SSL related problems
 

I am having trouble accessing my server in https mode,
I can access it fine via http, but not in secure mode.
I have configured a public (CA) Certificate and I believe it is correct because apache2 asks for the passphrase and I can go into secure mode if I use the servers name. I get the following messages when restarting apache. The messages are followed by the apahce2 Vhosts_ispconfig.conf file. Any help would be much appreciated. I am way behind on this project.

Messages when restarting apache2

amgsrv1:/etc/apache2/vhosts # /etc/init.d/apache2 restart
[Wed Dec 28 15:58:05 2005] [warn] VirtualHost 192.168.3.170:443 overlaps with VirtualHost 192.168.3.170:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Dec 28 15:58:05 2005] [warn] NameVirtualHost 192.168.3.170:80 has no VirtualHosts
Syntax OK
Shutting down httpd2 (waiting for all children to terminate) done

Starting httpd2 (prefork) [Wed Dec 28 15:58:16 2005] [warn] VirtualHost 192.168.3.170:443 overlaps with VirtualHost 192.168.3.170:443, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Dec 28 15:58:16 2005] [warn] NameVirtualHost 192.168.3.170:80 has no VirtualHosts
Apache/2.0.54 mod_ssl/2.0.54 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server www.amg01.info:443 (RSA)
Enter pass phrase:
done

/etc/aphache2/vhosts/Vhosts_ispconfig.conf file

###################################
#
# ISPConfig vHost Configuration File
# Version 1.0
#
###################################
#
#NameVirtualHost 192.168.3.170:80
#<VirtualHost 192.168.3.170:80>
# ServerName localhost
# ServerAdmin root@localhost
# DocumentRoot /var/www/sharedip
#</VirtualHost>
#
#
######################################
# Vhost: www.amg01.info:80
######################################
#
#
NameVirtualHost 192.168.3.170:80
<VirtualHost 192.168.3.170:80>
#<VirtualHost www.amg01.info:80>
ServerName www.amg01.info:80
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias 192.168.3.170
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
</VirtualHost>
#
<IfModule mod_ssl.c>
<VirtualHost 192.168.3.170:443>
#<VirtualHost www.amg01.info:443>
ServerName www.amg01.info:443
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias 192.168.3.170
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
SSLEngine on
SSLCertificateFile /var/www/web1/ssl/www.amg01.info.crt
SSLCertificateKeyFile /var/www/web1/ssl/www.amg01.info.key
SSLCertificateChainFile /var/www/web1/ssl/sf_issuing.crt
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
#

Is /etc/aphache2/vhosts/Vhosts_ispconfig.conf included maybe more than once in your Apache configuration file?

Thank you. I could swear I checked that twice.
That fixed error messages, but I still cannot get to the https side of the site. It looks like it times out and basically gives a cannot find page error.

Have you tried firefox to access the SSL site, it gives better error messages then IE.

Till thanks for looking at this. Firefox returns a time out message. I think the problem is somehow related to the fact that the machine is named amgsrv1.anthem-group.com. It is on a local domain named anthem-group.com. I have defined www.amg01.info as a virtual host and send both http and https requests from the fire wall to the IP & port defined for the virtual server which is named www.amg01,info. This is the same as the machines IP address. I can reach the machine using https:amgsrv1.anthem-group.com, but the certifcate indicates that the domain name in the certificate was not matched.
I just happed to think, what would happen if I used a different IP address to define the virtual host? I will try that, in the meantime I hope I have provided enough info to help solve my problem.

No Luck I still cannot access https://www.amg01.info even though apache apparently "sees" the certificates because it requires me to enter one before apache will boot.
Happy new year to all.

Still no luck getting the SSL to work.:confused:

What's the exact error message now? What's in the logs?

Well, in my haste to find a solution I screwed things up so bad I had to reinstall everything to make sure I brought everything back to where it was before my screw up. I was hoping that by reinstalling my problem would miraculously go away, so much for miracles. I guess the good news is I am right back where I started. The bad news is I still have the problem. I can access my site by a domain name using http, but the browser times out when trying to access the site via https.

Along this tortuous reinstallation road I learned a couple of things about Ispconfig. First is, if you modify/add any PHP settings in the /etc/apache2/vhosts/Vhosts_ispconfig.conf file and then change the site via Ispconfig you lose those PHP settings. I do not know how to make these changes in Ispconfig, so I must edit the file directly. The second is, do not make any mistakes when creating a web site using Ispconfig. If you do make a mistake and try again Ispconfig adds one to the web site and by the time you create a “good” site it is web3 or web4. I am not sure if the implicit save is a good thing for my bad typing. :) Also, is there a problem if I use the newest version of phpMyAdmin? I noticed that the current version is several versions ahead of the one I have been using.

I have added the public SSL certificate and when I reboot apache2 it asks for the passphrase, when entered apache2 starts OK, so it looks like apache2 knows there is a valid SSL certificate.

These are my current settings for the /etc/apache2/vhosts/Vhosts_ispconfig.conf file, followed by my host and domain settings. – Falko which log files?

###################################
#
# ISPConfig vHost Configuration File
# Version 1.0
#
###################################
#
#NameVirtualHost 192.168.3.170:80
#<VirtualHost 192.168.3.170:80>
# ServerName localhost
# ServerAdmin root@localhost
# DocumentRoot /var/www/sharedip
#</VirtualHost>
#
#
######################################
# Vhost: www.amg01.info:80
######################################
#
#
<VirtualHost 192.168.3.170:80>
ServerName www.amg01.info:80
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias amg01.info
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
</VirtualHost>
#
<IfModule mod_ssl.c>
<VirtualHost 192.168.3.170:443>
ServerName www.amg01.info:443
ServerAdmin webmaster@amg01.info
DocumentRoot /var/www/web1/web
ServerAlias amg01.info
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
php_admin_value open_base_dir /var/www/web1/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /var/www/web1/phptmp/
php_admin_value session.save_path /var/www/web1/phptmp/
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
SSLEngine on
SSLCertificateFile /var/www/web1/ssl/www.amg01.info.crt
SSLCertificateKeyFile /var/www/web1/ssl/www.amg01.info.key
SSLCertificateChainFile /var/www/web1/ssl/sf_issuing.crt
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
#
#
==============================================
amgsrv1:/etc/apache2/vhosts # hostname
amgsrv1
amgsrv1:/etc/apache2/vhosts # hostname -d
anthem-group.com

This is a copy of the top lines of IE error I get when I try to access the site using https://www.amg01.info.

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

Did you use any of the howtos provided at howtoforge to setup your server for ISPConfig?

Simply put you additional directives in the Apache directives field of the website.

Whats the problem with that? Websites are referenced in ISPConfig by the domain, the web ID's are only for internal use in ISPConfig.


You can use any version you want. But make sure you configure it correctly. Have a look in the config file that ISPConfig uses for PHPMyAdmin.

I guess you dont added the certificate with ISPCOnfig, beacuse ISPConfig makes sure the the certificates dont ask for the password when you restart apache. If you setup an SSL certificate manually you have to select "n" in steps 6 and 7 of the openSSL certificate setup.

On the "Basis" tab of a web site in ISPConfig, there's the field "Apache Directives" where you can put your additional directives.


What error message do you get when you use Firefox instead of IE?