Solved

apache2 SSL install help

Posted on 2016-08-01
6
26 Views
Last Modified: 2016-08-07
I have apache2 running with self-signed SSL and all is functional.
I obtained a certificate, disabled the self-signed-ssl.conf , and created my own server-ssl.conf
I copied the server.crt to /etc/ssl/certs.
I copied the server.key to /etc/ssl/private
I added the content of certificate.ca.crt to the end of /etc/ssl/ca-certificates.crt
Added the following to server-ssl.conf:

SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/certs/ca-certificates.crt

Open in new window

enabled my config:
a2ensite server-ssl
apachectl configtest (returns: Syntax OK)
service apache2 restart (returns no errors)

Open in new window


Browse the https site with Chrome fails with: ERR_SSL_PROTOCOL_ERROR

Chrome Security Overview
Can someone point me in the next direction to resolve this?
0
Comment
Question by:scarpenter104
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Branislav Borojevic
ID: 41738120
Can you please tell me what OS are you running on your server?
0
 
LVL 1

Author Comment

by:scarpenter104
ID: 41738146
Ubuntu Linux
0
 
LVL 4

Expert Comment

by:Branislav Borojevic
ID: 41738148
I assume you are using OpenSSL?

Please check this link:https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

It should help you go through the whole process, and see what you might have missed.

Good luck!
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 1

Author Comment

by:scarpenter104
ID: 41738322
The link above is for creating a self-signed certificate. As stated above, I already have a self-signed certificate working.
I have now installed a certificate from a CA and according to the Chrome overview, the certificate is showing up as trusted and valid. However, the server fails with an ERR_SSL_PROTOCOL_ERROR.
I'm hoping to find someone who is familiar with apache2 and knows what would cause an SSL error when everything appears to be functioning properly.
0
 
LVL 1

Accepted Solution

by:
scarpenter104 earned 0 total points
ID: 41739576
I suspect the problem was with the CA certificate format. Downloaded the certificates in a combined .pem file, set all three paths to that same file and all works perfectly.
0
 
LVL 1

Author Closing Comment

by:scarpenter104
ID: 41746094
No other useful contributions made. Sometimes a little extra digging and a little luck is all you need.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question