You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by BJ Selman <bj...@travelhost.com> on 2009/06/22 22:29:12 UTC
Apache HTTPS doesn't work - redirects back to HTTP
I have tried to follow the myriad of procedures outlined on this, but I am just not seasoned enough.....
I have created a self-signed certificate on a test server (2k8std-a) with a CN of 2k8std-a. Should the CN be 172.17.2.238 since that is what my host name is "named" ?
Whenever I browse to https://2k8std-a<https://2k8std-a/>, it redirects me to http://2k8std-a/jsp/login.jsp and while on any page, if I manually type an "s" after the http and hit Enter, then it just takes it back to http without any pop-up or nothing. I've attached my httpd.conf and ssl.conf for reference, as well as the ssl_request, transfer and error logs.
Please help!! I'm at my wits end pulling all my hair out.
Here is the output I'm getting in the error.log that might be of interest:
[debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 16 03 01 00 61 01 00 00-5d 03 01 ....a...].. |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 91/91 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 4a 3b b2 92 f6 cc f5 df-ab 9d 2b 2a 09 b6 79 1d J;........+*..y. |
[debug] ssl_engine_io.c(1789): | 0010: 52 70 37 bf 51 a5 92 a0-56 14 5d c9 bb de 9a 63 Rp7.Q...V.]....c |
[debug] ssl_engine_io.c(1789): | 0020: 20 84 ee 21 3b 8f 0a f1-e6 a4 9e ba 1f a9 aa e8 ..!;........... |
[debug] ssl_engine_io.c(1789): | 0030: 03 33 81 ea 40 23 73 ac-26 01 bf 55 9e e6 7e 7c .3..@#s.&..U..~| |
[debug] ssl_engine_io.c(1789): | 0040: 51 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00 Q...........d.b. |
[debug] ssl_engine_io.c(1789): | 0050: 03 00 06 00 13 00 12 00-63 01 ........c. |
[debug] ssl_engine_io.c(1793): | 0091 - <SPACES/NULS>
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_scache_shmcb.c(393): ssl_scache_shmcb_retrieve (0x84 -> subcache 4)
[debug] ssl_scache_shmcb.c(680): possible match at idx=0, data=0
[debug] ssl_scache_shmcb.c(697): shmcb_subcache_retrieve returning matching session
[debug] ssl_scache_shmcb.c(408): leaving ssl_scache_shmcb_retrieve successfully
[debug] ssl_engine_kernel.c(1598): Inter-Process Session Cache: request=GET status=FOUND id=84EE213B8F0AF1E6A49EBA1FA9AAE8033381EA402373AC2601BF559EE67E7C51 (session reuse)
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write change cipher spec A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write finished A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data
[debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 14 03 01 00 01 ..... |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 1/1 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 01 . |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 16 03 01 ... |
[debug] ssl_engine_io.c(1793): | 0005 - <SPACES/NULS>
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 32/32 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 05 8f 21 33 00 90 8f 9d-f1 23 72 be f1 2b 4e a7 ..!3.....#r..+N. |
[debug] ssl_engine_io.c(1789): | 0010: f9 b5 77 b3 68 bd f8 9d-9e f2 93 74 be 91 e9 e9 ..w.h......t.... |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read finished A
[debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: done
[info] Connection: Client IP: 172.17.2.31, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 17 03 01 02 73 ....s |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 627/627 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 51 63 ab ea 7d 97 bf 27-77 34 d9 11 9a 43 f7 cb Qc..}..'w4...C.. |
[debug] ssl_engine_io.c(1789): | 0010: 7b a3 97 87 ae 9d 5b 88-4a 55 02 7d 4c cf 71 4c {.....[.JU.}L.qL |
[debug] ssl_engine_io.c(1789): | 0020: 3f 94 bd 99 e1 09 d9 37-04 a5 44 08 21 9f fd c6 ?......7..D.!... |
[debug] ssl_engine_io.c(1789): | 0030: 01 de 8c a2 18 50 31 78-1a e5 44 4d e9 e6 aa ab .....P1x..DM.... |
[debug] ssl_engine_io.c(1789): | 0040: 8e f9 41 12 3e 04 1e 4f-58 0f 3e b2 91 9d 14 0c ..A.>..OX.>..... |
[debug] ssl_engine_io.c(1789): | 0050: 2e 91 a9 62 af 6a ee 04-67 39 14 4a 0e 7a 13 fe ...b.j..g9.J.z.. |
[debug] ssl_engine_io.c(1789): | 0060: 46 f1 dd 6d 15 6d f9 2d-df 8e 57 6d c3 50 97 f8 F..m.m.-..Wm.P.. |
[debug] ssl_engine_io.c(1789): | 0070: 5e fd 89 4b de df 14 e8-58 82 9b 08 8a e0 d7 bd ^..K....X....... |
[debug] ssl_engine_io.c(1789): | 0080: 0d 42 20 08 2f 5c 64 91-5c f3 f7 39 e7 a2 c0 aa .B ./\\d.\\..9.... |
[debug] ssl_engine_io.c(1789): | 0090: 92 c7 9a f1 51 78 99 4a-dc be fe bf 25 bc f3 0c ....Qx.J....%... |
[debug] ssl_engine_io.c(1789): | 00a0: 29 4c d2 7b b5 9c 17 72-51 56 52 3e f0 0b 68 d0 )L.{...rQVR>..h. |
[debug] ssl_engine_io.c(1789): | 00b0: e3 b6 04 1f 52 68 9f 51-30 8e 76 ce 06 ce 02 c6 ....Rh.Q0.v..... |
[debug] ssl_engine_io.c(1789): | 00c0: 6c 2d 58 f5 28 71 16 42-e6 aa df 04 fe db 0b 9f l-X.(q.B........ |
[debug] ssl_engine_io.c(1789): | 00d0: b5 d8 e1 63 72 0b 8c eb-95 80 2e 8c 31 76 ec 03 ...cr.......1v.. |
[debug] ssl_engine_io.c(1789): | 00e0: 46 85 4f 77 d2 b3 ed c1-fe 50 91 a4 89 75 29 4e F.Ow.....P...u)N |
[debug] ssl_engine_io.c(1789): | 00f0: dd ba f2 af de 0a 11 58-78 8b 09 9b 4b a7 0a 75 .......Xx...K..u |
[debug] ssl_engine_io.c(1789): | 0100: 79 8b 7f 2c aa a8 a8 66-19 91 27 c0 58 13 ea 2c y..,...f..'.X.., |
[debug] ssl_engine_io.c(1789): | 0110: 2c 36 e0 95 3c 45 13 fc-52 4f 96 90 ea 44 8a 5d ,6..<E..RO...D.] |
