#31  
Old 20th January 2006, 21:16
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

After following all the directions, I believe I have the SSL certificate installed properly. I cannot access the site via https://www.amg01.info/, but I can access the site via https://192.168.6.179/ which is the internal IP address. It goes into secure mode and the security alert window indicates it is a good certificate and the date is good, but the name is not correct which is what you would expect. I think this means I have the certificate loaded OK through ISPConfig. Unfortunately since I still cannot access the site via the name, I am at a lost as to how to proceed. Any advice?

Also somehow in trying to "fix" the SSL problem I now have ISPConfig displaying four additional security alert screens. I can still get in OK and it seems to work, except all the pop help icons pop up a new log in screen for ISPConfig and it is a bit of a pain clicking on four additional security alert screens. How can I fix this problem?
Reply With Quote
Sponsored Links
  #32  
Old 20th January 2006, 21:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Is there anything about this in ISPConfig Apache's logs in /root/ispconfig/httpd/logs?

Also, any warnings/errors in the normal Apache logs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #33  
Old 29th January 2006, 18:19
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am not sure I am interpreting the logs properly. In some cases it looks like it is seeing a problem, but provides no more information than I already know, namely it cannot find the site.
I am thinking that maybe my configuration problems is not in the SSL set-up, but I am not sure?
Reply With Quote
  #34  
Old 29th January 2006, 22:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Quote:
Originally Posted by senzapaura
I am not sure I am interpreting the logs properly.
Can you post related log entries here?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #35  
Old 30th January 2006, 16:27
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Are there any log files I missed, that you would like to see?
amgsrv1:~/ispconfig/httpd/logs # tail error_log
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/globus-0.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/vzzu-1.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/globus.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/vzauf-1.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/vzzu-0.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/vzauf-0.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/ini.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: / home/admispconfig/ispconfig/web/help/bilder/adresse.gif
[Sun Jan 29 10:29:19 2006] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Sun Jan 29 10:29:19 2006] [error] System: Connection reset by peer (errno: 104)
================================================== ======
amgsrv1:~/ispconfig/httpd/logs # tail access_log
192.168.3.102 - - [29/Jan/2006:10:29:19 -0600] "GET /design/default/tab/tab_active_l.gif HTTP/1.1" 304 -
192.168.3.102 - - [29/Jan/2006:10:29:19 -0600] "GET /design/default/tab/tab_active_r.gif HTTP/1.1" 304 -
192.168.3.102 - - [29/Jan/2006:10:29:19 -0600] "GET /design/default/tab/x.gif HTTP/1.1" 304 -
192.168.3.102 - - [29/Jan/2006:10:29:41 -0600] "GET /admin/datenbank/backup.php? HTTP/1.1" 200 3351
192.168.3.102 - - [29/Jan/2006:10:29:41 -0600] "GET /design/default/nav_hg.gif HTTP/1.1" 304 -
192.168.3.102 - - [29/Jan/2006:10:30:11 -0600] "POST /admin/datenbank/backup_send.php HTTP/1.1" 200 36894
192.168.3.102 - - [29/Jan/2006:10:30:27 -0600] "GET /logoff.php? HTTP/1.1" 302 5
192.168.3.102 - - [29/Jan/2006:10:30:27 -0600] "GET /login.php?err=999 HTTP/1.1" 200 2032
192.168.3.102 - - [29/Jan/2006:10:30:27 -0600] "GET /design/default/style.css HTTP/1.1" 304 -
192.168.3.102 - - [29/Jan/2006:10:30:27 -0600] "GET /design/default/images/login_logo.png HTTP/1.1" 304 –
amgsrv1:~/ispconfig/httpd/logs # tail ssl_engine_log
[29/Jan/2006 10:30:27 18914] [info] Connection to child 1 established (server 192.168.3.170:81, client 192.168.3.102)
[29/Jan/2006 10:30:27 18914] [info] Seeding PRNG with 1160 bytes of entropy
[29/Jan/2006 10:30:27 18914] [info] Connection: Client IP: 192.168.3.102, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[29/Jan/2006 10:30:27 18914] [info] Initial (No.1) HTTPS request received for child 1 (server 192.168.3.170:81)
[29/Jan/2006 10:30:27 18914] [info] Connection to child 1 closed with unclean shutdown (server 192.168.3.170:81, client 192.168.3.102)
[29/Jan/2006 10:30:27 02858] [info] Connection to child 0 established (server 192.168.3.170:81, client 192.168.3.102)
