HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Client Site With SSL Not Working (http://www.howtoforge.com/forums/showthread.php?t=52145)

John.Smith 3rd April 2011 09:37

Client Site With SSL Not Working
 
I am using ISPConfig Version: 2.2.38 on Fedora 14 x86_64. I log into the ISPConfig control panel as admin at https://server1.example.tld:81/. I click ISP Manager -> Sites Folder -> Site1 -> Basis Tab -> Check SSL -> Save. I am taken back to the ISP Manager home page. I must browse back to Site1 and then click on the SSL tab. I filled in the drop down box and the 5 text fields. I then select create certificate from the drop down box and click save. I am taken back to the ISP Manger home page and I must browse back to Site1, click on the SLL tab, then there are two textareas that are called SSL Request and SSL certificate and are filled in with information. I select save certificate from the drop down box and click save.

Now when I browse to http://www.site1.com/ everything works normal. When I browse to https://www.site1.com/ I get unable to connect page.

---
[root@pluto ~]# lynx https://www.site.com/

Looking up www.site1.com
Making HTTPS connection to www.site1.com
Alert!: Unable to connect to remote host.

lynx: Can't access startfile https://www.site1.com/
---

I have replaced my domains with example and site1 for this post.

Whenever I try to access Site1 using https there doesn't seem to be any errors generated in /var/log/httpd/error_log.

Can anyone please give me some suggestions as to why I can't access Site1 using SSL, or where to start looking?

falko 4th April 2011 12:25

What's the output of
Code:

netstat -tap
?

Quote:

I am taken back to the ISP Manger home page and I must browse back to Site1, click on the SLL tab, then there are two textareas that are called SSL Request and SSL certificate and are filled in with information. I select save certificate from the drop down box and click save.
BTW, you don't have to select "Save" again after the initial creation of the certificate. "Save" is needed only if you use the CSR to get an official certificate from a trusted CA. You would then paste the official cert into the form and select "Save". See http://www.howtoforge.com/faq/14_49_en.html

John.Smith 5th April 2011 03:01

netstat -tap
 
falko,

Thank you for the reply. Here is my netstat -tap.

Code:

[root@pluto ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address              Foreign Address            State      PID/Program name 
tcp        0      0 *:imap                      *:*                        LISTEN      1617/dovecot       
tcp        0      0 *:81                        *:*                        LISTEN      1827/ispconfig_http
tcp        0      0 pluto.site1.com:domain    *:*                        LISTEN      2150/named         
tcp        0      0 localhost.localdomai:domain *:*                        LISTEN      2150/named         
tcp        0      0 *:ssh                      *:*                        LISTEN      1452/sshd         
tcp        0      0 localhost.localdomain:ipp  *:*                        LISTEN      1236/cupsd         
tcp        0      0 *:smtp                      *:*                        LISTEN      32696/master       
tcp        0      0 localhost.localdomain:rndc  *:*                        LISTEN      2150/named         
tcp        0      0 *:imaps                    *:*                        LISTEN      1617/dovecot       
tcp        0      0 *:pop3s                    *:*                        LISTEN      1617/dovecot       
tcp        0      0 *:mysql                    *:*                        LISTEN      1591/mysqld       
tcp        0      0 *:pop3                      *:*                        LISTEN      1617/dovecot       
tcp        1      0 pluto.site1.com:35533    24.143.206.49:http          CLOSE_WAIT  2822/clock-applet 
tcp        0      0 pluto.site1.com:45791    gy-in-f102.1e100.net:http  TIME_WAIT  -                 
tcp        0      0 *:imap                      *:*                        LISTEN      1617/dovecot       
tcp        0      0 *:http                      *:*                        LISTEN      1967/httpd         
tcp        0      0 *:ftp                      *:*                        LISTEN      378/proftpd: (accep
tcp        0      0 *:ssh                      *:*                        LISTEN      1452/sshd         
tcp        0      0 pluto.site1.com:ipp      *:*                        LISTEN      1236/cupsd         
tcp        0      0 *:smtp                      *:*                        LISTEN      32696/master       
tcp        0      0 pluto.site1.com:rndc      *:*                        LISTEN      2150/named         
tcp        0      0 *:imaps                    *:*                        LISTEN      1617/dovecot       
tcp        0      0 *:pop3s                    *:*                        LISTEN      1617/dovecot       
tcp        0      0 *:pop3                      *:*                        LISTEN      1617/dovecot

It appears that it isn't listening for https? How do i configure or start that?

Thanks,
John

falko 5th April 2011 15:10

Can you post your /etc/httpd/conf/httpd.conf? What's the output of
Code:

ls -la /etc/httpd/conf/
?

John.Smith 5th April 2011 17:49

Code:

[root@pluto ~]# ls -la /etc/httpd/conf/
total 136
drwxr-xr-x. 3 root root  4096 Apr  5 02:28 .
drwxr-xr-x. 4 root root  4096 Apr  4 23:18 ..
-rw-r--r--  1 root root 35976 Apr  5 01:47 httpd.conf
-rw-r--r--  1 root root 35932 Mar 31 07:30 httpd.conf.31-03-11_07-30-18
-rw-r--r--  1 root root 34464 Mar 31 07:30 httpd.conf.orig
-rw-r--r--  1 root root 12958 Oct 27 06:05 magic
drwxr-xr-x  2 root root  4096 Apr  3 03:57 vhosts


falko 6th April 2011 14:02

What's in your /etc/httpd/conf/httpd.conf? Do you have
Code:

Listen 443
anywhere in your configuration?

John.Smith 6th April 2011 23:28

No, I don't have that line. I'm pretty certain you don't want me to paste the 1058 lines in that file. Do you? It conatins a line towards the end that reads

Code:

Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf
I looked in the /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf file , and all of my domains use port 80, except for the one that I setup to use SSL.

I put

Quote:

Listen 443
in the /etc/httpd/conf/httpd.conf file, and restarted everything. Now it gives me this error,

Code:

[root@pluto ~]# lynx https://www.site1.com/

Looking up www.site1.com
Making HTTPS connection to www.site1.com
Retrying connection without TLS.
Looking up www.site1.com
Making HTTPS connection to www.site1.com
Alert!: Unable to make secure connection to remote host.

lynx: Can't access startfile https://www.site1.com/

What next?

falko 7th April 2011 15:40

This link might help: http://webcache.googleusercontent.co...www.google.com

John.Smith 7th April 2011 21:25

I reversed my previous step, by removing the Listen 443 line back out of my /etc/httpd/conf/httpd.conf file. Then I typed yum install mod_ssl. Then restarted. Now I can access the site using https. Now I have a new problem. I am hosting 8 competitors web sites. Only site1 requires to be able to connect using https. Whenever anyone accesses the other 7 web sites using https, they are connected securely to site1. I visit https://www.site2.com/ and site1's web site displays. Since they are competitors, this is bad. When I access any of the sites using http then everything is fine.

What can I do now to fix the new problem?

falko 8th April 2011 14:39

You could set up a default SSL vhost that catches all connections that are not targeted at your SSL site.


All times are GMT +2. The time now is 07:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.