[debug] ssl_engine_io.c(1789): | 0120: 70 06 5a 50 54 f2 91 d5-af 00 18 51 7d 1a 6c 78 p.ZPT......Q}.lx |
[debug] ssl_engine_io.c(1789): | 0130: 67 a3 ea a6 d8 8d 97 99-ef 4c 32 a6 73 28 ed c9 g........L2.s(.. |
[debug] ssl_engine_io.c(1789): | 0140: 70 f0 88 08 21 ae e9 4a-52 b3 ee 0f da 4e 1c fe p...!..JR....N.. |
[debug] ssl_engine_io.c(1789): | 0150: f2 a9 4e c3 2a 66 e4 f4-61 ba cf 65 c8 34 42 12 ..N.*f..a..e.4B. |
[debug] ssl_engine_io.c(1789): | 0160: 16 e2 90 1a 65 77 40 86-45 95 2f 46 36 e4 ad 68 ....ew@.E./F6..h |
[debug] ssl_engine_io.c(1789): | 0170: 73 02 2e c1 bf ae 4e 3e-54 97 b7 9a 45 59 0a 72 s.....N>T...EY.r |
[debug] ssl_engine_io.c(1789): | 0180: 64 15 c1 58 22 ec 1b 90-cb 79 a7 87 ed e2 f4 f1 d..X"....y...... |
[debug] ssl_engine_io.c(1789): | 0190: a1 8b b3 b1 28 1a 69 2c-9a b2 a6 5a 7e 4f 48 4a ....(.i,...Z~OHJ |
[debug] ssl_engine_io.c(1789): | 01a0: 04 53 14 30 36 3e 21 72-51 bb 66 f7 ce f1 f1 ab .S.06>!rQ.f..... |
[debug] ssl_engine_io.c(1789): | 01b0: ca 5f 3e f9 aa 82 dc 14-32 f0 50 7f 21 c4 40 d4 ._>.....2.P.!.@. |
[debug] ssl_engine_io.c(1789): | 01c0: 3b 92 a8 6a 5e e1 96 88-12 6d 93 c7 7c 6d 57 42 ;..j^....m..|mWB |
[debug] ssl_engine_io.c(1789): | 01d0: 4a 46 53 55 61 c5 e0 65-db eb be 4d 98 90 e2 01 JFSUa..e...M.... |
[debug] ssl_engine_io.c(1789): | 01e0: 8e 56 06 dc 8e 5f 9f 84-c8 a8 23 1e 31 c1 8d d4 .V..._....#.1... |
[debug] ssl_engine_io.c(1789): | 01f0: 3f d5 c0 6e 7d 58 4e cd-c8 20 75 0e 39 6e 36 0e ?..n}XN.. u.9n6. |
[debug] ssl_engine_io.c(1789): | 0200: 2c c2 d9 8a b2 f8 3f 9b-64 85 10 58 54 d6 8c 0c ,.....?.d..XT... |
[debug] ssl_engine_io.c(1789): | 0210: 84 98 f5 bf e3 06 89 07-ce d1 8c 61 a9 4a 2a cb ...........a.J*. |
[debug] ssl_engine_io.c(1789): | 0220: 35 fa 55 a6 30 94 bb 33-c1 f5 a3 63 9b c8 8d 8d 5.U.0..3...c.... |
[debug] ssl_engine_io.c(1789): | 0230: 6d c3 35 ae 35 bc 24 20-cb ed 95 b9 71 02 47 65 m.5.5.$ ....q.Ge |
[debug] ssl_engine_io.c(1789): | 0240: 2e b1 4d 9c b5 1e 9e 45-dc 5d 3c 0e 38 6e 29 73 ..M....E.]<.8n)s |
[debug] ssl_engine_io.c(1789): | 0250: 4e 07 74 6a e5 fe 86 1e-5c 82 5f 17 31 e6 24 61 N.tj....\\._.1.$a |
[debug] ssl_engine_io.c(1789): | 0260: 22 4d 34 ad 6e 1b 88 fa-5d ac 30 57 bf d1 2d a5 "M4.n...].0W..-. |
[debug] ssl_engine_io.c(1789): | 0270: e2 ac f7 ... |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[info] Initial (No.1) HTTPS request received for child 57 (server 2k8std-a:443)
[debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to read on BIO#%p [mem: %p]
[info] [client 172.17.2.31] (70014)End of file found: SSL input filter read failed.
[debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully
[info] [client 172.17.2.31] Connection closed to child 57 with standard shutdown (server 2k8std-a:443)
RE: Apache HTTPS doesn't work - redirects back to HTTP
Posted by Martin Gainty <mg...@hotmail.com>.
//your $APACHE_HOME/conf/httpd.conf must redirect all port 80 Traffic to https
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
//of course you will need mod_ssl to be installed and configured (documentation available at)
http://www.modssl.org
hth
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Date: Mon, 22 Jun 2009 21:55:39 +0100
> From: p@pidster.com
> To: users@tomcat.apache.org
> Subject: Re: Apache HTTPS doesn't work - redirects back to HTTP
>
> BJ Selman wrote:
> > Looks like my attachments are getting stripped, so...
>
> It's also in pretty, but largely invisible HTML colours too.
>
> This all looks like Apache HTTPD config, are you sure you're asking
> questions on the right mailing list?
>
> p
>
>
>
> > *_Httpd.conf-_*
> >
> > ServerRoot "/Apache2.2"
> >
> > Listen 172.17.2.238:80
> >
> >
> >
> > LoadModule actions_module modules/mod_actions.so
> >
> > LoadModule alias_module modules/mod_alias.so
> >
> > LoadModule asis_module modules/mod_asis.so
> >
> > LoadModule auth_basic_module modules/mod_auth_basic.so
> >
> > LoadModule authn_default_module modules/mod_authn_default.so
> >
> > LoadModule authn_file_module modules/mod_authn_file.so
> >
> > LoadModule authz_default_module modules/mod_authz_default.so
> >
> > LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
> >
> > LoadModule authz_host_module modules/mod_authz_host.so
> >
> > LoadModule authz_user_module modules/mod_authz_user.so
> >
> > LoadModule autoindex_module modules/mod_autoindex.so
> >
> > LoadModule cgi_module modules/mod_cgi.so
> >
> > LoadModule dir_module modules/mod_dir.so
> >
> > LoadModule env_module modules/mod_env.so
> >
> > LoadModule include_module modules/mod_include.so
> >
> > LoadModule isapi_module modules/mod_isapi.so
> >
> > LoadModule logio_module modules/mod_logio.so
> >
> > LoadModule log_config_module modules/mod_log_config.so
> >
> > LoadModule mime_module modules/mod_mime.so
> >
> > LoadModule negotiation_module modules/mod_negotiation.so
> >
> > LoadModule rewrite_module modules/mod_rewrite.so
> >
> > LoadModule setenvif_module modules/mod_setenvif.so
> >
> > LoadModule ssl_module modules/mod_ssl.so
> >
> >
> >
> > LoadModule jk_module modules/mod_jk.so
> >
> > #AddModule mod_jk.c
> >
> >
> >
> > JkWorkersFile "W:/Tomcat/conf/workers.properties"
> >
> >
> >
> > #EDITED 3/5, 10:00am - COMMENTED OUT NEXT LINE
> >
> > #JkShmFile mod_jk.shm
> >
> >
> >
> > JkLogFile logs/mod_jk.log
> >
> > JkLogLevel info
> >
> > JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> >
