#1  
Old 10th March 2008, 21:11
t471039 t471039 is offline
Junior Member
 
Join Date: Sep 2007
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post
Default SSL Issue

Found a problem when trying to add SSL and use https. Seems deeper then just creating the cert a certain way. Tried the same instructions on another server and it works fine creating a self signed cert. When you go to https it says invalid, etc.

Running OpenSuse10.2 with ISPconfig

Creating a self signed certificate in ISPconfig is not a problem however it never gets to the point where it says it is an invalid certificate when visiting https.

In firefox you get the 12263 error when accessing the https - Tried all solutions for that error in this forum and they have not worked. Checked out if https was listening and apache.

Output of netstat -tap includes:

tcp 0 0 *:https *:* LISTEN 15601/httpd2-prefor

In /etc/sysconfig/apache2

SSL module not listed. These are the modules listed:

APACHE_MODULES="authz_host actions alias auth_basic authz_groupfile authn_file authz_user autoindex cgi dir include log_config mime negotiation setenvif status userdir asis imagemap rewrite php5 authz_default"

When ssl is added to the above list, apache won't restart.

Vhost_ispconfig.conf seems Ok:

<IfModule mod_ssl.c>
<VirtualHost IP:443>
ServerName www.domain.com:443
ServerAdmin webmaster@domain.com
DocumentRoot /srv/www/web5/web
ServerAlias domain.com
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ScriptAlias /cgi-bin/ /srv/www/web5/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /srv/www/web5/log/error.log
AddHandler application/x-httpd-php .php .php3 .php4 .php5
php_admin_flag safe_mode Off
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
SSLEngine on
SSLCertificateFile /srv/www/web5/ssl/www.domain.com.crt
SSLCertificateKeyFile /srv/www/web5/ssl/www.domain.com.key
Alias /error/ "/srv/www/web5/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /srv/www/web5/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /srv/www/web5/user/$1/web/$3
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>

ERROR LOG:
[Mon Mar 10 14:46:17 2008] [error] [client ::1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Mon Mar 10 14:46:33 2008] [error] [client] Invalid method in request \x16\x03\x01
[Mon Mar 10 14:46:36 2008] [notice] Graceful restart requested, doing restart
[Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Mon Mar 10 14:46:37 2008] [notice] Apache/2.2.3 (Linux/SUSE) configured -- resuming normal operations

The SSL Request Log is empty.

The SSL Engine Log:
[10/Mar/2008 09:26:28 28622] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[10/Mar/2008 09:26:28 28623] [info] Init: 2nd startup round (already detached)
[10/Mar/2008 09:26:28 28623] [info] Init: Reinitializing OpenSSL library
[10/Mar/2008 09:26:28 28623] [info] Init: Seeding PRNG with 140 bytes of entropy
[10/Mar/2008 09:26:28 28623] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[10/Mar/2008 09:26:28 28623] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[10/Mar/2008 09:26:28 28623] [info] Init: Initializing (virtual) servers for SSL

Would greatly appreciate some advice. Not sure where the problem is exactly. Maybe something was left out during installation. Just know it never sees the cert created in ISPconfig.

Many thanks!
t
Reply With Quote
Sponsored Links
  #2  
Old 11th March 2008, 06:06
t471039 t471039 is offline
Junior Member
 
Join Date: Sep 2007
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post
Default

any help would be great. thanks!
Reply With Quote
  #3  
Old 11th March 2008, 08:26
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 210
Thanked 648 Times in 294 Posts
Send a message via Skype™ to Hans
 
Default

Please have a look here: http://www.howtoforge.com/faq/14_49_en.html
It might help you.
__________________
Hans

BB-Hosting | Quality Web Hosting since 2005
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
Help installing an SSL certificate james@thereidsonline.com Installation/Configuration 1 26th June 2007 18:11
SSL Issue - Unable to connect to any site Menzor Installation/Configuration 4 27th May 2007 04:03
Hostname issue with SSL Certificate request. mhpcomputerservices General 3 19th December 2006 15:25
Unbearably slow access speeds CombatGod Installation/Configuration 5 30th May 2006 16:31


All times are GMT +2. The time now is 16:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.