SSL Issue

Discussion in 'Server Operation' started by t471039, Mar 10, 2008.

  1. t471039

    t471039 New Member

    Found a problem when trying to add SSL and use https. Seems deeper then just creating the cert a certain way. Tried the same instructions on another server and it works fine creating a self signed cert. When you go to https it says invalid, etc.

    Running OpenSuse10.2 with ISPconfig

    Creating a self signed certificate in ISPconfig is not a problem however it never gets to the point where it says it is an invalid certificate when visiting https.

    In firefox you get the 12263 error when accessing the https - Tried all solutions for that error in this forum and they have not worked. Checked out if https was listening and apache.

    Output of netstat -tap includes:

    tcp 0 0 *:https *:* LISTEN 15601/httpd2-prefor

    In /etc/sysconfig/apache2

    SSL module not listed. These are the modules listed:

    APACHE_MODULES="authz_host actions alias auth_basic authz_groupfile authn_file authz_user autoindex cgi dir include log_config mime negotiation setenvif status userdir asis imagemap rewrite php5 authz_default"

    When ssl is added to the above list, apache won't restart.

    Vhost_ispconfig.conf seems Ok:

    <IfModule mod_ssl.c>
    <VirtualHost IP:443>
    ServerName www.domain.com:443
    ServerAdmin [email protected]
    DocumentRoot /srv/www/web5/web
    ServerAlias domain.com
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias /cgi-bin/ /srv/www/web5/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /srv/www/web5/log/error.log
    AddHandler application/x-httpd-php .php .php3 .php4 .php5
    php_admin_flag safe_mode Off
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    SSLEngine on
    SSLCertificateFile /srv/www/web5/ssl/www.domain.com.crt
    SSLCertificateKeyFile /srv/www/web5/ssl/www.domain.com.key
    Alias /error/ "/srv/www/web5/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /srv/www/web5/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /srv/www/web5/user/$1/web/$3
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    </VirtualHost>
    </IfModule>

    ERROR LOG:
    [Mon Mar 10 14:46:17 2008] [error] [client ::1] Directory index forbidden by Options directive: /srv/www/htdocs/
    [Mon Mar 10 14:46:33 2008] [error] [client] Invalid method in request \x16\x03\x01
    [Mon Mar 10 14:46:36 2008] [notice] Graceful restart requested, doing restart
    [Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
    [Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
    [Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
    [Mon Mar 10 14:46:36 2008] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
    [Mon Mar 10 14:46:37 2008] [notice] Apache/2.2.3 (Linux/SUSE) configured -- resuming normal operations

    The SSL Request Log is empty.

    The SSL Engine Log:
    [10/Mar/2008 09:26:28 28622] [info] Init: Configuring temporary DH parameters (512/1024 bits)
    [10/Mar/2008 09:26:28 28623] [info] Init: 2nd startup round (already detached)
    [10/Mar/2008 09:26:28 28623] [info] Init: Reinitializing OpenSSL library
    [10/Mar/2008 09:26:28 28623] [info] Init: Seeding PRNG with 140 bytes of entropy
    [10/Mar/2008 09:26:28 28623] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
    [10/Mar/2008 09:26:28 28623] [info] Init: Configuring temporary DH parameters (512/1024 bits)
    [10/Mar/2008 09:26:28 28623] [info] Init: Initializing (virtual) servers for SSL

    Would greatly appreciate some advice. Not sure where the problem is exactly. Maybe something was left out during installation. Just know it never sees the cert created in ISPconfig.

    Many thanks!
    t
     
  2. t471039

    t471039 New Member

    any help would be great. thanks!
     
  3. Hans

    Hans Moderator ISPConfig Developer

Share This Page