> >
> >
> > JkStripSession On
> >
> >
> >
> > #Alias /throot/ /thr4/jsp/
> >
> >
> >
> > JkMount /manager/* jkstatus
> >
> > JkMount /examples/* router
> >
> > JkMount /* router
> >
> >
> >
> > #JkMount /thr4/jsp/*.jsp router
> >
> > #JkMount /thr4/* router
> >
> > #JkMount /thr4/jsp/* router
> >
> >
> >
> > JkUnMount /thr4/image/* router
> >
> > JkUnMount /thr4/icons/* router
> >
> > JkUnMount /thr4/ap/* router
> >
> > JkUnMount /thr4/ap/*.jpg router
> >
> > JkUnMount /thr4/ap/*.gif router
> >
> > JkUnMount /thr4/ap/*.png router
> >
> > JkUnMount /thr4/ap/*.pdf router
> >
> > JkUnMount /thr4/ap/*.jsp router
> >
> > JkUnMount /thr4/*.jpg router
> >
> > JkUnMount /thr4/*.gif router
> >
> > JkUnMount /thr4/*.png router
> >
> > JkUnMount /thr4/*.pdf router
> >
> >
> >
> > #JkUnMount /thr4/*.jpeg router
> >
> > #JkUnMount /thr4/ap/*.jpeg router
> >
> >
> >
> > <IfModule !mpm_netware_module>
> >
> > <IfModule !mpm_winnt_module>
> >
> >
> >
> >
> >
> > User daemon
> >
> > Group daemon
> >
> >
> >
> > </IfModule>
> >
> > </IfModule>
> >
> >
> >
> > ServerName 172.17.2.238:80
> >
> >
> >
> > DocumentRoot "W:/Tomcat/webapps/thr4/jsp"
> >
> >
> >
> > <Directory />
> >
> > Options FollowSymLinks
> >
> > AllowOverride None
> >
> > Order deny,allow
> >
> > Allow from all
> >
> > </Directory>
> >
> >
> >
> > <Directory "W:/Tomcat/webapps/thr4/jsp">
> >
> >
> >
> > Options Indexes FollowSymLinks
> >
> >
> >
> > AllowOverride None
> >
> >
> >
> > Order allow,deny
> >
> > Allow from all
> >
> >
> >
> > #SSLOptions +StrictRequire
> >
> > #SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> >
> > #satisfy any
> >
> >
> >
> > RewriteEngine On
> >
> > RewriteBase /ap/secure
> >
> > #RewriteCond %{SERVER_PORT} !^443$
> >
> > RewriteCond %{HTTPS} !=on
> >
> > RewriteRule ^ap/secure(.*) https://%{SERVER_NAME}/ap/secure$1 [R,L]
> >
> >
> >
> > </Directory>
> >
> >
> >
> > <IfModule dir_module>
> >
> > DirectoryIndex "thr4/jsp/home.jsp"
> >
> > </IfModule>
> >
> >
> >
> > <FilesMatch "^\.ht">
> >
> > Order allow,deny
> >
> > Deny from all
> >
> > Satisfy All
> >
> > </FilesMatch>
> >
> >
> >
> > ErrorLog "logs/error.log"
> >
> >
> >
> >
> >
> > LogLevel debug
> >
> >
> >
> > <IfModule log_config_module>
> >
> > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> > \"%{User-Agent}i\"" combined
> >
> > LogFormat "%h %l %u %t \"%r\" %>s %b" common
> >
> >
> >
> > <IfModule logio_module>
> >
> > # You need to enable mod_logio.c to use %I and %O
> >
> > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> > \"%{User-Agent}i\" %I %O" combinedio
> >
> > </IfModule>
> >
> > CustomLog "logs/access.log" common
> >
> > </IfModule>
> >
> >
> >
> > <IfModule alias_module>
> >
> >
> >
> > ScriptAlias /cgi-bin/ "/Apache2.2/cgi-bin/"
> >
> >
> >
> > </IfModule>
> >
> >
> >
> > <Directory "/Apache2.2/cgi-bin">
> >
> > AllowOverride None
> >
> > Options None
> >
> > Order allow,deny
> >
> > Allow from all
> >
> > </Directory>
> >
> >
> >
> > DefaultType text/plain
> >
> >
> >
> > <IfModule mime_module>
> >
> > TypesConfig conf/mime.types
> >
> > AddType application/x-compress .Z
> >
> > AddType application/x-gzip .gz .tgz
> >
> > </IfModule>
> >
> >
> >
> >
> >
> > <IfModule ssl_module>
> >
> > SSLRandomSeed startup builtin
> >
> > SSLRandomSeed connect builtin
> >
> > Include conf/ssl.conf
> >
> > </IfModule>
> >
> >
> >
> > Include "W:/Tomcat/conf/auto/mod_jk.conf"
> >
> >
> >
> > *_Ssl.conf-_*
> >
> > Listen 172.17.2.238:443
> >
> >
> >
> > AddType application/x-x509-ca-cert .crt
> >
> > AddType application/x-x509-ca-cert .cer
> >
> > AddType application/x-pkcs7-crl .crl
> >
> >
> >
> > SSLPassPhraseDialog builtin
> >
> >
> >
> > SSLSessionCache "shmcb:/Apache2.2/logs/ssl_scache(512000)"
> >
> > SSLSessionCacheTimeout 300
> >
> >
> >
> > SSLMutex default
> >
> >
> >
> > <VirtualHost _default_:443>
> >
> >
> >
> > # General setup for the virtual host
> >
> > DocumentRoot "/Tomcat/webapps/thr4/jsp"
> >
> > ServerName 2k8std-a:443
> >
> > ServerAdmin
> >
> > ErrorLog "/Apache2.2/logs/error.log"
> >
> > TransferLog "/Apache2.2/logs/transfer.log"
> >
> >
> >
> > SSLEngine on
> >
> >
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> >
> >
> > SSLCertificateFile "conf/ssl/2k8std-a.cert"
> >
> >
> >
> > SSLCertificateKeyFile "conf/ssl/2k8std-a.key"
> >
> >
> >
> > SSLVerifyClient none
> >
> > SSLVerifyDepth 1
> >
> >
> >
> >
> >
> > <Directory "W:/Tomcat/webapps/thr4/ap/secure">
> >
> > SSLVerifyClient none
> >
> > SSLVerifyDepth 1
> >
> > </Directory>
> >
> >
> >
> > <FilesMatch "\.(cgi|shtml|phtml|php)$">
> >
> > SSLOptions +StdEnvVars
> >
> > </FilesMatch>
> >
> > <Directory "/Apache2.2/cgi-bin">
> >
> > SSLOptions +StdEnvVars
> >
> > </Directory>
> >
> >
> >
> >
> >
> > BrowserMatch ".*MSIE.*" \
> >
> > nokeepalive ssl-unclean-shutdown \
> >
> > downgrade-1.0 force-response-1.0
> >
> >
> >
> > CustomLog "/Apache2.2/logs/ssl_request.log" \
> >
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> >
> >
> >
> >
> > </VirtualHost>
> >
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > *From:* BJ Selman [mailto:bjselman@travelhost.com]
> > *Sent:* Monday, June 22, 2009 3:29 PM
> > *To:* users@tomcat.apache.org
> > *Subject:* Apache HTTPS doesn't work - redirects back to HTTP
> >
> >
> >
> > I have tried to follow the myriad of procedures outlined on this, but I
> > am just not seasoned enough.....
