +2. The time now is 09:12.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.