Troubleshooting SSL on Apache

Posted on 2007-10-15
Last Modified: 2013-12-16
Hi All
I am configuring SSL on an Apache2 server on Linux there are two files httpd.conf and ssl.conf httpd.conf inludes the following:

<IfModule mod_ssl.c>
    Include conf/ssl.conf

And ssl.conf includes

Listen 443

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

I can access
but I can not access

Well the thing is that I did a nmap -sS localhost on the server and port 443 does not seem to be up however there are no relevant logs in /var/log/messages !!

What have I missed ?

Any help is appreciated.

Question by:http://
    LVL 14

    Expert Comment

    Check /usr/local/apache2/logs/error_log for errors.  There are a number of ssl specific lines missing, such as turning ssl on, loading the certificate, etc.

    Where are your:
    LoadModule ssl_module modules/
    SSLEngine on
    SSLCertificateFile xxxx
    SSLCertificateKeyFile xxxx
    LVL 19

    Author Comment

    Please note that i have not inluded all of the ssl.conf file
    the error_log returns no errors.

    All other options are included in the ssl.conf file, see below :

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on


    SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

    SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key

    However thanks to your hint I noticed that the SSLCertificateFile and the SSLCertificateKeyFile do not exist how can I generate those ?

    LVL 14

    Expert Comment

    You can generate a self-signed certificate (will give you a warning when you access the page) or generate a request file and pay to have it signed by someone like godaddy.  You generate the certificates using the openssl program, but most linux distributions provide simple scripts to make it easier.

    If you're on redhat take a look at:

    To make your own you do:
    mkdir /etc/httpd/ssl_certs
    cd /etc/httpd/ssl_certs
    openssl genrsa 1024 > server.key
    chmod 400 server.key
    openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > server.crt
    LVL 19

    Author Comment

    Thx for the help so far ,I added

    LoadModule ssl_module modules/

    Created the ssl.key and ssl.crt directories and copied the files respectively to those directories. After that I went to the /bin dir and did ./apachectl startssl but port 443 is still not listening.

    Any ideas ?
    LVL 14

    Accepted Solution

    It must be logging something useful somewhere, maybe just not where you think.  Look through your configuration file and find the error logs and check in them.  You would think it would be /usr/local/apache2/logs/error_log, but maybe some other error log is getting it - and check /var/log/messages too just to be sure.  Usually you'll see something on the screen if it can't load something, but in some cases you don't.

    Also, if you haven't - do a full "apachectl stop" before a start, and make sure apache has actually stopped "pgrep -fl httpd".  Just doing a restart doesn't always work when you're having these kinds of problems (I know you said you're doing a start and stop - just making sure).
    LVL 19

    Author Comment

    Sorry dudes nothing of the above really helped.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
    Imagine a situation that you have installed SSL ( Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now