> >
> >
> >
> > I have created a self-signed certificate on a test server (2k8std-a)
> > with a CN of 2k8std-a. Should the CN be 172.17.2.238 since that is what
> > my host name is “named” ?
> >
> >
> >
> > Whenever I browse to https://2k8std-a <https://2k8std-a/>, it redirects
> > me to http://2k8std-a/jsp/login.jsp and while on any page, if I manually
> > type an “s” after the http and hit Enter, then it just takes it back to
> > http without any pop-up or nothing. I’ve attached my httpd.conf and
> > ssl.conf for reference, as well as the ssl_request, transfer and error logs.
> >
> >
> >
> > Please help!! I’m at my wits end pulling all my hair out.
> >
> >
> >
> > Here is the output I’m getting in the error.log that might be of interest:
> >
> >
> >
> > [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
> >
> > [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept
> > initialization
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#%p
> > [mem: %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000: 16 03 01 00 61 01 00 00-5d 03
> > 01 ....a...].. |
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 91/91 bytes from BIO#%p
> > [mem: %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000: 4a 3b b2 92 f6 cc f5 df-ab 9d 2b
> > 2a 09 b6 79 1d J;........+*..y. |
> >
> > [debug] ssl_engine_io.c(1789): | 0010: 52 70 37 bf 51 a5 92 a0-56 14 5d
> > c9 bb de 9a 63 Rp7.Q...V.]....c |
> >
> > [debug] ssl_engine_io.c(1789): | 0020: 20 84 ee 21 3b 8f 0a f1-e6 a4 9e
> > ba 1f a9 aa e8 ..!;........... |
> >
> > [debug] ssl_engine_io.c(1789): | 0030: 03 33 81 ea 40 23 73 ac-26 01 bf
> > 55 9e e6 7e 7c .3..@#s.&..U..~| |
> >
> > [debug] ssl_engine_io.c(1789): | 0040: 51 00 16 00 04 00 05 00-0a 00 09
> > 00 64 00 62 00 Q...........d.b. |
> >
> > [debug] ssl_engine_io.c(1789): | 0050: 03 00 06 00 13 00 12 00-63
> > 01 ........c. |
> >
> > [debug] ssl_engine_io.c(1793): | 0091 - <SPACES/NULS>
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_scache_shmcb.c(393): ssl_scache_shmcb_retrieve (0x84 ->
> > subcache 4)
> >
> > [debug] ssl_scache_shmcb.c(680): possible match at idx=0, data=0
> >
> > [debug] ssl_scache_shmcb.c(697): shmcb_subcache_retrieve returning
> > matching session
> >
> > [debug] ssl_scache_shmcb.c(408): leaving ssl_scache_shmcb_retrieve
> > successfully
> >
> > [debug] ssl_engine_kernel.c(1598): Inter-Process Session Cache:
> > request=GET status=FOUND
> > id=84EE213B8F0AF1E6A49EBA1FA9AAE8033381EA402373AC2601BF559EE67E7C51
> > (session reuse)
> >
> > [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
> >
> > [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A
> >
> > [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write change
> > cipher spec A
> >
> > [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write finished A
> >
> > [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem:
> > %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000: 14 03 01 00 01
> > ..... |
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 1/1 bytes from BIO#%p [mem:
> > %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000:
> > 01 . |
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem:
> > %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000: 16 03
> > 01 ... |
> >
> > [debug] ssl_engine_io.c(1793): | 0005 - <SPACES/NULS>
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 32/32 bytes from BIO#%p
> > [mem: %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000: 05 8f 21 33 00 90 8f 9d-f1 23 72
> > be f1 2b 4e a7 ..!3.....#r..+N. |
> >
> > [debug] ssl_engine_io.c(1789): | 0010: f9 b5 77 b3 68 bd f8 9d-9e f2 93
> > 74 be 91 e9 e9 ..w.h......t.... |
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read finished A
> >
> > [debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: done
> >
> > [info] Connection: Client IP: 172.17.2.31, Protocol: TLSv1, Cipher:
> > RC4-MD5 (128/128 bits)
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem:
> > %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000: 17 03 01 02
> > 73 ....s |
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1817): OpenSSL: read 627/627 bytes from BIO#%p
> > [mem: %p] \xa0\x11\xd2o
> >
> > [debug] ssl_engine_io.c(1750):
> > +-------------------------------------------------------------------------+
> >
> > [debug] ssl_engine_io.c(1789): | 0000: 51 63 ab ea 7d 97 bf 27-77 34 d9
> > 11 9a 43 f7 cb Qc..}..'w4...C.. |
> >
> > [debug] ssl_engine_io.c(1789): | 0010: 7b a3 97 87 ae 9d 5b 88-4a 55 02
> > 7d 4c cf 71 4c {.....[.JU.}L.qL |
> >
> > [debug] ssl_engine_io.c(1789): | 0020: 3f 94 bd 99 e1 09 d9 37-04 a5 44
> > 08 21 9f fd c6 ?......7..D.!... |
> >
> > [debug] ssl_engine_io.c(1789): | 0030: 01 de 8c a2 18 50 31 78-1a e5 44
> > 4d e9 e6 aa ab .....P1x..DM.... |
> >
> > [debug] ssl_engine_io.c(1789): | 0040: 8e f9 41 12 3e 04 1e 4f-58 0f 3e
> > b2 91 9d 14 0c ..A.>..OX.>..... |
> >
> > [debug] ssl_engine_io.c(1789): | 0050: 2e 91 a9 62 af 6a ee 04-67 39 14
> > 4a 0e 7a 13 fe ...b.j..g9.J.z.. |
> >
