Solved

Can anyone help me finish getting SSL working on Apache2?

Posted on 2011-09-12
10
546 Views
Last Modified: 2012-05-12
It seems that I am past all of the issues of manually setting up my Certificate Authority and self signing a cert.  The web server is running again (for quite a while it would not).  The odd thing is that if I attempt to go to my IP address I get the default.htm but if I got https://MyIPAddress then I get this from Firefox...

SSL received a record that exceeded the maximum permissible length.

and this from Chrome.

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

it seems like both browsers are communicating with SSL on Apache2, but there is still an issue.  So, I need some help diagnosing and correcting the error.

I am running 64 bit Ubuntu 11.04 server
0
Comment
Question by:developmentguru
  • 6
  • 2
  • 2
10 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36526336
What do the apache logs say after you try it?  Are you sure nothing is redirecting https to http?
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36527092
--What do the apache logs say after you try it?
Which logs should I be checking?

--Are you sure nothing is redirecting https to http?
I feel I can be reasonably sure that is not what is happening as both browsers report an error from SSL (one glaring example being that SSL returned a record length larger than the maximum permissible length).

I have read that I need to import my certificate to the browsers but am unsure how to do that.

I guess what I need from you is a way to diagnose what is wrong.  Both questions sound good, but I am a newb when it comes to Apcahe web server.  I suppose I should have apologized for the newb question already...

In any case, let me know which logs you would check, as well as what you are looking for.  I will let you know what I find.
0
 
LVL 6

Accepted Solution

by:
mohansahu earned 375 total points
ID: 36529066

Hi,

Can u post the apache logs...

tail -0f /var/log/apache2/error.log

MS
0
 
LVL 6

Assisted Solution

by:mohansahu
mohansahu earned 375 total points
ID: 36529092
Hi,

For more detail go through the below link

http://linuxconfig.org/apache-web-server-ssl-authentication

MS

MS
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 125 total points
ID: 36531999
Which logs should I be checking?

Apache error logs.  Where those are located depends on some options in httpd.conf, but depending on your distro it can usually be found in /var/log/httpd/

In your httpd.conf, "ErrorLog" will show you either an absolute path, or a path relative to whatever is set for "ServerRoot"

Like this:
[user@phx3web8 conf]$ grep ErrorLog httpd.conf
ErrorLog logs/error_log
[user@phx3web8 conf]$ grep ServerRoot httpd.conf
ServerRoot "/x/httpd-2.2.14"

Open in new window

That would make the path /x/httpd-2.2.14/logs/error_log.  There are other things you can do with logging but let's just keep it simple for now.

Once you find the error log, do your test again and then paste us any log excerpts that from time period that you did your testing.



0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 21

Author Comment

by:developmentguru
ID: 36537588
I tried the first command you posted and the terminal window seems to be taking a nap...
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537623
OK, I started trying some testing of the web page and it is acting differently now.  It was displaying my HTTP page requests and will not do that now.  Instead I get two errors when I try to go to the IP address on normal HTTP.


[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537939
I think I have a lead on the new error.  I will try to get it back where it was and let you know what I find.
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537975
OK.  The site was disabled and caused the, somewhat odd, error.  I re-enabled the site and now... somehow... the https is working when it would not yesterday...

I am going to split points based on what I learned that helped me to identify some of what was wrong.  I appreciate the help!
0
 
LVL 21

Author Closing Comment

by:developmentguru
ID: 36538000
My only disappointment in the solution is that I do not have any understanding of why it was not working in the first place.

The advice given did lead me to getting it working again by identifying the error.  I was able to use the identified error (google search) to figure out what was wrong and use a2ensite to get the site working again.

The http was working initially while the https seemed to be responding but was not working.  So I am left happy that it is now working, but confused by the fact that I do not understand WHY HTTPS is working today when it was not yesterday.

I do appreciate the help.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now