?
Solved

Urgent, Need to get http:// and https:// running on same server, Not working

Posted on 2005-03-14
9
Medium Priority
?
410 Views
Last Modified: 2010-03-18
I cannot get my server to speak http and https at the same time

I can get ssl working if i configure it into my default-server.conf file But when
i try to get it to work in the virtual host it does not work

When i put this in my server-default.conf ssl works fine.

#Enamble ssl
    # SSLEngine on
    # SSLCertificateFile /etc/apache2/ssl.crt/mydomain.crt
    # SSLCertificateKeyFile /etc/apache2/ssl.key/myserver.key
    # SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

But when I put it in the /virthost.conf it does not work.



openssl check error

SSL_connect:SSLv2/v3 write client hello A
read from 080ACBF8 [080B2860] (7 bytes => 7 (0x7))
0000 - 3c 21 64 6f 63 74 79                              <!docty
SSL_connect:error in SSLv2/v3 read server hello A
8262:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:



I have these lines in my access.log ( What in the he!! is that)

192.168.1.1 - - [14/Mar/2005:04:49:04 -0500] "\x80g\x01\x03" 200 15776 "-" "-"
127.0.0.1 - - [14/Mar/2005:04:49:19 -0500] "\x80\x8c\x01\x03\x01" 200 15797 "-" "-"




And this in the error log

[Mon Mar 14 04:48:56 2005] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Mar 14 04:48:56 2005] [notice] Apache/2.0.50 configured -- resuming normal operations



I am quite sure i have the right paths to the required files above because it works on the
default server conf file.

I am running suse pro 9.2 on a minimal install

I need to have ssl running on the same host so that I can switch
between http:// and https:// on the same server.

I need to be able to switch in and out of ssl any where on the website.

So if i go to
http://www.mydomian.com 
it will come up on port 80

And if I enter
https://www.mydomain.com 
it will be reading on port 443

Thanx
0
Comment
Question by:pmrussell892
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 5

Accepted Solution

by:
Anonymouslemming earned 2000 total points
ID: 13533445
Can you post your VirtualHost configuration somewhere please ?

I would say that the first thing to check would be the <VirtualHost ?????> line at the beginning of this config section.

Also, what do your log files say when this happens ?
0
 
LVL 1

Author Comment

by:pmrussell892
ID: 13533552
The lines in my error log

[Mon Mar 14 04:48:56 2005] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Mar 14 04:48:56 2005] [notice] Apache/2.0.50 configured -- resuming normal operations

<VirtualHost *:443>

      #  General setup for the virtual host
      DocumentRoot /srv/www/htdocs/<MyDomain>/public_html
      ServerName www.mydomain.com
      ServerAdmin webmaster@mydomain.com
      ErrorLog /var/log/apache2/error_log
      TransferLog /var/log/apache2/access_log

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl.crt/domain.crt
        SSLCertificateKeyFile /etc/apache2/ssl.csr/myserver.key
        SSLCACertificateFile /etc/apache2/ca.txt
              
</VirtualHost>

The ssl section will work in the default-server.conf but not under the virtual host
0
 
LVL 1

Author Comment

by:pmrussell892
ID: 13533650
*note

My domain.com is not my website. :)
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 5

Expert Comment

by:Anonymouslemming
ID: 13534523
Hmm - the SSLSessionCache directive appears to be missing. Try adding the following to your config:

SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/apache/logs/ssl_mutex

You might also need
SSLRandomSeed connect file:/dev/random  
SSLLog      /var/apache/logs/ssl_engine_log
SSLLogLevel warn

You should change the paths listed here to be appropriate for your system.
512
0
 
LVL 1

Author Comment

by:pmrussell892
ID: 13535048
this is configured in ssl-global.conf

It says that this file is used for the default host and virtual hosts

Here is what i have in there

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

# These are the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#
#   For the moment, see <URL:http://www.modssl.org/docs/> for this info.
#   The documents are still being prepared from material donated by the
#   modssl project.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.

# This global SSL configuration is ignored if
# "SSL" is not defined, or if "NOSSL" is defined.
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>

        #
        #   Some MIME-types for downloading Certificates and CRLs
        #
        AddType application/x-x509-ca-cert .crt
        AddType application/x-pkcs7-crl    .crl

        #   Pass Phrase Dialog:
        #   Configure the pass phrase gathering process.
        #   The filtering dialog program (`builtin' is a internal
        #   terminal dialog) has to provide the pass phrase on stdout.
        SSLPassPhraseDialog  builtin

        #   Inter-Process Session Cache:
        #   Configure the SSL Session Cache: First the mechanism
        #   to use and second the expiring timeout (in seconds).
        #   shm means the same as shmht.
        #   Note that on most platforms shared memory segments are not allowed to be on
        #   network-mounted drives, so in that case you need to use the dbm method.
        #  SSLSessionCache        none
            SSLSessionCache         dbm:/var/lib/apache2/ssl_scache
        #  SSLSessionCache        shmht:/var/lib/apache2/ssl_scache(512000)
        #  SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache
                #   network-mounted drives, so in that case you need to use the dbm method.
        #  SSLSessionCache        none
          SSLSessionCache         dbm:/var/lib/apache2/ssl_scache
        #SSLSessionCache        shmht:/var/lib/apache2/ssl_scache(512000)
        #SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache
          SSLSessionCacheTimeout  600

        #   Semaphore:
        #   Configure the path to the mutual exclusion semaphore the
        #   SSL engine uses internally for inter-process synchronization.
        #SSLMutex  file:/var/lib/apache2/ssl_mutex
        SSLMutex  sem

        #   Pseudo Random Number Generator (PRNG):
        #   Configure one or more sources to seed the PRNG of the
        #   SSL library. The seed data should be of good random quality.
        #   WARNING! On some platforms /dev/random blocks if not enough entropy
        #   is available. This means you then cannot use the /dev/random device
        #   because it would lead to very long connection times (as long as
        #   it requires to make more entropy available). But usually those
        #   platforms additionally provide a /dev/urandom device which doesn't
        #   block. So, if available, use this one instead. Read the mod_ssl User
        #   Manual for more details.
        SSLRandomSeed startup builtin
        SSLRandomSeed connect builtin
        #SSLRandomSeed startup file:/dev/random  512
        #SSLRandomSeed connect file:/dev/random  512
        #SSLRandomSeed startup file:/dev/urandom 512
        #SSLRandomSeed connect file:/dev/urandom 512

</IfModule>
</IfDefine>
</IfDefine>


0
 
LVL 1

Author Comment

by:pmrussell892
ID: 13535058
sorry, The SSLSessionCache group is listed only once. I screwed up my pasting.
0
 
LVL 5

Assisted Solution

by:Anonymouslemming
Anonymouslemming earned 2000 total points
ID: 13535667
How are you starting Apache ? also, does it make a difference if you try adding that to the virtualhost config ?
0
 
LVL 1

Author Comment

by:pmrussell892
ID: 13537644
Got it

I had to change in two seperate files the virtualhost to use ip address rather than name based.

I Also do not think the run level editor was calling apache to start with ssl as in your last answer.

I rolled back to my nackups. Changed both values to ip hosting and started from command line and
voila, Works like a charm.

I guess I am still getting used to the apache 2.0.xx  Config file layout. It is much easier to maintain though :)

Thanx for the help

I have closed this question

and awarded you a grade A
0
 
LVL 1

Author Comment

by:pmrussell892
ID: 13537654
I did not have to add to virtual host directive.
0

Featured Post

7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question