| View previous topic :: View next topic |
| Author |
Message |
tfunk
n00b
Joined: 06 Apr 2004
Posts: 67
|
 Posted: Tue Nov 02, 2004 6:53 pm Post subject: Please help me fix Apache2/SSL |
 |
|
Hello,
I'm having serious issues getting Apache2/mod_ssl.
When I try to access the site I get the following error (with the server name removed):
The connection to <<server name here>> was terminated unexpectedly. Some data may have been tranfered
The short story is the my SSL cert provider (instantssl.com) doesn't support Gentoo, and I'm this is my first attempt at SSL, so I don't know what I'm missing.
I found that apache2 wiki that has a small section on SSL, and I've also worked through the fourms and tried to hodge podge them together to get a working implementation.
What I've basicly come up with...
I added an additional line to the apache2.conf file. Under listen = 80 I added listen = 443 so it looks like the following:
| Code: | ###
### IP Address/Port
###
#BindAddress *
Listen 80
Listen 443
###
### Log configuration Section
###
|
That is the only way I could get the server to open port 443. From what I read, I though the vhost config would handle that...so I fear something is messed up there.
Also in the same config file, I have this...
| Code: | ### Virtual Hosts
###
# We include different templates for Virtual Hosting. Have a look in the
# vhosts directory and modify to suit your needs.
#Include conf/vhosts/vhosts.conf
#Include conf/vhosts/dynamic-vhosts.conf
#Include conf/vhosts/virtual-homepages.conf
#Include conf/vhosts/ssl.default-vhost.conf
Include conf/modules.d/41_mod_ssl.default-vhost.conf
###
|
I think that should fire up the ssl default host config file, but I may be wrong.
Here is the revelent snippet from the 41_mod_ssl.default-vhost.conf
| Code: | ## SSL Virtual Host Context
##
<VirtualHost *:443>
# General setup for the virtual host
DocumentRoot "/var/www/localhost/htdocs"
ServerName localhost:443
ServerAdmin root@localhost
ErrorLog logs/ssl_error_log
<IfModule mod_log_config.c>
TransferLog logs/ssl_access_log
</IfModule>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
|
Here are a few more lines that I changed (to make the paths/filenames correct so I don't know that it really matters....I just wanted to put it in anyway)...
| Code: | SSLCertificateFile conf/ssl/domainnamechanged.crt
SSLCertificateKeyFile conf/ssl/server.key
SSLCACertificatePath conf/ssl/ca.txt
|
If I do I get the following, so it would seem that the apache2 config itself is okay...
| Code: | # apache2ctl -t
Syntax OK
|
Finally, here are the apache logs from when I try to access the site via https:
| Code: | [Tue Nov 02 13:16:29 2004] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 02 13:16:29 2004] [notice] Digest: done
[Tue Nov 02 13:16:29 2004] [notice] Apache/2.0.50 (Gentoo/Linux) PHP/4.3.8 configured -- resuming normal operations
[Tue Nov 02 13:16:33 2004] [error] [client 192.168.1.7] Invalid method in request \x80g\x01\x03
|
There may be more info that is needed, but I don't know enough to put it in. My cert provider asked for the SSL logs, but so far I have been unable to locate them.
Can someone please help me get this up and running? Thanks so much for any help!
Thanks!
Tfunk
_________________
========================================================
ILLEGITIMUS NON CARBORUNDUM
======================================================== |
|
| Back to top |
|
 |
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Tue Nov 02, 2004 7:05 pm Post subject: |
|
|
First off get rid of the Listen 443 line in apache2.conf that's going to cause problems. You also don't need to include anything in /etc/apache2/conf/modules.d everything there is included by default
Next you can tell by the | Code: | | [notice] Apache/2.0.50 (Gentoo/Linux) PHP/4.3.8 configured -- resuming normal operations |
line that the only module you have loaded is mod_php, here is the line from an apache server that has ssl enabled | Code: | | [notice] Apache/2.0.52 (Gentoo/Linux) mod_ssl/2.0.52 OpenSSL/0.9.7d PHP/4.3.9 configured -- resuming normal operations |
What you need to do is open up /etc/conf.d/apache2 find the APACHE2_OPTS line and add -D SSL
and then restart apache with
| Code: | | /etc/init.d/apache2 restart |
This will enable your ssl
once you've done that your ssl logs will be created in /var/log/apache2 |
|
| Back to top |
|
|
tfunk
n00b
Joined: 06 Apr 2004
Posts: 67
|
| Posted: Sat Nov 06, 2004 10:55 pm Post subject: |
|
|
well...good news/bad news....
Your reccomended fixes did the trick. That box is up and running just fine 
Thank you for your help!
I tried to do the same to my production web server and I can't seem to get it to listen on port 80 
If I look in the error_logs I can see that it has started php and mod_ssl
| Code: | [Sat Nov 06 01:32:08 2004] [notice] caught SIGTERM, shutting down
[Sat Nov 06 01:32:11 2004] [notice] Digest: generating secret for digest authentication ...
[Sat Nov 06 01:32:11 2004] [notice] Digest: done
[Sat Nov 06 01:32:11 2004] [notice] Apache/2.0.50 (Gentoo/Linux) PHP/4.3.8 mod_ssl/2.0.50 OpenSSL/0.9.7d configured -- re
suming normal operations
|
I copied the SSL certs back over to the same places on the new server, and I coppied the 41_mod_ssl.default-vhost.conf over to the new box.
I can't seem to make it listen on port 443. I thought that the adding -D SSL to the APACHEOPTS did the trick on fireing up the virtual host for SSL...
Obviously, I still have something messed up.
Any advice?
Thanks!
Tfunk
_________________
========================================================
ILLEGITIMUS NON CARBORUNDUM
======================================================== |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Nov 06, 2004 11:46 pm Post subject: |
|
|
| what's in the ssl error log? |
|
| Back to top |
|
|
tfunk
n00b
Joined: 06 Apr 2004
Posts: 67
|
| Posted: Mon Nov 08, 2004 12:43 am Post subject: |
|
|
Ohhhhh nevermind...
When I copied over all the SSL stuff from the working server to the other server...I also grabbed the server cert and copied it to, so there was a certificate mismatch.
I had to regenerate the CSR and have the provider make me a new cert, copied the new certs over, and everything worked just fine.
Thanks for all your help! I would have never got these systems SSL up and running without your help!
Thanks!
Tfunk
_________________
========================================================
ILLEGITIMUS NON CARBORUNDUM
======================================================== |
|
| Back to top |
|
|
|
Networking & Security
