Re: 443 VirtualHost setup yields "Server should be SSL-aware" error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Matias thank you for the assistance, I ended up discovering I had
an additional configuration file included that had additional SSL
directives defined in it.

When I commented out this configuration (as everything present in it
was also present in my main configuration) it seemed to start up
without issue.

The file that I commented out contained:
SSLEngine               on
SSLOptions              StdEnvVars StrictRequire
SSLCompression off
SSLProtocol             All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite          ALL:!ADH:!LOW:!SSLv2:!EXP:!NULL:RC4+SHA:+HIGH:+MEDIUM
SSLRandomSeed           startup file:/dev/urandom 512
SSLRandomSeed           connect file:/dev/urandom 512
SSLSessionCacheTimeout  300


Everything in that file is present in my mainline configuration as
well except for the SSLHonorCipherOrder. Do you think the issue was
that the SSLEngine on was defined both inside and outside of my
VirtualHost?

On Tue, Aug 4, 2015 at 3:13 PM, Matias Visbeek
<matias.visbeek@xxxxxxxxxx> wrote:
> Another question, I see you have SSLProxyEngine On, so I assume your are
> using it as a Reverse Proxy. Does the backend requires SSL aswell? In that
> case you will need at least the trusted certificate for the backend's server
> certificate specified in SSLProxyCACertificateFile.
>
> What version of Apache are you using?
>
> Are you sure Apache have privileges over that directory?
>
>
> 2015-08-04 16:19 GMT-03:00 , , <us.shadow.op@xxxxxxxxx>:
>>
>> That is correct.
>>
>> On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek
>> <matias.visbeek@xxxxxxxxxx> wrote:
>> > Just to be sure, is your example.crt file just the public key of your
>> > ceritficate in PEM Base64 format?
>> >
>> >
>> > 2015-08-04 15:23 GMT-03:00 <eigenbrais1@xxxxxxxxx>:
>> >>
>> >> Apologies, the leading slash was not supposed to be there, just copied
>> >> a fake file location and forgot to remove it, the full path is defined
>> >> for the certs:
>> >> SSLCertificateFile      "/opt/blah/web/apache2/cert/example.crt"
>> >> SSLCertificateKeyFile   "/opt/blah/web/apache2/cert/example.key"
>> >> SSLCertificateChainFile
>> >> "/opt/blah/web/apache2/cert/example-intermediate.crt"
>> >>
>> >> Matias, not sure what you mean by "are you sure conditions for
>> >> IfDefine are met?" If you mean are those levels defined properly etc.
>> >> then yes, I use those IfDefines several times in the rest of the
>> >> configuration.
>> >>
>> >> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
>> >> <matias.visbeek@xxxxxxxxxx> wrote:
>> >> > Hi,
>> >> >
>> >> > I have 2 different theories about what is happening with your code.
>> >> >
>> >> > First, this line looks wrong
>> >> > SSLCertificateFile      "/example.crt"
>> >> >
>> >> > Do you have your certificate file in the root directory?
>> >> > Try changing it for this
>> >> >
>> >> > SSLCertificateFile      "example.crt"
>> >> >
>> >> > or providing the full path to the file, for example
>> >> > "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt"
>> >> > for
>> >> > Windows.
>> >> >
>> >> > Second, you define your certificate inside IfDefine tags, are you
>> >> > sure
>> >> > conditions for IfDefine are met?
>> >> >
>> >> > Regards,
>> >> >
>> >> > Matías
>> >> >
>> >> > 2015-08-04 15:02 GMT-03:00 <eigenbrais1@xxxxxxxxx>:
>> >> >>
>> >> >> RHEL: 5
>> >> >> Apache: 2.2.29
>> >> >>
>> >> >> Trying to set up a VirtualHost in my 443 configuration
>> >> >>
>> >> >>
>> >> >>
>> >> >> ----------------------------------------------------------------------------
>> >> >> Listen 443 (also tried Listen 443 http)
>> >> >>
>> >> >> DocumentRoot    "/www/secure"
>> >> >>
>> >> >> NameVirtualHost *:443
>> >> >>
>> >> >> <VirtualHost *:443>
>> >> >>
>> >> >> <IfDefine leveltest>
>> >> >> ServerName      test.something.com
>> >> >> RewriteEngine On
>> >> >> SSLEngine     On
>> >> >> SSLProxyEngine on
>> >> >> ProxyRequests Off
>> >> >> SSLCertificateFile      "/example.crt"
>> >> >> SSLCertificateKeyFile   "example.key"
>> >> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> >> </IfDefine>
>> >> >> <IfDefine levelprod>
>> >> >> RewriteEngine On
>> >> >> SSLEngine     On
>> >> >> SSLProxyEngine on
>> >> >> ProxyRequests Off
>> >> >> RewriteEngine On
>> >> >> SSLEngine     On
>> >> >> SSLProxyEngine on
>> >> >> ProxyRequests Off
>> >> >> SSLCertificateFile      "/example.crt"
>> >> >> SSLCertificateKeyFile   "example.key"
>> >> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> >> </IfDefine>
>> >> >>
>> >> >> SSLOptions              +StdEnvVars +ExportCertData
>> >> >> SSLProtocol             ALL -SSLv2 -SSLv3
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> -------------------------------------------------------------------------------------
>> >> >>
>> >> >> The above results in the following error when trying to start:
>> >> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but
>> >> >> has
>> >> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
>> >> >>
>> >> >> We know that certificate listed works as we are currently using it,
>> >> >> only difference is we tried including it in a VirtualHost now.
>> >> >>
>> >> >>
>> >> >> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >> >>
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux