SSL on Apache; close but not quite running

I have Apache and OpenSSL and followed the instructions on this site: http://tldp.org/HOWTO/SSL-RedHat-HOWTO-3.html

I ran these commands:

openssl genrsa -des3 -out filename.key 1024
openssl req -new -key filename.key -out filename.csr

I sent GeoTrust the csr and got my key back from them. I put the key in a file here:
/usr/local/apache2/conf/ssl.crt/filename.crt

My httpd.conf file has the following line:

<IfModule mod_ssl.c>
  Include conf/ssl.conf
</IfModule>

So I checked and modified (where necessary) the ssl.conf file so that it has the entries mentioned in this post: http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_21597022.html?query=httpd.conf+ssl+%3Cvirtualhost&topics=110

Stoped and started the server by running:

httpd stop
httpd startssl
httpd restart

When I go to https://my.domain.com it gives me the "page cannot be displayed" error yet http://my.domain.com works fine.

Ideas?
bfilipekAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ramazanyichCommented:
first check error.log file: what does it say ? send it here
bfilipekAuthor Commented:
I can't find error.log. I did a "locate error.log" and it came back with nothing.
ramazanyichCommented:
usually it is in /usr/local/apache2/logs directory
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

bfilipekAuthor Commented:
[root@SRVWEB logs]# cat error_log
[Tue Dec 28 18:01:25 2004] [notice] Apache/2.0.52 (Unix) configured -- resuming normal operations
[Tue Dec 28 18:03:29 2004] [notice] caught SIGTERM, shutting down
[Tue Dec 28 18:03:33 2004] [notice] Apache/2.0.52 (Unix) configured -- resuming normal operations
[Tue Jan 04 10:51:52 2005] [notice] caught SIGTERM, shutting down
ramazanyichCommented:
could you also send ssl.conf file content
bfilipekAuthor Commented:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/filename.crt
AddType application/filename.crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
<VirtualHost _default_:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName myweb.mydomain.com:443
ServerAdmin webmaster@somewhere.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/filename.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/filename.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
bfilipekAuthor Commented:
So what is wrong with my ssl.conf file?
ramazanyichCommented:
In your first mail you said that ou followed the faq from tldp.org. But if you check that faq then you should see that the config file is a little bit different.
in your config file you have
<VirtualHost _default_:443>

replace _default_  by your server's IP address. Eg.:
<VirtualHost xxx.xxx.xxx.xx:443>

Also remove :443 from ServerName directive:
ServerName myweb.mydomain.com
Also you don't have
SSLCACertificateFile  directive which point to CA bundle file.
As it is mentioned in faq which you used: "The directives that are the most important for SSL are the SSLEngine on, SSLCertificateFile, SSLCertificateKeyFile, and in many cases SSLCACertificateFile directives."
bfilipekAuthor Commented:
ramazanyich,

- I changed the <VirtualHost _default_:443> to my IP as you suggested <VirtualHost 111.222.333.444:443>
- I removed :443 from the ServerName directive.
- I ran: apachectl stop, apachectl startssl, apachectl restart

And it still does not work.

Is the SSLCACertificateFile required? I did not recieve anything like that from GeoTrust when I purchased the SSL cert.

Thanks for sticking with me on this, I must be very close to getting it to work.


ps thanks administrator.
ramazanyichCommented:
Is your the received cerificate is PEM encoded ? could yo send it to personal mailox ?
ramazanyichCommented:
coulf you also send the resukt of execution of following command:
>httpd -V
it will show all modules that are compiled for your apache installation
bfilipekAuthor Commented:
Not sure how to tell if it is PEM encoded. I am going to guess not.

I ran httpd -V and all it gave me was "service ver. 0.91"
ramazanyichCommented:
It seems that during startup SSL variable is not defined.
Try to run:
>/usr/local/apache2/bin/apachectl startssl
bfilipekAuthor Commented:
Well at this point I am going to uninstall and start fresh. I cant get it to work. Please close this post.
bfilipekAuthor Commented:
Well it's working now. I had to change a few lines in the httpd.conf file. The VirtualHost was set to the IP address, so I changed it to *:80.

Then I changed:
Listen x.x.x.x:80 (x's were the IP address)
to
Listen 0.0.0.0:80

In ssh.conf I changed:
Listen x.x.x.x:443 (x's were the IP address)
to
Listen 0.0.0.0:443

All good now.
GranModCommented:
PAQed with points refunded (500)

GranMod
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.