Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can anyone help me finish getting SSL working on Apache2?

Posted on 2011-09-12
10
Medium Priority
?
553 Views
Last Modified: 2012-05-12
It seems that I am past all of the issues of manually setting up my Certificate Authority and self signing a cert.  The web server is running again (for quite a while it would not).  The odd thing is that if I attempt to go to my IP address I get the default.htm but if I got https://MyIPAddress then I get this from Firefox...

SSL received a record that exceeded the maximum permissible length.

and this from Chrome.

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

it seems like both browsers are communicating with SSL on Apache2, but there is still an issue.  So, I need some help diagnosing and correcting the error.

I am running 64 bit Ubuntu 11.04 server
0
Comment
Question by:developmentguru
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
10 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36526336
What do the apache logs say after you try it?  Are you sure nothing is redirecting https to http?
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36527092
--What do the apache logs say after you try it?
Which logs should I be checking?

--Are you sure nothing is redirecting https to http?
I feel I can be reasonably sure that is not what is happening as both browsers report an error from SSL (one glaring example being that SSL returned a record length larger than the maximum permissible length).

I have read that I need to import my certificate to the browsers but am unsure how to do that.

I guess what I need from you is a way to diagnose what is wrong.  Both questions sound good, but I am a newb when it comes to Apcahe web server.  I suppose I should have apologized for the newb question already...

In any case, let me know which logs you would check, as well as what you are looking for.  I will let you know what I find.
0
 
LVL 6

Accepted Solution

by:
mohansahu earned 1500 total points
ID: 36529066

Hi,

Can u post the apache logs...

tail -0f /var/log/apache2/error.log

MS
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 6

Assisted Solution

by:mohansahu
mohansahu earned 1500 total points
ID: 36529092
Hi,

For more detail go through the below link

http://linuxconfig.org/apache-web-server-ssl-authentication

MS

MS
0
 
LVL 21

Assisted Solution

by:Papertrip
Papertrip earned 500 total points
ID: 36531999
Which logs should I be checking?

Apache error logs.  Where those are located depends on some options in httpd.conf, but depending on your distro it can usually be found in /var/log/httpd/

In your httpd.conf, "ErrorLog" will show you either an absolute path, or a path relative to whatever is set for "ServerRoot"

Like this:
[user@phx3web8 conf]$ grep ErrorLog httpd.conf
ErrorLog logs/error_log
[user@phx3web8 conf]$ grep ServerRoot httpd.conf
ServerRoot "/x/httpd-2.2.14"

Open in new window

That would make the path /x/httpd-2.2.14/logs/error_log.  There are other things you can do with logging but let's just keep it simple for now.

Once you find the error log, do your test again and then paste us any log excerpts that from time period that you did your testing.



0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537588
I tried the first command you posted and the terminal window seems to be taking a nap...
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537623
OK, I started trying some testing of the web page and it is acting differently now.  It was displaying my HTTP page requests and will not do that now.  Instead I get two errors when I try to go to the IP address on normal HTTP.


[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
[Wed Sep 14 12:52:32 2011] [client 10.1.1.254] File does not exist: /etc/apache2/htdocs
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537939
I think I have a lead on the new error.  I will try to get it back where it was and let you know what I find.
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36537975
OK.  The site was disabled and caused the, somewhat odd, error.  I re-enabled the site and now... somehow... the https is working when it would not yesterday...

I am going to split points based on what I learned that helped me to identify some of what was wrong.  I appreciate the help!
0
 
LVL 21

Author Closing Comment

by:developmentguru
ID: 36538000
My only disappointment in the solution is that I do not have any understanding of why it was not working in the first place.

The advice given did lead me to getting it working again by identifying the error.  I was able to use the identified error (google search) to figure out what was wrong and use a2ensite to get the site working again.

The http was working initially while the https seemed to be responding but was not working.  So I am left happy that it is now working, but confused by the fact that I do not understand WHY HTTPS is working today when it was not yesterday.

I do appreciate the help.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question