[29/Jan/2006 10:30:27 02858] [info] Seeding PRNG with 1160 bytes of entropy
[29/Jan/2006 10:30:27 02858] [info] Connection: Client IP: 192.168.3.102, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[29/Jan/2006 10:30:27 02858] [info] Initial (No.1) HTTPS request received for child 0 (server 192.168.3.170:81)
[29/Jan/2006 10:30:27 02858] [info] Connection to child 0 closed with unclean shutdown (server 192.168.3.170:81, client 192.168.3.102)
amgsrv1:~/ispconfig/httpd/logs # tail ssl_request_log
[29/Jan/2006:10:29:19 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /design/default/tab/tab_active_l.gif HTTP/1.1" -
[29/Jan/2006:10:29:19 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /design/default/tab/tab_active_r.gif HTTP/1.1" -
[29/Jan/2006:10:29:19 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /design/default/tab/x.gif HTTP/1.1" -
[29/Jan/2006:10:29:41 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /admin/datenbank/backup.php? HTTP/1.1" 3351
[29/Jan/2006:10:29:41 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /design/default/nav_hg.gif HTTP/1.1" -
[29/Jan/2006:10:30:11 -0600] 192.168.3.102 SSLv3 RC4-MD5 "POST /admin/datenbank/backup_send.php HTTP/1.1" 36894
[29/Jan/2006:10:30:27 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /logoff.php? HTTP/1.1" 5
[29/Jan/2006:10:30:27 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /login.php?err=999 HTTP/1.1" 2032
[29/Jan/2006:10:30:27 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /design/default/style.css HTTP/1.1" -
[29/Jan/2006:10:30:27 -0600] 192.168.3.102 SSLv3 RC4-MD5 "GET /design/default/images/login_logo.png HTTP/1.1" –
amgsrv1:/var/log/apache2 # tail access_log
192.168.3.1 - - [30/Jan/2006:07:45:42 -0600] "GET /stylesheets/anthmgrp.css HTTP/1.0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET C LR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:45:42 -0600] "GET /stylesheets/book-test.css HTTP/1.0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:45:42 -0600] "GET /images/systemimages/wine01-1.gif HTTP/1 .0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1 ; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:51:02 -0600] "GET / HTTP/1.0" 200 4113 "-" "Mozilla/4.0 (c ompatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:51:02 -0600] "GET /main/javascript/amg_js_fns-1.js HTTP/1. 0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:51:02 -0600] "GET /stylesheets/book-test.css HTTP/1.0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:51:02 -0600] "GET /stylesheets/anthmgrp.css HTTP/1.0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET C LR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:51:02 -0600] "GET /images/systemimages/wine01-1.gif HTTP/1 .0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1 ; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:51:02 -0600] "GET /stylesheets/scroll-4.css HTTP/1.0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET C LR 1.0.3705; .NET CLR 1.1.4322)"
192.168.3.1 - - [30/Jan/2006:07:51:02 -0600] "GET /images/systemimages/b&blogo.gif HTTP/1. 0" 304 - "http://www.amg01.info/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)"
amgsrv1:/var/log/apache2 # tail error_log
[Mon Jan 30 07:45:28 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:45:28 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:45:31 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:45:31 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:45:39 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:45:39 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:45:42 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:45:42 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:51:02 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 07:51:02 2006] [error] an unknown filter was not added: PHP
Reply With Quote
  #36  
Old 30th January 2006, 20:07
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Quote:
Originally Posted by senzapaura
[Sun Jan 29 10:29:19 2006] [error] System: Connection reset by peer (errno: 104)
Can you try again with another browser than Internet Explorer, e.g. Firefox?
Internet Explorer has some difficulties with SSL, so you'd have to put special directives into your Apache configuration to get it to work with IE.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #37  
Old 31st January 2006, 16:49
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am also testing with firefox on a Suse10 Linux platform. The error message from firefox indicates it is timing out. Since most of the potential users of the web site I am trying to host will be using IE. I guess I need to look into the changes you mentioned.

After trying to access it from both IE and firefox some of the log files had changed so I am pasting the last 20 lines of each.

amgsrv1:/var/log/apache2 # tail -n 20 error_log
[Mon Jan 30 18:11:08 2006] [error] an unknown filter was not added: PHP
[Mon Jan 30 22:55:33 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/awstats
[Mon Jan 30 22:55:36 2006] [error] [client 202.173.188.150] script not found or unable to stat: /srv/www/cgi-bin/awstats.pl
[Mon Jan 30 22:55:39 2006] [error] [client 202.173.188.150] script not found or unable to stat: /srv/www/cgi-bin/awstats
[Mon Jan 30 22:55:43 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/xmlrpc.php
[Mon Jan 30 22:55:46 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/blog
[Mon Jan 30 22:55:47 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/blog
[Mon Jan 30 22:55:49 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/blogs
[Mon Jan 30 22:55:51 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/drupal
[Mon Jan 30 22:55:52 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/phpgroupware
[Mon Jan 30 22:55:54 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/wordpress
[Mon Jan 30 22:55:56 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/xmlrpc.php
[Mon Jan 30 22:55:57 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/xmlrpc
[Mon Jan 30 22:55:59 2006] [error] [client 202.173.188.150] File does not exist: /var/www/sharedip/xmlsrv
[Tue Jan 31 07:14:08 2006] [error] an unknown filter was not added: PHP
[Tue Jan 31 07:14:08 2006] [error] an unknown filter was not added: PHP
[Tue Jan 31 07:19:32 2006] [error] an unknown filter was not added: PHP
[Tue Jan 31 07:19:32 2006] [error] an unknown filter was not added: PHP
[Tue Jan 31 07:19:38 2006] [error] an unknown filter was not added: PHP
[Tue Jan 31 07:19:38 2006] [error] an unknown filter was not added: PHP
amgsrv1:/var/log/apache2 # tail -n 20 access_log
202.173.188.150 - - [30/Jan/2006:22:55:58 -0600] "POST /xmlsrv/xmlrpc.php HTTP/1.1" 400 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1"
193.109.122.16 - - [31/Jan/2006:05:54:19 -0600] "CONNECT 193.109.122.67:6668 HTTP/1.0" 405 953 "-" "pxyscand/2.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET / HTTP/1.0" 200 4113 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET /main/javascript/amg_js_fns-1.js HTTP/1.0" 200 4517 "http://amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET /stylesheets/anthmgrp.css HTTP/1.0" 200 1279 "http://amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET /stylesheets/book-test.css HTTP/1.0" 200 2059 "http://amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET /stylesheets/scroll-4.css HTTP/1.0" 200 919 "http://amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET /images/systemimages/b&blogo.gif HTTP/1.0" 200 19444 "http://amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET /images/systemimages/wine01-1.gif HTTP/1.0" 200 57173 "http://amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:14:08 -0600] "GET /favicon.ico HTTP/1.0" 404 1181 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:32 -0600] "GET / HTTP/1.0" 200 4113 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:32 -0600] "GET /favicon.ico HTTP/1.0" 404 1181 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:38 -0600] "GET / HTTP/1.0" 200 4113 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:39 -0600] "GET /main/javascript/amg_js_fns-1.js HTTP/1.0" 200 4517 "http://www.amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:39 -0600] "GET /stylesheets/anthmgrp.css HTTP/1.0" 200 1279 "http://www.amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:39 -0600] "GET /stylesheets/book-test.css HTTP/1.0" 200 2059 "http://www.amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:39 -0600] "GET /stylesheets/scroll-4.css HTTP/1.0" 200 919 "http://www.amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:39 -0600] "GET /images/systemimages/b&blogo.gif HTTP/1.0" 200 19444 "http://www.amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:39 -0600] "GET /images/systemimages/wine01-1.gif HTTP/1.0" 200 57173 "http://www.amg01.info/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
192.168.3.1 - - [31/Jan/2006:07:19:39 -0600] "GET /favicon.ico HTTP/1.0" 404 1181 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1"
Reply With Quote
  #38  
Old 31st January 2006, 16:49
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

