• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

Troubleshooting SSL on Apache

Hi All
I am configuring SSL on an Apache2 server on Linux there are two files httpd.conf and ssl.conf httpd.conf inludes the following:

<IfModule mod_ssl.c>
    Include conf/ssl.conf
</IfModule>

And ssl.conf includes

Listen 443

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ServerName www.server.net:443
ServerAdmin you@example.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

I can access
http://www.myserver.net
but I can not access
https://www.myserver.net

Well the thing is that I did a nmap -sS localhost on the server and port 443 does not seem to be up however there are no relevant logs in /var/log/messages !!

What have I missed ?

Any help is appreciated.

0
http:// thevpn.guru
Asked:
http:// thevpn.guru
  • 3
  • 3
1 Solution
 
arrkerr1024Commented:
Check /usr/local/apache2/logs/error_log for errors.  There are a number of ssl specific lines missing, such as turning ssl on, loading the certificate, etc.

Where are your:
LoadModule ssl_module modules/mod_ssl.so
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile xxxx
SSLCertificateKeyFile xxxx
0
 
http:// thevpn.guruAuthor Commented:
Please note that i have not inluded all of the ssl.conf file
the error_log returns no errors.

All other options are included in the ssl.conf file, see below :


#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key


However thanks to your hint I noticed that the SSLCertificateFile and the SSLCertificateKeyFile do not exist how can I generate those ?

0
 
arrkerr1024Commented:
You can generate a self-signed certificate (will give you a warning when you access the page) or generate a request file and pay to have it signed by someone like godaddy.  You generate the certificates using the openssl program, but most linux distributions provide simple scripts to make it easier.

If you're on redhat take a look at:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-httpd-secure-server.html

To make your own you do:
mkdir /etc/httpd/ssl_certs
cd /etc/httpd/ssl_certs
openssl genrsa 1024 > server.key
chmod 400 server.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > server.crt
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
http:// thevpn.guruAuthor Commented:
Thx for the help so far ,I added

LoadModule ssl_module modules/mod_ssl.so

Created the ssl.key and ssl.crt directories and copied the files respectively to those directories. After that I went to the /bin dir and did ./apachectl startssl but port 443 is still not listening.

Any ideas ?
0
 
arrkerr1024Commented:
It must be logging something useful somewhere, maybe just not where you think.  Look through your configuration file and find the error logs and check in them.  You would think it would be /usr/local/apache2/logs/error_log, but maybe some other error log is getting it - and check /var/log/messages too just to be sure.  Usually you'll see something on the screen if it can't load something, but in some cases you don't.

Also, if you haven't - do a full "apachectl stop" before a start, and make sure apache has actually stopped "pgrep -fl httpd".  Just doing a restart doesn't always work when you're having these kinds of problems (I know you said you're doing a start and stop - just making sure).
0
 
http:// thevpn.guruAuthor Commented:
Sorry dudes nothing of the above really helped.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now