Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Urgent, Need to get http:// and https:// running on same server, Not working

Posted on 2005-03-14
Medium Priority
Last Modified: 2010-03-18
I cannot get my server to speak http and https at the same time

I can get ssl working if i configure it into my default-server.conf file But when
i try to get it to work in the virtual host it does not work

When i put this in my server-default.conf ssl works fine.

#Enamble ssl
    # SSLEngine on
    # SSLCertificateFile /etc/apache2/ssl.crt/mydomain.crt
    # SSLCertificateKeyFile /etc/apache2/ssl.key/myserver.key
    # SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

But when I put it in the /virthost.conf it does not work.

openssl check error

SSL_connect:SSLv2/v3 write client hello A
read from 080ACBF8 [080B2860] (7 bytes => 7 (0x7))
0000 - 3c 21 64 6f 63 74 79                              <!docty
SSL_connect:error in SSLv2/v3 read server hello A
8262:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:

I have these lines in my access.log ( What in the he!! is that) - - [14/Mar/2005:04:49:04 -0500] "\x80g\x01\x03" 200 15776 "-" "-" - - [14/Mar/2005:04:49:19 -0500] "\x80\x8c\x01\x03\x01" 200 15797 "-" "-"

And this in the error log

[Mon Mar 14 04:48:56 2005] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Mar 14 04:48:56 2005] [notice] Apache/2.0.50 configured -- resuming normal operations

I am quite sure i have the right paths to the required files above because it works on the
default server conf file.

I am running suse pro 9.2 on a minimal install

I need to have ssl running on the same host so that I can switch
between http:// and https:// on the same server.

I need to be able to switch in and out of ssl any where on the website.

So if i go to
it will come up on port 80

And if I enter
it will be reading on port 443

Question by:pmrussell892
  • 6
  • 3

Accepted Solution

Anonymouslemming earned 2000 total points
ID: 13533445
Can you post your VirtualHost configuration somewhere please ?

I would say that the first thing to check would be the <VirtualHost ?????> line at the beginning of this config section.

Also, what do your log files say when this happens ?

Author Comment

ID: 13533552
The lines in my error log

[Mon Mar 14 04:48:56 2005] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Mar 14 04:48:56 2005] [notice] Apache/2.0.50 configured -- resuming normal operations

<VirtualHost *:443>

      #  General setup for the virtual host
      DocumentRoot /srv/www/htdocs/<MyDomain>/public_html
      ServerName www.mydomain.com
      ServerAdmin webmaster@mydomain.com
      ErrorLog /var/log/apache2/error_log
      TransferLog /var/log/apache2/access_log

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl.crt/domain.crt
        SSLCertificateKeyFile /etc/apache2/ssl.csr/myserver.key
        SSLCACertificateFile /etc/apache2/ca.txt

The ssl section will work in the default-server.conf but not under the virtual host

Author Comment

ID: 13533650

My domain.com is not my website. :)
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Expert Comment

ID: 13534523
Hmm - the SSLSessionCache directive appears to be missing. Try adding the following to your config:

SSLSessionCache         dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/apache/logs/ssl_mutex

You might also need
SSLRandomSeed connect file:/dev/random  
SSLLog      /var/apache/logs/ssl_engine_log
SSLLogLevel warn

You should change the paths listed here to be appropriate for your system.

Author Comment

ID: 13535048
this is configured in ssl-global.conf

It says that this file is used for the default host and virtual hosts

Here is what i have in there

##  SSL Global Context
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.

# These are the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#   For the moment, see <URL:http://www.modssl.org/docs/> for this info.
#   The documents are still being prepared from material donated by the
#   modssl project.
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.

# This global SSL configuration is ignored if
# "SSL" is not defined, or if "NOSSL" is defined.
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>

        #   Some MIME-types for downloading Certificates and CRLs
        AddType application/x-x509-ca-cert .crt
        AddType application/x-pkcs7-crl    .crl

        #   Pass Phrase Dialog:
        #   Configure the pass phrase gathering process.
        #   The filtering dialog program (`builtin' is a internal
        #   terminal dialog) has to provide the pass phrase on stdout.
        SSLPassPhraseDialog  builtin

        #   Inter-Process Session Cache:
        #   Configure the SSL Session Cache: First the mechanism
        #   to use and second the expiring timeout (in seconds).
        #   shm means the same as shmht.
        #   Note that on most platforms shared memory segments are not allowed to be on
        #   network-mounted drives, so in that case you need to use the dbm method.
        #  SSLSessionCache        none
            SSLSessionCache         dbm:/var/lib/apache2/ssl_scache
        #  SSLSessionCache        shmht:/var/lib/apache2/ssl_scache(512000)
        #  SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache
                #   network-mounted drives, so in that case you need to use the dbm method.
        #  SSLSessionCache        none
          SSLSessionCache         dbm:/var/lib/apache2/ssl_scache
        #SSLSessionCache        shmht:/var/lib/apache2/ssl_scache(512000)
        #SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache
          SSLSessionCacheTimeout  600

        #   Semaphore:
        #   Configure the path to the mutual exclusion semaphore the
        #   SSL engine uses internally for inter-process synchronization.
        #SSLMutex  file:/var/lib/apache2/ssl_mutex
        SSLMutex  sem

        #   Pseudo Random Number Generator (PRNG):
        #   Configure one or more sources to seed the PRNG of the
        #   SSL library. The seed data should be of good random quality.
        #   WARNING! On some platforms /dev/random blocks if not enough entropy
        #   is available. This means you then cannot use the /dev/random device
        #   because it would lead to very long connection times (as long as
        #   it requires to make more entropy available). But usually those
        #   platforms additionally provide a /dev/urandom device which doesn't
        #   block. So, if available, use this one instead. Read the mod_ssl User
        #   Manual for more details.
        SSLRandomSeed startup builtin
        SSLRandomSeed connect builtin
        #SSLRandomSeed startup file:/dev/random  512
        #SSLRandomSeed connect file:/dev/random  512
        #SSLRandomSeed startup file:/dev/urandom 512
        #SSLRandomSeed connect file:/dev/urandom 512



Author Comment

ID: 13535058
sorry, The SSLSessionCache group is listed only once. I screwed up my pasting.

Assisted Solution

Anonymouslemming earned 2000 total points
ID: 13535667
How are you starting Apache ? also, does it make a difference if you try adding that to the virtualhost config ?

Author Comment

ID: 13537644
Got it

I had to change in two seperate files the virtualhost to use ip address rather than name based.

I Also do not think the run level editor was calling apache to start with ssl as in your last answer.

I rolled back to my nackups. Changed both values to ip hosting and started from command line and
voila, Works like a charm.

I guess I am still getting used to the apache 2.0.xx  Config file layout. It is much easier to maintain though :)

Thanx for the help

I have closed this question

and awarded you a grade A

Author Comment

ID: 13537654
I did not have to add to virtual host directive.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question