More log files:

amgsrv1:~/ispconfig/httpd/logs # tail -n 20 access_log
192.168.3.105 - - [31/Jan/2006:07:17:40 -0600] "GET /design/default/nav_hg.gif HTTP/1.1" 200 241
192.168.3.105 - - [31/Jan/2006:07:17:40 -0600] "GET /favicon.ico HTTP/1.1" 404 287
192.168.3.105 - - [31/Jan/2006:07:17:40 -0600] "GET /design/default/icons/zwzu-0.gif HTTP/1.1" 200 76
192.168.3.105 - - [31/Jan/2006:07:17:40 -0600] "GET /design/default/icons/stamm-0.gif HTTP/1.1" 200 64
192.168.3.105 - - [31/Jan/2006:07:17:40 -0600] "GET /design/default/icons/vzzu-0.gif HTTP/1.1" 200 625
192.168.3.105 - - [31/Jan/2006:07:17:40 -0600] "GET /design/default/icons/zwe0.gif HTTP/1.1" 200 64
192.168.3.105 - - [31/Jan/2006:07:17:40 -0600] "GET /design/default/icons/papierkorb.gif HTTP/1.1" 200 663
192.168.3.105 - - [31/Jan/2006:07:17:41 -0600] "GET /favicon.ico HTTP/1.1" 404 287
192.168.3.105 - - [31/Jan/2006:07:17:44 -0600] "GET /design/default/icons/zwzu-e0.gif HTTP/1.1" 200 75
192.168.3.105 - - [31/Jan/2006:07:17:44 -0600] "GET /design/default/icons/leer.gif HTTP/1.1" 200 56
192.168.3.105 - - [31/Jan/2006:07:17:44 -0600] "GET /favicon.ico HTTP/1.1" 404 287
192.168.3.105 - - [31/Jan/2006:07:17:54 -0600] "GET /design/default/icons/vzauf-0.gif HTTP/1.1" 200 633
192.168.3.105 - - [31/Jan/2006:07:17:54 -0600] "GET /design/default/icons/globus.gif HTTP/1.1" 200 664
192.168.3.105 - - [31/Jan/2006:07:17:54 -0600] "GET /favicon.ico HTTP/1.1" 404 287
192.168.3.105 - - [31/Jan/2006:07:17:59 -0600] "GET /multidoc/edit/edit.php?tree_id=10& HTTP/1.1" 200 29648
192.168.3.105 - - [31/Jan/2006:07:17:59 -0600] "GET /design/default/icons/help14.gif HTTP/1.1" 200 357
192.168.3.105 - - [31/Jan/2006:07:18:00 -0600] "GET /favicon.ico HTTP/1.1" 404 287
192.168.3.105 - - [31/Jan/2006:07:19:11 -0600] "GET /logoff.php? HTTP/1.1" 302 5
192.168.3.105 - - [31/Jan/2006:07:19:11 -0600] "GET /login.php?err=999 HTTP/1.1" 200


amgsrv1:~/ispconfig/httpd/logs # tail -n 20 error_log
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/globus-0.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/vzzu-1.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/globus.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/vzauf-1.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/vzzu-0.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/vzauf-0.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/ini.gif
[Sun Jan 29 10:28:40 2006] [error] [client 192.168.3.102] File does not exist: /home/admispconfig/ispconfig/web/help/bilder/adresse.gif
[Sun Jan 29 10:29:19 2006] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Sun Jan 29 10:29:19 2006] [error] System: Connection reset by peer (errno: 104)
[Tue Jan 31 07:17:25 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:17:26 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:17:39 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:17:40 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:17:40 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:17:41 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:17:44 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:17:54 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:18:00 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico
[Tue Jan 31 07:19:11 2006] [error] [client 192.168.3.105] File does not exist: /home/admispconfig/ispconfig/web/favicon.ico

