SSL on Apache; close but not quite running

I have Apache and OpenSSL and followed the instructions on this site: http://tldp.org/HOWTO/SSL-RedHat-HOWTO-3.html

I ran these commands:

openssl genrsa -des3 -out filename.key 1024
openssl req -new -key filename.key -out filename.csr

I sent GeoTrust the csr and got my key back from them. I put the key in a file here:
/usr/local/apache2/conf/ssl.crt/filename.crt

My httpd.conf file has the following line:

<IfModule mod_ssl.c>
  Include conf/ssl.conf
</IfModule>

So I checked and modified (where necessary) the ssl.conf file so that it has the entries mentioned in this post: http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_21597022.html?query=httpd.conf+ssl+%3Cvirtualhost&topics=110

Stoped and started the server by running:

httpd stop
httpd startssl
httpd restart

When I go to https://my.domain.com it gives me the "page cannot be displayed" error yet http://my.domain.com works fine.

Ideas?
bfilipekAsked:
Who is Participating?
 
GranModCommented:
PAQed with points refunded (500)

GranMod
Community Support Moderator
0
 
ramazanyichCommented:
first check error.log file: what does it say ? send it here
0
 
bfilipekAuthor Commented:
I can't find error.log. I did a "locate error.log" and it came back with nothing.
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
ramazanyichCommented:
usually it is in /usr/local/apache2/logs directory
0
 
bfilipekAuthor Commented:
[root@SRVWEB logs]# cat error_log
[Tue Dec 28 18:01:25 2004] [notice] Apache/2.0.52 (Unix) configured -- resuming normal operations
[Tue Dec 28 18:03:29 2004] [notice] caught SIGTERM, shutting down
[Tue Dec 28 18:03:33 2004] [notice] Apache/2.0.52 (Unix) configured -- resuming normal operations
[Tue Jan 04 10:51:52 2005] [notice] caught SIGTERM, shutting down
0
 
ramazanyichCommented:
could you also send ssl.conf file content
0
 
bfilipekAuthor Commented:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/filename.crt
AddType application/filename.crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
<VirtualHost _default_:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName myweb.mydomain.com:443
ServerAdmin webmaster@somewhere.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/filename.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/filename.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfDefine>
0
 
bfilipekAuthor Commented:
So what is wrong with my ssl.conf file?
0
 
ramazanyichCommented:
In your first mail you said that ou followed the faq from tldp.org. But if you check that faq then you should see that the config file is a little bit different.
in your config file you have
<VirtualHost _default_:443>

replace _default_  by your server's IP address. Eg.:
<VirtualHost xxx.xxx.xxx.xx:443>

Also remove :443 from ServerName directive:
ServerName myweb.mydomain.com
Also you don't have
SSLCACertificateFile  directive which point to CA bundle file.
As it is mentioned in faq which you used: "The directives that are the most important for SSL are the SSLEngine on, SSLCertificateFile, SSLCertificateKeyFile, and in many cases SSLCACertificateFile directives."
0
 
bfilipekAuthor Commented:
ramazanyich,

- I changed the <VirtualHost _default_:443> to my IP as you suggested <VirtualHost 111.222.333.444:443>
- I removed :443 from the ServerName directive.
- I ran: apachectl stop, apachectl startssl, apachectl restart

And it still does not work.

Is the SSLCACertificateFile required? I did not recieve anything like that from GeoTrust when I purchased the SSL cert.

Thanks for sticking with me on this, I must be very close to getting it to work.


ps thanks administrator.
0
 
ramazanyichCommented:
Is your the received cerificate is PEM encoded ? could yo send it to personal mailox ?
0
 
ramazanyichCommented:
coulf you also send the resukt of execution of following command:
>httpd -V
it will show all modules that are compiled for your apache installation
0
 
bfilipekAuthor Commented:
Not sure how to tell if it is PEM encoded. I am going to guess not.

I ran httpd -V and all it gave me was "service ver. 0.91"
0
 
ramazanyichCommented:
It seems that during startup SSL variable is not defined.
Try to run:
>/usr/local/apache2/bin/apachectl startssl
0
 
bfilipekAuthor Commented:
Well at this point I am going to uninstall and start fresh. I cant get it to work. Please close this post.
0
 
bfilipekAuthor Commented:
Well it's working now. I had to change a few lines in the httpd.conf file. The VirtualHost was set to the IP address, so I changed it to *:80.

Then I changed:
Listen x.x.x.x:80 (x's were the IP address)
to
Listen 0.0.0.0:80

In ssh.conf I changed:
Listen x.x.x.x:443 (x's were the IP address)
to
Listen 0.0.0.0:443

All good now.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.