Solved

apache2 SSL install help

Posted on 2016-08-01
6
25 Views
Last Modified: 2016-08-07
I have apache2 running with self-signed SSL and all is functional.
I obtained a certificate, disabled the self-signed-ssl.conf , and created my own server-ssl.conf
I copied the server.crt to /etc/ssl/certs.
I copied the server.key to /etc/ssl/private
I added the content of certificate.ca.crt to the end of /etc/ssl/ca-certificates.crt
Added the following to server-ssl.conf:

SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/certs/ca-certificates.crt

Open in new window

enabled my config:
a2ensite server-ssl
apachectl configtest (returns: Syntax OK)
service apache2 restart (returns no errors)

Open in new window


Browse the https site with Chrome fails with: ERR_SSL_PROTOCOL_ERROR

Chrome Security Overview
Can someone point me in the next direction to resolve this?
0
Comment
Question by:scarpenter104
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Branislav Borojevic
ID: 41738120
Can you please tell me what OS are you running on your server?
0
 
LVL 1

Author Comment

by:scarpenter104
ID: 41738146
Ubuntu Linux
0
 
LVL 4

Expert Comment

by:Branislav Borojevic
ID: 41738148
I assume you are using OpenSSL?

Please check this link:https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

It should help you go through the whole process, and see what you might have missed.

Good luck!
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:scarpenter104
ID: 41738322
The link above is for creating a self-signed certificate. As stated above, I already have a self-signed certificate working.
I have now installed a certificate from a CA and according to the Chrome overview, the certificate is showing up as trusted and valid. However, the server fails with an ERR_SSL_PROTOCOL_ERROR.
I'm hoping to find someone who is familiar with apache2 and knows what would cause an SSL error when everything appears to be functioning properly.
0
 
LVL 1

Accepted Solution

by:
scarpenter104 earned 0 total points
ID: 41739576
I suspect the problem was with the CA certificate format. Downloaded the certificates in a combined .pem file, set all three paths to that same file and all works perfectly.
0
 
LVL 1

Author Closing Comment

by:scarpenter104
ID: 41746094
No other useful contributions made. Sometimes a little extra digging and a little luck is all you need.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question