amgsrv1:~/ispconfig/httpd/logs # tail -n 20 ssl_engine_log
[31/Jan/2006 07:17:40 18914] [info] Subsequent (No.24) HTTPS request received for child 1 (server 192.168.3.170:81)
[31/Jan/2006 07:17:41 02858] [info] Subsequent (No.23) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:17:44 18914] [info] Subsequent (No.25) HTTPS request received for child 1 (server 192.168.3.170:81)
[31/Jan/2006 07:17:44 02858] [info] Subsequent (No.24) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:17:44 18914] [info] Subsequent (No.26) HTTPS request received for child 1 (server 192.168.3.170:81)
[31/Jan/2006 07:17:54 18914] [info] Subsequent (No.27) HTTPS request received for child 1 (server 192.168.3.170:81)
[31/Jan/2006 07:17:54 02858] [info] Subsequent (No.25) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:17:54 02858] [info] Subsequent (No.26) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:17:59 18914] [info] Subsequent (No.28) HTTPS request received for child 1 (server 192.168.3.170:81)
[31/Jan/2006 07:17:59 02858] [info] Subsequent (No.27) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:18:00 18914] [info] Subsequent (No.29) HTTPS request received for child 1 (server 192.168.3.170:81)
[31/Jan/2006 07:18:16 02858] [info] Connection to child 0 closed with standard shutdown (server 192.168.3.170:81, client 192.168.3.105)
[31/Jan/2006 07:18:16 18914] [info] Connection to child 1 closed with standard shutdown (server 192.168.3.170:81, client 192.168.3.105)
[31/Jan/2006 07:19:11 02858] [info] Connection to child 0 established (server 192.168.3.170:81, client 192.168.3.105)
[31/Jan/2006 07:19:11 02858] [info] Seeding PRNG with 1160 bytes of entropy
[31/Jan/2006 07:19:11 02858] [info] Connection: Client IP: 192.168.3.105, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[31/Jan/2006 07:19:11 02858] [info] Initial (No.1) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:19:11 02858] [info] Subsequent (No.2) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:19:11 02858] [info] Subsequent (No.3) HTTPS request received for child 0 (server 192.168.3.170:81)
[31/Jan/2006 07:19:15 02858] [info] Connection to child 0 closed with standard shutdown (server 192.168.3.170:81, client 192.168.3.105)



amgsrv1:~/ispconfig/httpd/logs # tail -n 20 ssl_request_log
[31/Jan/2006:07:17:40 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/nav_hg.gif HTTP/1.1" 241
[31/Jan/2006:07:17:40 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /favicon.ico HTTP/1.1" 287
[31/Jan/2006:07:17:40 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/zwzu-0.gif HTTP/1.1" 76
[31/Jan/2006:07:17:40 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/stamm-0.gif HTTP/1.1" 64
[31/Jan/2006:07:17:40 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/vzzu-0.gif HTTP/1.1" 625
[31/Jan/2006:07:17:40 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/zwe0.gif HTTP/1.1" 64
[31/Jan/2006:07:17:40 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/papierkorb.gif HTTP/1.1" 663
[31/Jan/2006:07:17:41 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /favicon.ico HTTP/1.1" 287
[31/Jan/2006:07:17:44 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/zwzu-e0.gif HTTP/1.1" 75
[31/Jan/2006:07:17:44 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/leer.gif HTTP/1.1" 56
[31/Jan/2006:07:17:44 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /favicon.ico HTTP/1.1" 287
[31/Jan/2006:07:17:54 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/vzauf-0.gif HTTP/1.1" 633
[31/Jan/2006:07:17:54 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/globus.gif HTTP/1.1" 664
[31/Jan/2006:07:17:54 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /favicon.ico HTTP/1.1" 287
[31/Jan/2006:07:17:59 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /multidoc/edit/edit.php?tree_id=10& HTTP/1.1" 29648
[31/Jan/2006:07:17:59 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /design/default/icons/help14.gif HTTP/1.1" 357
[31/Jan/2006:07:18:00 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /favicon.ico HTTP/1.1" 287
[31/Jan/2006:07:19:11 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /logoff.php? HTTP/1.1" 5
[31/Jan/2006:07:19:11 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /login.php?err=999 HTTP/1.1" 2032
[31/Jan/2006:07:19:11 -0600] 192.168.3.105 TLSv1 DHE-RSA-AES256-SHA "GET /favicon.ico HTTP/1.1" 287
Reply With Quote
  #39  
Old 31st January 2006, 16:51
senzapaura senzapaura is offline
Junior Member
 
