http:// thevpn.guru
asked on
Troubleshooting SSL on Apache
Hi All
I am configuring SSL on an Apache2 server on Linux there are two files httpd.conf and ssl.conf httpd.conf inludes the following:
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>
And ssl.conf includes
Listen 443
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs "
ServerName www.server.net:443
ServerAdmin you@example.com
ErrorLog /usr/local/apache2/logs/er ror_log
TransferLog /usr/local/apache2/logs/ac cess_log
I can access
http://www.myserver.net
but I can not access
https://www.myserver.net
Well the thing is that I did a nmap -sS localhost on the server and port 443 does not seem to be up however there are no relevant logs in /var/log/messages !!
What have I missed ?
Any help is appreciated.
I am configuring SSL on an Apache2 server on Linux there are two files httpd.conf and ssl.conf httpd.conf inludes the following:
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>
And ssl.conf includes
Listen 443
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs
ServerName www.server.net:443
ServerAdmin you@example.com
ErrorLog /usr/local/apache2/logs/er
TransferLog /usr/local/apache2/logs/ac
I can access
http://www.myserver.net
but I can not access
https://www.myserver.net
Well the thing is that I did a nmap -sS localhost on the server and port 443 does not seem to be up however there are no relevant logs in /var/log/messages !!
What have I missed ?
Any help is appreciated.
ASKER
Please note that i have not inluded all of the ssl.conf file
the error_log returns no errors.
All other options are included in the ssl.conf file, see below :
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA :+HIGH:+ME DIUM:+LOW: +SSLv2:+EX P:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ss l.crt/serv er.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ss l.key/serv er.key
However thanks to your hint I noticed that the SSLCertificateFile and the SSLCertificateKeyFile do not exist how can I generate those ?
the error_log returns no errors.
All other options are included in the ssl.conf file, see below :
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA
SSLCertificateFile /usr/local/apache2/conf/ss
SSLCertificateKeyFile /usr/local/apache2/conf/ss
However thanks to your hint I noticed that the SSLCertificateFile and the SSLCertificateKeyFile do not exist how can I generate those ?
You can generate a self-signed certificate (will give you a warning when you access the page) or generate a request file and pay to have it signed by someone like godaddy. You generate the certificates using the openssl program, but most linux distributions provide simple scripts to make it easier.
If you're on redhat take a look at:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-httpd-secure-server.html
To make your own you do:
mkdir /etc/httpd/ssl_certs
cd /etc/httpd/ssl_certs
openssl genrsa 1024 > server.key
chmod 400 server.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > server.crt
If you're on redhat take a look at:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-httpd-secure-server.html
To make your own you do:
mkdir /etc/httpd/ssl_certs
cd /etc/httpd/ssl_certs
openssl genrsa 1024 > server.key
chmod 400 server.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > server.crt
ASKER
Thx for the help so far ,I added
LoadModule ssl_module modules/mod_ssl.so
Created the ssl.key and ssl.crt directories and copied the files respectively to those directories. After that I went to the /bin dir and did ./apachectl startssl but port 443 is still not listening.
Any ideas ?
LoadModule ssl_module modules/mod_ssl.so
Created the ssl.key and ssl.crt directories and copied the files respectively to those directories. After that I went to the /bin dir and did ./apachectl startssl but port 443 is still not listening.
Any ideas ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry dudes nothing of the above really helped.
Where are your:
LoadModule ssl_module modules/mod_ssl.so
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA
SSLCertificateFile xxxx
SSLCertificateKeyFile xxxx