RE: Issue with SSL configuration.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

It is not clear that SSL is actually working so concentrate on that
first. Forget about proxying (where are your Proxy directives, by the
way?) and try to get a local file via HTTPS. So point the DocumentRoot
at a local path (is /opt/bea/domains/optdomain/servers/AdminServer/stage
local?) Then just try https://server-name/ and see what you get...

Look also in the error-log when you start-up; mod_ssl usually prints a
lot of diagnostics during startup...

Finally, bear in mind that switching on SSL is really about setting up a
port-based virtual host. So it is an *additional* virtual host rather
than something you add to an existing VH. So it won't necessarily
inherit features of the "main" site (you have to make that happen).

Post back if you need more info...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.


________________________________

	From: Vasanth Kumar ravi [mailto:josvasanth@xxxxxxxxx] 
	Sent: Tuesday, October 28, 2008 3:37 AM
	To: users@xxxxxxxxxxxxxxxx
	Subject:  Issue with SSL configuration.
	
	
	Operation System : Redhat Linux.
	Apache Version      : 2.0.63
	
	Folks,
	I have installed apache as a web proxy server to redirect all
the client requests to the 
	weblogic application server.This works perfectly for the non ssl
connection.
	Now I need to setup SSL for apache alone and not for the
Weblogic.
	As we are setting up SSO at the web server level, we need to
have the apache running on SSL.
	
	So I had installed the module mod_ssl to the apache and
configured the ssl.conf and virtual hosts as follows.
	
	****************************
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	
	<IfDefine SSL>
	Listen 443
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl    .crl
	SSLPassPhraseDialog  builtin
	SSLSessionCache         dbm:/home/apache/logs/ssl_scache
	SSLSessionCacheTimeout  300
	SSLMutex file:/home/apache/logs/ssl_mutex
	
	
	<VirtualHost *:443>
	DocumentRoot
"/opt/bea/domains/optdomain/servers/AdminServer/stage"
	ServerName (ip address>:443
	ErrorLog /home/apache/logs/error_log
	TransferLog /home/apache/logs/access_log
	
	SSLEngine on
	SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
	
	SSLCertificateFile /usr/share/ssl/certs/server.crt/
	SSLCertificateKeyFile /usr/share/ssl/certs/server.key/
	
	CustomLog /home/apache/logs/ssl_request_log \
	          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
	
	</VirtualHost>
	
	</IfDefine>
	**************************************
	I created the certificates and key files using the following
command options of openssl.
	
	openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes
-keyout server.key -out server.crt -subj
'/O=Company/OU=Department/CN=www.example.com'
	
	I had copied the certs to the openssl certs directory and
created hashlinks for them.
	
	I verified the certs using the openssl command as follows.
	[root@gelxd002 logs]# openssl s_client -host 43.65.9.6 -port 443
	CONNECTED(00000003)
	22951:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
	
	
	But when I try to access the url with https, it give the
following error messages.
	
	    At the browser.
	        <Host> has sent an incorrent or unexpected message Error
code :-12263
	    At the apache logs.
	    [Tue Oct 28 10:20:00 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
	    [Tue Oct 28 10:20:10 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
	    [Tue Oct 28 10:20:20 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
	    [Tue Oct 28 10:23:22 2008] [error] [client HOST] Invalid
method in request \x80\x8c\x01\x03\x01
	    [Tue Oct 28 10:29:41 2008] [error] [client HOST] Invalid
method in request \x16\x03\x01
	    
	Can you help me out , if there is something wrong with config
settings.
	I did google with the error messages obtained in log, they were
pointing out a configuration problem with ssl.
	Can you point out specifically which i need to address.
	
	-- 
	Regards&Thanks,
	Vasanth Kumar Ravi
	


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux