Solved

Can anyone help me finish getting SSL working on Apache2?

Posted on 2011-09-12
10
551 Views
Last Modified: 2012-05-12
It seems that I am past all of the issues of manually setting up my Certificate Authority and self signing a cert.  The web server is running again (for quite a while it would not).  The odd thing is that if I attempt to go to my IP address I get the default.htm but if I got https://MyIPAddress then I get this from Firefox...

SSL received a record that exceeded the maximum permissible length.

and this from Chrome.

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

it seems like both browsers are communicating with SSL on Apache2, but there is still an issue.  So, I need some help diagnosing and correcting the error.

I am running 64 bit Ubuntu 11.04 server
0
Comment
Question by:developmentguru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
10 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36526336
What do the apache logs say after you try it?  Are you sure nothing is redirecting https to http?
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36527092
--What do the apache logs say after you try it?
Which logs should I be checking?

--Are you sure nothing is redirecting https to http?
I feel I can be reasonably sure that is not what is happening as both browsers report an error from SSL (one glaring example being that SSL returned a record length larger than the maximum permissible length).

I have read that I need to import my certificate to the browsers but am unsure how to do that.

I guess what I need from you is a way to diagnose what is wrong.  Both questions sound good, but I am a newb when it comes to Apcahe web server.  I suppose I should have apologized for the newb question already...

In any case, let me know which logs you would check, as well as what you are looking for.  I will let you know what I find.
0
 
LVL 6

Accepted Solution

by:
mohansahu earned 375 total points
ID: 36529066

Hi,

Can u post the apache logs...

tail -0f /var/log/apache2/error.log

MS
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 6

Assisted Solution

by:mohansahu
mohansahu earned 375 total points
ID: 36529092
Hi,

For more detail go through the below link

http://linuxconfig.org/apache-web-server-ssl-authentication

MS

MS
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 125 total points
ID: 36531999
Which logs should I be checking?

Apache error logs.  Where those are located depends on some options in httpd.conf, but depending on your distro it can usually be found in /var/log/httpd/

In your httpd.conf, "ErrorLog" will show you either an absolute path, or a path relative to whatever is set for "ServerRoot"

Like this:
[user@phx3web8 conf]$ grep ErrorLog httpd.conf
ErrorLog logs/error_log
[user@phx3web8 conf]$ grep ServerRoot httpd.conf
ServerRoot "/x/httpd-2.2.14"

Open in new window

That would make the path /x/httpd-2.2.14/logs/error_log.  There are other things you can do with logging but let's just keep it simple for now.

Once you find the error log, do your test again and then paste us any log excerpts that from time period that you did your testing.



0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537588
I tried the first command you posted and the terminal window seems to be taking a nap...
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537623
OK, I started trying some testing of the web page and it is acting differently now.  It was displaying my HTTP page requests and will not do that now.  Instead I get two errors when I try to go to the IP address on normal HTTP.


[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537939
I think I have a lead on the new error.  I will try to get it back where it was and let you know what I find.
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537975
OK.  The site was disabled and caused the, somewhat odd, error.  I re-enabled the site and now... somehow... the https is working when it would not yesterday...

I am going to split points based on what I learned that helped me to identify some of what was wrong.  I appreciate the help!
0
 
LVL 21

Author Closing Comment

by:developmentguru
ID: 36538000
My only disappointment in the solution is that I do not have any understanding of why it was not working in the first place.

The advice given did lead me to getting it working again by identifying the error.  I was able to use the identified error (google search) to figure out what was wrong and use a2ensite to get the site working again.

The http was working initially while the https seemed to be responding but was not working.  So I am left happy that it is now working, but confused by the fact that I do not understand WHY HTTPS is working today when it was not yesterday.

I do appreciate the help.
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question