> > [debug] ssl_engine_io.c(1789): | 0060: 46 f1 dd 6d 15 6d f9 2d-df 8e 57
> > 6d c3 50 97 f8 F..m.m.-..Wm.P.. |
> >
> > [debug] ssl_engine_io.c(1789): | 0070: 5e fd 89 4b de df 14 e8-58 82 9b
> > 08 8a e0 d7 bd ^..K....X....... |
> >
> > [debug] ssl_engine_io.c(1789): | 0080: 0d 42 20 08 2f 5c 64 91-5c f3 f7
> > 39 e7 a2 c0 aa .B ./\\d.\\..9.... |
> >
> > [debug] ssl_engine_io.c(1789): | 0090: 92 c7 9a f1 51 78 99 4a-dc be fe
> > bf 25 bc f3 0c ....Qx.J....%... |
> >
> > [debug] ssl_engine_io.c(1789): | 00a0: 29 4c d2 7b b5 9c 17 72-51 56 52
> > 3e f0 0b 68 d0 )L.{...rQVR>..h. |
> >
> > [debug] ssl_engine_io.c(1789): | 00b0: e3 b6 04 1f 52 68 9f 51-30 8e 76
> > ce 06 ce 02 c6 ....Rh.Q0.v..... |
> >
> > [debug] ssl_engine_io.c(1789): | 00c0: 6c 2d 58 f5 28 71 16 42-e6 aa df
> > 04 fe db 0b 9f l-X.(q.B........ |
> >
> > [debug] ssl_engine_io.c(1789): | 00d0: b5 d8 e1 63 72 0b 8c eb-95 80 2e
> > 8c 31 76 ec 03 ...cr.......1v.. |
> >
> > [debug] ssl_engine_io.c(1789): | 00e0: 46 85 4f 77 d2 b3 ed c1-fe 50 91
> > a4 89 75 29 4e F.Ow.....P...u)N |
> >
> > [debug] ssl_engine_io.c(1789): | 00f0: dd ba f2 af de 0a 11 58-78 8b 09
> > 9b 4b a7 0a 75 .......Xx...K..u |
> >
> > [debug] ssl_engine_io.c(1789): | 0100: 79 8b 7f 2c aa a8 a8 66-19 91 27
> > c0 58 13 ea 2c y..,...f..'.X.., |
> >
> > [debug] ssl_engine_io.c(1789): | 0110: 2c 36 e0 95 3c 45 13 fc-52 4f 96
> > 90 ea 44 8a 5d ,6..<E..RO...D.] |
> >
> > [debug] ssl_engine_io.c(1789): | 0120: 70 06 5a 50 54 f2 91 d5-af 00 18
> > 51 7d 1a 6c 78 p.ZPT......Q}.lx |
> >
> > [debug] ssl_engine_io.c(1789): | 0130: 67 a3 ea a6 d8 8d 97 99-ef 4c 32
> > a6 73 28 ed c9 g........L2.s(.. |
> >
> > [debug] ssl_engine_io.c(1789): | 0140: 70 f0 88 08 21 ae e9 4a-52 b3 ee
> > 0f da 4e 1c fe p...!..JR....N.. |
> >
> > [debug] ssl_engine_io.c(1789): | 0150: f2 a9 4e c3 2a 66 e4 f4-61 ba cf
> > 65 c8 34 42 12 ..N.*f..a..e.4B. |
> >
> > [debug] ssl_engine_io.c(1789): | 0160: 16 e2 90 1a 65 77 40 86-45 95 2f
> > 46 36 e4 ad 68 ....ew@.E./F6..h |
> >
> > [debug] ssl_engine_io.c(1789): | 0170: 73 02 2e c1 bf ae 4e 3e-54 97 b7
> > 9a 45 59 0a 72 s.....N>T...EY.r |
> >
> > [debug] ssl_engine_io.c(1789): | 0180: 64 15 c1 58 22 ec 1b 90-cb 79 a7
> > 87 ed e2 f4 f1 d..X"....y...... |
> >
> > [debug] ssl_engine_io.c(1789): | 0190: a1 8b b3 b1 28 1a 69 2c-9a b2 a6
> > 5a 7e 4f 48 4a ....(.i,...Z~OHJ |
> >
> > [debug] ssl_engine_io.c(1789): | 01a0: 04 53 14 30 36 3e 21 72-51 bb 66
> > f7 ce f1 f1 ab .S.06>!rQ.f..... |
> >
> > [debug] ssl_engine_io.c(1789): | 01b0: ca 5f 3e f9 aa 82 dc 14-32 f0 50
> > 7f 21 c4 40 d4 ._>.....2.P.!.@. |
> >
> > [debug] ssl_engine_io.c(1789): | 01c0: 3b 92 a8 6a 5e e1 96 88-12 6d 93
> > c7 7c 6d 57 42 ;..j^....m..|mWB |
> >
> > [debug] ssl_engine_io.c(1789): | 01d0: 4a 46 53 55 61 c5 e0 65-db eb be
> > 4d 98 90 e2 01 JFSUa..e...M.... |
> >
> > [debug] ssl_engine_io.c(1789): | 01e0: 8e 56 06 dc 8e 5f 9f 84-c8 a8 23
> > 1e 31 c1 8d d4 .V..._....#.1... |
> >
> > [debug] ssl_engine_io.c(1789): | 01f0: 3f d5 c0 6e 7d 58 4e cd-c8 20 75
> > 0e 39 6e 36 0e ?..n}XN.. u.9n6. |
> >
> > [debug] ssl_engine_io.c(1789): | 0200: 2c c2 d9 8a b2 f8 3f 9b-64 85 10
> > 58 54 d6 8c 0c ,.....?.d..XT... |
> >
> > [debug] ssl_engine_io.c(1789): | 0210: 84 98 f5 bf e3 06 89 07-ce d1 8c
> > 61 a9 4a 2a cb ...........a.J*. |
> >
> > [debug] ssl_engine_io.c(1789): | 0220: 35 fa 55 a6 30 94 bb 33-c1 f5 a3
> > 63 9b c8 8d 8d 5.U.0..3...c.... |
> >
> > [debug] ssl_engine_io.c(1789): | 0230: 6d c3 35 ae 35 bc 24 20-cb ed 95
> > b9 71 02 47 65 m.5.5.$ ....q.Ge |
> >
> > [debug] ssl_engine_io.c(1789): | 0240: 2e b1 4d 9c b5 1e 9e 45-dc 5d 3c
> > 0e 38 6e 29 73 ..M....E.]<.8n)s |
> >
> > [debug] ssl_engine_io.c(1789): | 0250: 4e 07 74 6a e5 fe 86 1e-5c 82 5f
> > 17 31 e6 24 61 N.tj....\\._.1.$a |
> >
> > [debug] ssl_engine_io.c(1789): | 0260: 22 4d 34 ad 6e 1b 88 fa-5d ac 30
> > 57 bf d1 2d a5 "M4.n...].0W..-. |
> >
> > [debug] ssl_engine_io.c(1789): | 0270: e2 ac
> > f7 ... |
> >
> > [debug] ssl_engine_io.c(1795):
> > +-------------------------------------------------------------------------+
> >
> > [info] Initial (No.1) HTTPS request received for child 57 (server
> > 2k8std-a:443)
> >
> > [debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to
> > read on BIO#%p [mem: %p]
> >
> > [info] [client 172.17.2.31] (70014)End of file found: SSL input filter
> > read failed.
> >
> > [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation
> > finished successfully
> >
> > [info] [client 172.17.2.31] Connection closed to child 57 with standard
> > shutdown (server 2k8std-a:443)
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
_________________________________________________________________
Insert movie times and more without leaving Hotmail®.
http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009
Re: Apache HTTPS doesn't work - redirects back to HTTP
Posted by Pid <p...@pidster.com>.
BJ Selman wrote:
> Looks like my attachments are getting stripped, so...
It's also in pretty, but largely invisible HTML colours too.
