Client Site With SSL Not Working

[John.Smith]

I am using ISPConfig Version: 2.2.38 on Fedora 14 x86_64. I log into the ISPConfig control panel as admin at https://server1.example.tld:81/. I click ISP Manager -> Sites Folder -> Site1 -> Basis Tab -> Check SSL -> Save. I am taken back to the ISP Manager home page. I must browse back to Site1 and then click on the SSL tab. I filled in the drop down box and the 5 text fields. I then select create certificate from the drop down box and click save. I am taken back to the ISP Manger home page and I must browse back to Site1, click on the SLL tab, then there are two textareas that are called SSL Request and SSL certificate and are filled in with information. I select save certificate from the drop down box and click save.

Now when I browse to http://www.site1.com/ everything works normal. When I browse to https://www.site1.com/ I get unable to connect page.

---
[root@pluto ~]# lynx https://www.site.com/

Looking up www.site1.com
Making HTTPS connection to www.site1.com
Alert!: Unable to connect to remote host.

lynx: Can't access startfile https://www.site1.com/
---

I have replaced my domains with example and site1 for this post.

Whenever I try to access Site1 using https there doesn't seem to be any errors generated in /var/log/httpd/error_log.

Can anyone please give me some suggestions as to why I can't access Site1 using SSL, or where to start looking?

[falko]

What's the output of

Code:

netstat -tap

?

Quote:

I am taken back to the ISP Manger home page and I must browse back to Site1, click on the SLL tab, then there are two textareas that are called SSL Request and SSL certificate and are filled in with information. I select save certificate from the drop down box and click save.

BTW, you don't have to select "Save" again after the initial creation of the certificate. "Save" is needed only if you use the CSR to get an official certificate from a trusted CA. You would then paste the official cert into the form and select "Save". See http://www.howtoforge.com/faq/14_49_en.html

[John.Smith]

falko,

Thank you for the reply. Here is my netstat -tap.

Code:

[root@pluto ~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 *:imap                      *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:81                        *:*                         LISTEN      1827/ispconfig_http 
tcp        0      0 pluto.site1.com:domain    *:*                         LISTEN      2150/named          
tcp        0      0 localhost.localdomai:domain *:*                         LISTEN      2150/named          
tcp        0      0 *:ssh                       *:*                         LISTEN      1452/sshd           
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN      1236/cupsd          
tcp        0      0 *:smtp                      *:*                         LISTEN      32696/master        
tcp        0      0 localhost.localdomain:rndc  *:*                         LISTEN      2150/named          
tcp        0      0 *:imaps                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:pop3s                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:mysql                     *:*                         LISTEN      1591/mysqld         
tcp        0      0 *:pop3                      *:*                         LISTEN      1617/dovecot        
tcp        1      0 pluto.site1.com:35533     24.143.206.49:http          CLOSE_WAIT  2822/clock-applet   
tcp        0      0 pluto.site1.com:45791     gy-in-f102.1e100.net:http   TIME_WAIT   -                   
tcp        0      0 *:imap                      *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:http                      *:*                         LISTEN      1967/httpd          
tcp        0      0 *:ftp                       *:*                         LISTEN      378/proftpd: (accep 
tcp        0      0 *:ssh                       *:*                         LISTEN      1452/sshd           
tcp        0      0 pluto.site1.com:ipp       *:*                         LISTEN      1236/cupsd          
tcp        0      0 *:smtp                      *:*                         LISTEN      32696/master        
tcp        0      0 pluto.site1.com:rndc      *:*                         LISTEN      2150/named          
tcp        0      0 *:imaps                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:pop3s                     *:*                         LISTEN      1617/dovecot        
tcp        0      0 *:pop3                      *:*                         LISTEN      1617/dovecot

It appears that it isn't listening for https? How do i configure or start that?

Thanks,
John

[falko]

Can you post your /etc/httpd/conf/httpd.conf? What's the output of

Code:

ls -la /etc/httpd/conf/

?

[John.Smith]

Code:

[root@pluto ~]# ls -la /etc/httpd/conf/
total 136
drwxr-xr-x. 3 root root  4096 Apr  5 02:28 .
drwxr-xr-x. 4 root root  4096 Apr  4 23:18 ..
-rw-r--r--  1 root root 35976 Apr  5 01:47 httpd.conf
-rw-r--r--  1 root root 35932 Mar 31 07:30 httpd.conf.31-03-11_07-30-18
-rw-r--r--  1 root root 34464 Mar 31 07:30 httpd.conf.orig
-rw-r--r--  1 root root 12958 Oct 27 06:05 magic
drwxr-xr-x  2 root root  4096 Apr  3 03:57 vhosts

[falko]

What's in your /etc/httpd/conf/httpd.conf? Do you have

Code:

Listen 443

anywhere in your configuration?

[John.Smith]

No, I don't have that line. I'm pretty certain you don't want me to paste the 1058 lines in that file. Do you? It conatins a line towards the end that reads

Code:

Include /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf

I looked in the /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf file , and all of my domains use port 80, except for the one that I setup to use SSL.

I put

Quote:

Listen 443

in the /etc/httpd/conf/httpd.conf file, and restarted everything. Now it gives me this error,

Code:

[root@pluto ~]# lynx https://www.site1.com/

Looking up www.site1.com
Making HTTPS connection to www.site1.com
Retrying connection without TLS.
Looking up www.site1.com
Making HTTPS connection to www.site1.com
Alert!: Unable to make secure connection to remote host.

lynx: Can't access startfile https://www.site1.com/

What next?

[falko]

This link might help: http://webcache.googleusercontent.co...www.google.com

[John.Smith]

I reversed my previous step, by removing the Listen 443 line back out of my /etc/httpd/conf/httpd.conf file. Then I typed yum install mod_ssl. Then restarted. Now I can access the site using https. Now I have a new problem. I am hosting 8 competitors web sites. Only site1 requires to be able to connect using https. Whenever anyone accesses the other 7 web sites using https, they are connected securely to site1. I visit https://www.site2.com/ and site1's web site displays. Since they are competitors, this is bad. When I access any of the sites using http then everything is fine.

What can I do now to fix the new problem?

[falko]

You could set up a default SSL vhost that catches all connections that are not targeted at your SSL site.