Join Date: Nov 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Realizing that this is my problem and having no one to talk this over with locally. I would like to briefly describe how I think things are supposed to work and see if I understand the environment. It is my belief that you must have an understanding of how the environment works to formulate an approach to debugging the problem. I would appreciate your comments. The following is my understanding:

1.) ISPConfig uses a “special” version of the apache software enabling a GUI front end for administering an ISP hosting service. The GUI is used to dynamically change the apache hosted web server configuration, making it easier to implement, track and manage the web services using apache.

2.) I am assuming that as a hosting service I can have any number of virtual hosts (depending on the server size) an each can use its own SSL certificate.

3.) SSL is part of an encryption protocol used to secure data being transmitted between the browser and a web hosting system.

4.) Without getting into all the details of the handshaking etc. required and enforced by SSL, but just describing some key elements and concepts.

a. An SSL certificate is bound to a domain name. For example, I have a domain named xxyy.com pointing to an IP address 24.10.123.30. Access to this domain name, www.xxyy.com routes the messages to my firewall. The SSL has my domain name within the certificate to verify I am who I am supposed to be. My firewall is listening on port 24.10.123.30. Once the firewall recognizes the messages it route them across my local network to IP address 193.168.25.21. This is the web server used to process requests from the external IP address 24.1.123.30.
b. Apache services running on 193.168.25.21 receives the message and determines the web site document location using the virtual host configuration. The virtual hosts can be named by an IP number (this can be a virtual IP address like 193.168.25.25 using this example) or a named host using the same external domain name xxyy.com for the named virtual host.
c. If the virtual host is defined to be listening on port 443 and has within its’ virtual host configuration, paths to the proper certification files, then the SSL modules within apache, (normally mod_ssl) are used to encrypt and decrypt the data. Prior to these functions it verifies the domain name registered within the certificate among other things. I am thinking this domain name should match the named virtual host name. If not it displays an alert message on the browser indicating one of three reasons there may be a problem using this certificate. It could be a bad CA, bad date or the domain name in the certificate does not match the domain name for the virtual host. A match allows it to proceed to the https page address requested by the browser using the path described in the configuration file for the web site documents without an alert message, just an initial message indicating you are using secure mode.
d. The domain name on the hosting web server should not have to be the same as the requested domain by the browser client. Otherwise an ISP would need a separate machine for every external domain serviced. This does not seem reasonable to me.

5.) For some reason, probably a configuration problem, apache cannot find the site by name. It gives me a time out message to the affect that it cannot find the requested page.

6.) However on the local network I can access https pages using the local network IP address. It finds the certificate and allows me to accept it even though the name does not match the IP address. It displays the normal alert indicating a valid CA with a valid date, but the wrong domain. I believe this to be correct since the IP address is not the domain name on the certificate. It them proceeds to deliver the pages. Because the internal IP address enables apache to find the SSL files from the virtual host configuration, the problem does not appear to be the installation of the SSL

7.) When you define the virtual server by name and indicate the virtual domain in the configuration file. Even if the SSL had the incorrect domain name I believe it should still be accessed and the appropriate alert should be displayed, similar to the display presented when the local IP address is used to access the site. This does not happen, instead the browser indicates it has timed out because the page is not accessible.

Can you elaborate on where I may be in error with my assumptions? Surely ISPs are not using one physical machine per client. And most allow the client to add SSL capability. I am not sure where I am going wrong. Any feed back would be appreciated.


Thank you for any advice or help you may be able to provide.
Reply With Quote
  #40  
Old 31st January 2006, 20:17
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
 
Default

Quote:
Originally Posted by senzapaura
1.) ISPConfig uses a “special” version of the apache software enabling a GUI front end for administering an ISP hosting service. The GUI is used to dynamically change the apache hosted web server configuration, making it easier to implement, track and manage the web services using apache.
Yes. But its not a special version of apache, its a normal apache webserver compiled from sources that runs on port 81.

Quote:
2.) I am assuming that as a hosting service I can have any number of virtual hosts (depending on the server size)
yes. even with only one IP address.