This all looks like Apache HTTPD config, are you sure you're asking
questions on the right mailing list?
p
> *_Httpd.conf-_*
>
> ServerRoot "/Apache2.2"
>
> Listen 172.17.2.238:80
>
>
>
> LoadModule actions_module modules/mod_actions.so
>
> LoadModule alias_module modules/mod_alias.so
>
> LoadModule asis_module modules/mod_asis.so
>
> LoadModule auth_basic_module modules/mod_auth_basic.so
>
> LoadModule authn_default_module modules/mod_authn_default.so
>
> LoadModule authn_file_module modules/mod_authn_file.so
>
> LoadModule authz_default_module modules/mod_authz_default.so
>
> LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
>
> LoadModule authz_host_module modules/mod_authz_host.so
>
> LoadModule authz_user_module modules/mod_authz_user.so
>
> LoadModule autoindex_module modules/mod_autoindex.so
>
> LoadModule cgi_module modules/mod_cgi.so
>
> LoadModule dir_module modules/mod_dir.so
>
> LoadModule env_module modules/mod_env.so
>
> LoadModule include_module modules/mod_include.so
>
> LoadModule isapi_module modules/mod_isapi.so
>
> LoadModule logio_module modules/mod_logio.so
>
> LoadModule log_config_module modules/mod_log_config.so
>
> LoadModule mime_module modules/mod_mime.so
>
> LoadModule negotiation_module modules/mod_negotiation.so
>
> LoadModule rewrite_module modules/mod_rewrite.so
>
> LoadModule setenvif_module modules/mod_setenvif.so
>
> LoadModule ssl_module modules/mod_ssl.so
>
>
>
> LoadModule jk_module modules/mod_jk.so
>
> #AddModule mod_jk.c
>
>
>
> JkWorkersFile "W:/Tomcat/conf/workers.properties"
>
>
>
> #EDITED 3/5, 10:00am - COMMENTED OUT NEXT LINE
>
> #JkShmFile mod_jk.shm
>
>
>
> JkLogFile logs/mod_jk.log
>
> JkLogLevel info
>
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>
>
>
> JkStripSession On
>
>
>
> #Alias /throot/ /thr4/jsp/
>
>
>
> JkMount /manager/* jkstatus
>
> JkMount /examples/* router
>
> JkMount /* router
>
>
>
> #JkMount /thr4/jsp/*.jsp router
>
> #JkMount /thr4/* router
>
> #JkMount /thr4/jsp/* router
>
>
>
> JkUnMount /thr4/image/* router
>
> JkUnMount /thr4/icons/* router
>
> JkUnMount /thr4/ap/* router
>
> JkUnMount /thr4/ap/*.jpg router
>
> JkUnMount /thr4/ap/*.gif router
>
> JkUnMount /thr4/ap/*.png router
>
> JkUnMount /thr4/ap/*.pdf router
>
> JkUnMount /thr4/ap/*.jsp router
>
> JkUnMount /thr4/*.jpg router
>
> JkUnMount /thr4/*.gif router
>
> JkUnMount /thr4/*.png router
>
> JkUnMount /thr4/*.pdf router
>
>
>
> #JkUnMount /thr4/*.jpeg router
>
> #JkUnMount /thr4/ap/*.jpeg router
>
>
>
> <IfModule !mpm_netware_module>
>
> <IfModule !mpm_winnt_module>
>
>
>
>
>
> User daemon
>
> Group daemon
>
>
>
> </IfModule>
>
> </IfModule>
>
>
>
> ServerName 172.17.2.238:80
>
>
>
> DocumentRoot "W:/Tomcat/webapps/thr4/jsp"
>
>
>
> <Directory />
>
> Options FollowSymLinks
>
> AllowOverride None
>
> Order deny,allow
>
> Allow from all
>
> </Directory>
>
>
>
> <Directory "W:/Tomcat/webapps/thr4/jsp">
>
>
>
> Options Indexes FollowSymLinks
>
>
>
> AllowOverride None
>
>
>
> Order allow,deny
>
> Allow from all
>
>
>
> #SSLOptions +StrictRequire
>
> #SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
>
> #satisfy any
>
>
>
> RewriteEngine On
>
> RewriteBase /ap/secure
>
> #RewriteCond %{SERVER_PORT} !^443$
>
> RewriteCond %{HTTPS} !=on
>
> RewriteRule ^ap/secure(.*) https://%{SERVER_NAME}/ap/secure$1 [R,L]
>
>
>
> </Directory>
>
>
>
> <IfModule dir_module>
>
> DirectoryIndex "thr4/jsp/home.jsp"
>
> </IfModule>
>
>
>
> <FilesMatch "^\.ht">
>
> Order allow,deny
>
> Deny from all
>
> Satisfy All
>
> </FilesMatch>
>
>
>
> ErrorLog "logs/error.log"
>
>
>
>
>
> LogLevel debug
>
>
>
> <IfModule log_config_module>
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" combined
>
> LogFormat "%h %l %u %t \"%r\" %>s %b" common
>
>
>
> <IfModule logio_module>
>
> # You need to enable mod_logio.c to use %I and %O
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\" %I %O" combinedio
>
> </IfModule>
>
> CustomLog "logs/access.log" common
>
> </IfModule>
>
>
>
> <IfModule alias_module>
>
>
>
> ScriptAlias /cgi-bin/ "/Apache2.2/cgi-bin/"
>
>
>
> </IfModule>
>
>
>
> <Directory "/Apache2.2/cgi-bin">
>
> AllowOverride None
>
> Options None
>
> Order allow,deny
>
> Allow from all
>
> </Directory>
>
>
>
> DefaultType text/plain
>
>
>
> <IfModule mime_module>
>
> TypesConfig conf/mime.types
>
> AddType application/x-compress .Z
>
> AddType application/x-gzip .gz .tgz
>
> </IfModule>
>
>
>
>
>
> <IfModule ssl_module>
>
> SSLRandomSeed startup builtin
>
> SSLRandomSeed connect builtin
>
> Include conf/ssl.conf
>
> </IfModule>
>
>
>
> Include "W:/Tomcat/conf/auto/mod_jk.conf"
>
>
>
> *_Ssl.conf-_*
>
> Listen 172.17.2.238:443
>
>
>
> AddType application/x-x509-ca-cert .crt
>
> AddType application/x-x509-ca-cert .cer
>
> AddType application/x-pkcs7-crl .crl
>
>
>
> SSLPassPhraseDialog builtin
>
>
>
> SSLSessionCache "shmcb:/Apache2.2/logs/ssl_scache(512000)"
>
> SSLSessionCacheTimeout 300
>
>
>
> SSLMutex default
>
>
>
> <VirtualHost _default_:443>
>
>
>
> # General setup for the virtual host
>
> DocumentRoot "/Tomcat/webapps/thr4/jsp"
>
> ServerName 2k8std-a:443
>
> ServerAdmin
>
> ErrorLog "/Apache2.2/logs/error.log"
>
> TransferLog "/Apache2.2/logs/transfer.log"
>
>
>
> SSLEngine on
>
>
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
>
>
> SSLCertificateFile "conf/ssl/2k8std-a.cert"
>
>
>
> SSLCertificateKeyFile "conf/ssl/2k8std-a.key"
>
>
>
> SSLVerifyClient none
>
> SSLVerifyDepth 1
>
>
>
>
>
> <Directory "W:/Tomcat/webapps/thr4/ap/secure">
>
> SSLVerifyClient none
>
> SSLVerifyDepth 1
>
> </Directory>
>
>
>
> <FilesMatch "\.(cgi|shtml|phtml|php)$">
>
> SSLOptions +StdEnvVars
>
> </FilesMatch>
>
> <Directory "/Apache2.2/cgi-bin">
>
> SSLOptions +StdEnvVars
>
> </Directory>
>
>
>
>
>
> BrowserMatch ".*MSIE.*" \
>
> nokeepalive ssl-unclean-shutdown \
>
> downgrade-1.0 force-response-1.0
>
>
>
> CustomLog "/Apache2.2/logs/ssl_request.log" \
>
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
>
> </VirtualHost>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> *From:* BJ Selman [mailto:bjselman@travelhost.com]
> *Sent:* Monday, June 22, 2009 3:29 PM
> *To:* users@tomcat.apache.org
> *Subject:* Apache HTTPS doesn't work - redirects back to HTTP
>
>
>
> I have tried to follow the myriad of procedures outlined on this, but I
> am just not seasoned enough.....
>
>
>
> I have created a self-signed certificate on a test server (2k8std-a)
> with a CN of 2k8std-a. Should the CN be 172.17.2.238 since that is what
> my host name is “named” ?
>
>
>
> Whenever I browse to https://2k8std-a <https://2k8std-a/>, it redirects
> me to http://2k8std-a/jsp/login.jsp and while on any page, if I manually
> type an “s” after the http and hit Enter, then it just takes it back to
> http without any pop-up or nothing. I’ve attached my httpd.conf and
> ssl.conf for reference, as well as the ssl_request, transfer and error logs.
>
>
>
> Please help!! I’m at my wits end pulling all my hair out.
>
>
>
> Here is the output I’m getting in the error.log that might be of interest:
>
>
>
> [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
>
> [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept
> initialization
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#%p
> [mem: %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000: 16 03 01 00 61 01 00 00-5d 03
> 01 ....a...].. |
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 91/91 bytes from BIO#%p
> [mem: %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000: 4a 3b b2 92 f6 cc f5 df-ab 9d 2b
> 2a 09 b6 79 1d J;........+*..y. |
>
> [debug] ssl_engine_io.c(1789): | 0010: 52 70 37 bf 51 a5 92 a0-56 14 5d
> c9 bb de 9a 63 Rp7.Q...V.]....c |
>
> [debug] ssl_engine_io.c(1789): | 0020: 20 84 ee 21 3b 8f 0a f1-e6 a4 9e
> ba 1f a9 aa e8 ..!;........... |
>
> [debug] ssl_engine_io.c(1789): | 0030: 03 33 81 ea 40 23 73 ac-26 01 bf
> 55 9e e6 7e 7c .3..@#s.&..U..~| |
>
> [debug] ssl_engine_io.c(1789): | 0040: 51 00 16 00 04 00 05 00-0a 00 09
> 00 64 00 62 00 Q...........d.b. |
>
> [debug] ssl_engine_io.c(1789): | 0050: 03 00 06 00 13 00 12 00-63
> 01 ........c. |
>
> [debug] ssl_engine_io.c(1793): | 0091 - <SPACES/NULS>
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_scache_shmcb.c(393): ssl_scache_shmcb_retrieve (0x84 ->
> subcache 4)
>
> [debug] ssl_scache_shmcb.c(680): possible match at idx=0, data=0
>
> [debug] ssl_scache_shmcb.c(697): shmcb_subcache_retrieve returning
> matching session
>
> [debug] ssl_scache_shmcb.c(408): leaving ssl_scache_shmcb_retrieve
> successfully
>
> [debug] ssl_engine_kernel.c(1598): Inter-Process Session Cache:
> request=GET status=FOUND
> id=84EE213B8F0AF1E6A49EBA1FA9AAE8033381EA402373AC2601BF559EE67E7C51
> (session reuse)
>
> [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
>
> [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A
>
> [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write change
> cipher spec A
>
> [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write finished A
>
> [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem:
> %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000: 14 03 01 00 01
> ..... |
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 1/1 bytes from BIO#%p [mem:
> %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000:
> 01 . |
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem:
> %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000: 16 03
> 01 ... |
>
> [debug] ssl_engine_io.c(1793): | 0005 - <SPACES/NULS>
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 32/32 bytes from BIO#%p
> [mem: %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000: 05 8f 21 33 00 90 8f 9d-f1 23 72
> be f1 2b 4e a7 ..!3.....#r..+N. |
>
> [debug] ssl_engine_io.c(1789): | 0010: f9 b5 77 b3 68 bd f8 9d-9e f2 93
> 74 be 91 e9 e9 ..w.h......t.... |
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read finished A
>
> [debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: done
>
> [info] Connection: Client IP: 172.17.2.31, Protocol: TLSv1, Cipher:
> RC4-MD5 (128/128 bits)
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem:
> %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000: 17 03 01 02
> 73 ....s |
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1817): OpenSSL: read 627/627 bytes from BIO#%p
> [mem: %p] \xa0\x11\xd2o
>
> [debug] ssl_engine_io.c(1750):
> +-------------------------------------------------------------------------+
>
> [debug] ssl_engine_io.c(1789): | 0000: 51 63 ab ea 7d 97 bf 27-77 34 d9
> 11 9a 43 f7 cb Qc..}..'w4...C.. |
>
> [debug] ssl_engine_io.c(1789): | 0010: 7b a3 97 87 ae 9d 5b 88-4a 55 02
> 7d 4c cf 71 4c {.....[.JU.}L.qL |
>
> [debug] ssl_engine_io.c(1789): | 0020: 3f 94 bd 99 e1 09 d9 37-04 a5 44
> 08 21 9f fd c6 ?......7..D.!... |
>
> [debug] ssl_engine_io.c(1789): | 0030: 01 de 8c a2 18 50 31 78-1a e5 44
> 4d e9 e6 aa ab .....P1x..DM.... |
>
> [debug] ssl_engine_io.c(1789): | 0040: 8e f9 41 12 3e 04 1e 4f-58 0f 3e
> b2 91 9d 14 0c ..A.>..OX.>..... |
>
> [debug] ssl_engine_io.c(1789): | 0050: 2e 91 a9 62 af 6a ee 04-67 39 14
> 4a 0e 7a 13 fe ...b.j..g9.J.z.. |
>
> [debug] ssl_engine_io.c(1789): | 0060: 46 f1 dd 6d 15 6d f9 2d-df 8e 57
