How do I set up the Apache conf file for SSL connections?

pmascari
pmascari used Ask the Experts™
on
I am extremely new to the Linux world and have set up my first Apache web server on Xubuntu.  I have a couple sites running fine using virtual hosts.  However, I need to enable an SSL connection to one of them and am failing miserably.

I have purchased the certificate and generated all the keys needed.  I've followed several tutorials I've found on how to set up Apache for this but they're not working for me.  I am still able to connect to my site normally but connecting with https gives me a "Connection was interrupted" error in Firefox.

Here is my Default config file:
 
NameVirtualHost *

<VirtualHost *>
	ServerAdmin webmaster@localhost
	ServerName *.mysite.com
	DocumentRoot /ebs/websites/default
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /ebs/websites/default/>
		Options FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	DirectoryIndex index.cfm index.html
</VirtualHost>

Open in new window


And here is the default-ssl config file in its current state (it's gone through many iterations as I've wrestled with this):

 
<VirtualHost *:443>
	 	ServerAdmin paul@mysite.com
                DocumentRoot /ebs/websites/default
                ServerName mysite.com:443
                ErrorLog ${APACHE_LOG_DIR}/error.log
                SSLEngine on
		SSLProxyEngine On
                SSLProtocol all
                SSLCertificateFile /ebs/websites/ssl/certificate.crt
                SSLCertificateKeyFile /ebs/websites/ssl/PrivateKey.key
                SSLCertificateChainFile /ebs/websites/ssl/intermediate.crt
                ServerPath /default
	<Directory /ebs/websites/default/>
		Options FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	DirectoryIndex index.cfm index.html
		BrowserMatch "MSIE [2-6]" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0
		# MSIE 7 and newer should be able to use keepalive
		BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>

Open in new window


Any help?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
What does it say in your error log?

Author

Commented:
Not sure if this makes sense or if I'm even looking at the correct log file but it doesn't say anything.  The error log has some entries about missing CSS files that should be cleaned up but I can't find anything refering to SSL connections.  I'm looking in the /var/log/apache2/ directory.

I restarted Apache and started new log files to make sure I wasn't missing anything.  I then try to access my site using https.....nothing in the log.  Browser says Connection Interrupted.
What is the output of following commands ? :

--
netstat -lpn | grep 443
--

--
netstat -lpn | grep 80
--
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
443:
tcp  0 0.0.0.0:443  0.0.0.0:*  LISTEN 7605/apache2

80:
tcp  0 0.0.0.0:80  0.0.0.0:*  LISTEN 7605/apache2
ok, that confirm the service is correctly bound to 443 port.

For logs check and provide the logs from ssl_engine_log ,  though depends on your setup but normally should be available at /usr/local/apache2/logs/ssl_engine_log

Also update the * in <VirtualHost *:443>  to IP of the domain mysite.com , i.e. to <VirtualHost IP:443> , replace IP with the IP of the domain and see if it continues to gave same error.

Author

Commented:
I can not find an SSL log file.  All my Apache logs seem to be in "/var/log/apache2/" and there is no SSL log file in there.  I do not have an apache2 directory in /usr/local/.

Adding the IP to the Virtual host did not work.

This is frustrating.
So what are the exact errors in error log ? your config says "                 ErrorLog ${APACHE_LOG_DIR}/error.log
 " so it should /var/log/apache2/error.log .


Also "  ServerName mysite.com:443 "  should be changed to   "  ServerName mysite.com "
 

Author

Commented:
Sorry for the late response.

The error logs have nothing in them but "File not found" errors from various CSS, JS, and HTM files.  I  then try to access the site via HTTPS and continue to get connection interrupted messages.  Next, I open up the log files again and there is nothing but the same old "File Not Found"'s.  It's almost as if my request is getting stopped before it ever gets to the server?

Author

Commented:
OK, I found this article that describes exactly what is happening to me.  It also describes a fix.  However, I'm a Linux newbie and don't quite understand what it is I need to do.  Is he saying I need to re-build a new Apache package?  A step by step guide would be appreciated.

I'm running Xubuntu 10.10 on Amazon's AWS.

https://bbs.archlinux.org/viewtopic.php?id=118661
Commented:
As far as I can tell, I was, indeed, running into the bug described on this page:

https://bbs.archlinux.org/viewtopic.php?id=118661

I ended up rebuilding the server with a standard Ubuntu install and was able to finally get the SSL working.

Author

Commented:
Found the solution myself after the suggestions from others ran dry.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial