Solved

Can anyone help me finish getting SSL working on Apache2?

Posted on 2011-09-12
10
547 Views
Last Modified: 2012-05-12
It seems that I am past all of the issues of manually setting up my Certificate Authority and self signing a cert.  The web server is running again (for quite a while it would not).  The odd thing is that if I attempt to go to my IP address I get the default.htm but if I got https://MyIPAddress then I get this from Firefox...

SSL received a record that exceeded the maximum permissible length.

and this from Chrome.

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

it seems like both browsers are communicating with SSL on Apache2, but there is still an issue.  So, I need some help diagnosing and correcting the error.

I am running 64 bit Ubuntu 11.04 server
0
Comment
Question by:developmentguru
  • 6
  • 2
  • 2
10 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36526336
What do the apache logs say after you try it?  Are you sure nothing is redirecting https to http?
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36527092
--What do the apache logs say after you try it?
Which logs should I be checking?

--Are you sure nothing is redirecting https to http?
I feel I can be reasonably sure that is not what is happening as both browsers report an error from SSL (one glaring example being that SSL returned a record length larger than the maximum permissible length).

I have read that I need to import my certificate to the browsers but am unsure how to do that.

I guess what I need from you is a way to diagnose what is wrong.  Both questions sound good, but I am a newb when it comes to Apcahe web server.  I suppose I should have apologized for the newb question already...

In any case, let me know which logs you would check, as well as what you are looking for.  I will let you know what I find.
0
 
LVL 6

Accepted Solution

by:
mohansahu earned 375 total points
ID: 36529066

Hi,

Can u post the apache logs...

tail -0f /var/log/apache2/error.log

MS
0
 
LVL 6

Assisted Solution

by:mohansahu
mohansahu earned 375 total points
ID: 36529092
Hi,

For more detail go through the below link

http://linuxconfig.org/apache-web-server-ssl-authentication

MS

MS
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 125 total points
ID: 36531999
Which logs should I be checking?

Apache error logs.  Where those are located depends on some options in httpd.conf, but depending on your distro it can usually be found in /var/log/httpd/

In your httpd.conf, "ErrorLog" will show you either an absolute path, or a path relative to whatever is set for "ServerRoot"

Like this:
[user@phx3web8 conf]$ grep ErrorLog httpd.conf
ErrorLog logs/error_log
[user@phx3web8 conf]$ grep ServerRoot httpd.conf
ServerRoot "/x/httpd-2.2.14"

Open in new window

That would make the path /x/httpd-2.2.14/logs/error_log.  There are other things you can do with logging but let's just keep it simple for now.

Once you find the error log, do your test again and then paste us any log excerpts that from time period that you did your testing.



0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 21

Author Comment

by:developmentguru
ID: 36537588
I tried the first command you posted and the terminal window seems to be taking a nap...
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537623
OK, I started trying some testing of the web page and it is acting differently now.  It was displaying my HTTP page requests and will not do that now.  Instead I get two errors when I try to go to the IP address on normal HTTP.


[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537939
I think I have a lead on the new error.  I will try to get it back where it was and let you know what I find.
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537975
OK.  The site was disabled and caused the, somewhat odd, error.  I re-enabled the site and now... somehow... the https is working when it would not yesterday...

I am going to split points based on what I learned that helped me to identify some of what was wrong.  I appreciate the help!
0
 
LVL 21

Author Closing Comment

by:developmentguru
ID: 36538000
My only disappointment in the solution is that I do not have any understanding of why it was not working in the first place.

The advice given did lead me to getting it working again by identifying the error.  I was able to use the identified error (google search) to figure out what was wrong and use a2ensite to get the site working again.

The http was working initially while the https seemed to be responding but was not working.  So I am left happy that it is now working, but confused by the fact that I do not understand WHY HTTPS is working today when it was not yesterday.

I do appreciate the help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now