Quote:
an each can use its own SSL certificate.
Yes, if you have different IP addresses for every site. This is a limit of the apache webserver, every vhost that uses SSL must have a unique IP address.

Quote:
3.) SSL is part of an encryption protocol used to secure data being transmitted between the browser and a web hosting system.
Yes, SSL is an encryption protocol.

Quote:
4.) Without getting into all the details of the handshaking etc. required and enforced by SSL, but just describing some key elements and concepts.

a. An SSL certificate is bound to a domain name. For example, I have a domain named xxyy.com pointing to an IP address 24.10.123.30. Access to this domain name, www.xxyy.com routes the messages to my firewall. The SSL has my domain name within the certificate to verify I am who I am supposed to be. My firewall is listening on port 24.10.123.30. Once the firewall recognizes the messages it route them across my local network to IP address 193.168.25.21. This is the web server used to process requests from the external IP address 24.1.123.30.
b. Apache services running on 193.168.25.21 receives the message and determines the web site document location using the virtual host configuration. The virtual hosts can be named by an IP number (this can be a virtual IP address like 193.168.25.25 using this example) or a named host using the same external domain name xxyy.com for the named virtual host.
c. If the virtual host is defined to be listening on port 443 and has within its’ virtual host configuration, paths to the proper certification files, then the SSL modules within apache, (normally mod_ssl) are used to encrypt and decrypt the data. Prior to these functions it verifies the domain name registered within the certificate among other things. I am thinking this domain name should match the named virtual host name. If not it displays an alert message on the browser indicating one of three reasons there may be a problem using this certificate. It could be a bad CA, bad date or the domain name in the certificate does not match the domain name for the virtual host. A match allows it to proceed to the https page address requested by the browser using the path described in the configuration file for the web site documents without an alert message, just an initial message indicating you are using secure mode.
d. The domain name on the hosting web server should not have to be the same as the requested domain by the browser client. Otherwise an ISP would need a separate machine for every external domain serviced. This does not seem reasonable to me.
Generally it is like you described, with the limitation that you need one IP per ssl encrypted vhosts

Quote:
5.) For some reason, probably a configuration problem, apache cannot find the site by name. It gives me a time out message to the affect that it cannot find the requested page.
Are you sure the domain points to your external IP address and you forwarded port 80 and 443 to your internal server IP? The apache vhost must be created with this internal IP where you forwarded the ports from your router to.

Quote:
6.) However on the local network I can access https pages using the local network IP address. It finds the certificate and allows me to accept it even though the name does not match the IP address. It displays the normal alert indicating a valid CA with a valid date, but the wrong domain. I believe this to be correct since the IP address is not the domain name on the certificate. It them proceeds to deliver the pages. Because the internal IP address enables apache to find the SSL files from the virtual host configuration, the problem does not appear to be the installation of the SSL
ISPConfig uses only namebased vhsosts. You have to use the domain and not the IP to access them.

Quote:
7.) When you define the virtual server by name and indicate the virtual domain in the configuration file. Even if the SSL had the incorrect domain name I believe it should still be accessed and the appropriate alert should be displayed, similar to the display presented when the local IP address is used to access the site. This does not happen, instead the browser indicates it has timed out because the page is not accessible.
No, only if you access the vhost by domian, not IP.

Quote:
Can you elaborate on where I may be in error with my assumptions? Surely ISPs are not using one physical machine per client. And most allow the client to add SSL capability. I am not sure where I am going wrong. Any feed back would be appreciated.
I think your problem is that you try to access sites by IP instead of using a domain that is correctly configured in DNS and pointing with its A-Record to the external IP address of yourrouter.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with groups/grpconv linuxfast General 28 21st April 2008 10:35
problems mysql rayit General 15 1st April 2006 05:57
2 Questions (1 SSL Related and 1 dns forward related) phamels Installation/Configuration 11 4th January 2006 02:33
Debian 3.1 Related problems! AdykOSu Installation/Configuration 1 21st December 2005 23:32
Problems getting through the installation klausagnoletti Installation/Configuration 4 26th September 2005 13:23


All times are GMT +2. The time now is 01:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.