> 6d c3 50 97 f8 F..m.m.-..Wm.P.. |
>
> [debug] ssl_engine_io.c(1789): | 0070: 5e fd 89 4b de df 14 e8-58 82 9b
> 08 8a e0 d7 bd ^..K....X....... |
>
> [debug] ssl_engine_io.c(1789): | 0080: 0d 42 20 08 2f 5c 64 91-5c f3 f7
> 39 e7 a2 c0 aa .B ./\\d.\\..9.... |
>
> [debug] ssl_engine_io.c(1789): | 0090: 92 c7 9a f1 51 78 99 4a-dc be fe
> bf 25 bc f3 0c ....Qx.J....%... |
>
> [debug] ssl_engine_io.c(1789): | 00a0: 29 4c d2 7b b5 9c 17 72-51 56 52
> 3e f0 0b 68 d0 )L.{...rQVR>..h. |
>
> [debug] ssl_engine_io.c(1789): | 00b0: e3 b6 04 1f 52 68 9f 51-30 8e 76
> ce 06 ce 02 c6 ....Rh.Q0.v..... |
>
> [debug] ssl_engine_io.c(1789): | 00c0: 6c 2d 58 f5 28 71 16 42-e6 aa df
> 04 fe db 0b 9f l-X.(q.B........ |
>
> [debug] ssl_engine_io.c(1789): | 00d0: b5 d8 e1 63 72 0b 8c eb-95 80 2e
> 8c 31 76 ec 03 ...cr.......1v.. |
>
> [debug] ssl_engine_io.c(1789): | 00e0: 46 85 4f 77 d2 b3 ed c1-fe 50 91
> a4 89 75 29 4e F.Ow.....P...u)N |
>
> [debug] ssl_engine_io.c(1789): | 00f0: dd ba f2 af de 0a 11 58-78 8b 09
> 9b 4b a7 0a 75 .......Xx...K..u |
>
> [debug] ssl_engine_io.c(1789): | 0100: 79 8b 7f 2c aa a8 a8 66-19 91 27
> c0 58 13 ea 2c y..,...f..'.X.., |
>
> [debug] ssl_engine_io.c(1789): | 0110: 2c 36 e0 95 3c 45 13 fc-52 4f 96
> 90 ea 44 8a 5d ,6..<E..RO...D.] |
>
> [debug] ssl_engine_io.c(1789): | 0120: 70 06 5a 50 54 f2 91 d5-af 00 18
> 51 7d 1a 6c 78 p.ZPT......Q}.lx |
>
> [debug] ssl_engine_io.c(1789): | 0130: 67 a3 ea a6 d8 8d 97 99-ef 4c 32
> a6 73 28 ed c9 g........L2.s(.. |
>
> [debug] ssl_engine_io.c(1789): | 0140: 70 f0 88 08 21 ae e9 4a-52 b3 ee
> 0f da 4e 1c fe p...!..JR....N.. |
>
> [debug] ssl_engine_io.c(1789): | 0150: f2 a9 4e c3 2a 66 e4 f4-61 ba cf
> 65 c8 34 42 12 ..N.*f..a..e.4B. |
>
> [debug] ssl_engine_io.c(1789): | 0160: 16 e2 90 1a 65 77 40 86-45 95 2f
> 46 36 e4 ad 68 ....ew@.E./F6..h |
>
> [debug] ssl_engine_io.c(1789): | 0170: 73 02 2e c1 bf ae 4e 3e-54 97 b7
> 9a 45 59 0a 72 s.....N>T...EY.r |
>
> [debug] ssl_engine_io.c(1789): | 0180: 64 15 c1 58 22 ec 1b 90-cb 79 a7
> 87 ed e2 f4 f1 d..X"....y...... |
>
> [debug] ssl_engine_io.c(1789): | 0190: a1 8b b3 b1 28 1a 69 2c-9a b2 a6
> 5a 7e 4f 48 4a ....(.i,...Z~OHJ |
>
> [debug] ssl_engine_io.c(1789): | 01a0: 04 53 14 30 36 3e 21 72-51 bb 66
> f7 ce f1 f1 ab .S.06>!rQ.f..... |
>
> [debug] ssl_engine_io.c(1789): | 01b0: ca 5f 3e f9 aa 82 dc 14-32 f0 50
> 7f 21 c4 40 d4 ._>.....2.P.!.@. |
>
> [debug] ssl_engine_io.c(1789): | 01c0: 3b 92 a8 6a 5e e1 96 88-12 6d 93
> c7 7c 6d 57 42 ;..j^....m..|mWB |
>
> [debug] ssl_engine_io.c(1789): | 01d0: 4a 46 53 55 61 c5 e0 65-db eb be
> 4d 98 90 e2 01 JFSUa..e...M.... |
>
> [debug] ssl_engine_io.c(1789): | 01e0: 8e 56 06 dc 8e 5f 9f 84-c8 a8 23
> 1e 31 c1 8d d4 .V..._....#.1... |
>
> [debug] ssl_engine_io.c(1789): | 01f0: 3f d5 c0 6e 7d 58 4e cd-c8 20 75
> 0e 39 6e 36 0e ?..n}XN.. u.9n6. |
>
> [debug] ssl_engine_io.c(1789): | 0200: 2c c2 d9 8a b2 f8 3f 9b-64 85 10
> 58 54 d6 8c 0c ,.....?.d..XT... |
>
> [debug] ssl_engine_io.c(1789): | 0210: 84 98 f5 bf e3 06 89 07-ce d1 8c
> 61 a9 4a 2a cb ...........a.J*. |
>
> [debug] ssl_engine_io.c(1789): | 0220: 35 fa 55 a6 30 94 bb 33-c1 f5 a3
> 63 9b c8 8d 8d 5.U.0..3...c.... |
>
> [debug] ssl_engine_io.c(1789): | 0230: 6d c3 35 ae 35 bc 24 20-cb ed 95
> b9 71 02 47 65 m.5.5.$ ....q.Ge |
>
> [debug] ssl_engine_io.c(1789): | 0240: 2e b1 4d 9c b5 1e 9e 45-dc 5d 3c
> 0e 38 6e 29 73 ..M....E.]<.8n)s |
>
> [debug] ssl_engine_io.c(1789): | 0250: 4e 07 74 6a e5 fe 86 1e-5c 82 5f
> 17 31 e6 24 61 N.tj....\\._.1.$a |
>
> [debug] ssl_engine_io.c(1789): | 0260: 22 4d 34 ad 6e 1b 88 fa-5d ac 30
> 57 bf d1 2d a5 "M4.n...].0W..-. |
>
> [debug] ssl_engine_io.c(1789): | 0270: e2 ac
> f7 ... |
>
> [debug] ssl_engine_io.c(1795):
> +-------------------------------------------------------------------------+
>
> [info] Initial (No.1) HTTPS request received for child 57 (server
> 2k8std-a:443)
>
> [debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to
> read on BIO#%p [mem: %p]
>
> [info] [client 172.17.2.31] (70014)End of file found: SSL input filter
> read failed.
>
> [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation
> finished successfully
>
> [info] [client 172.17.2.31] Connection closed to child 57 with standard
> shutdown (server 2k8std-a:443)
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Apache HTTPS doesn't work - redirects back to HTTP
Posted by BJ Selman <bj...@travelhost.com>.
Looks like my attachments are getting stripped, so...
Httpd.conf-
ServerRoot "/Apache2.2"
Listen 172.17.2.238:80
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so
#AddModule mod_jk.c
JkWorkersFile "W:/Tomcat/conf/workers.properties"
#EDITED 3/5, 10:00am - COMMENTED OUT NEXT LINE
#JkShmFile mod_jk.shm
JkLogFile logs/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkStripSession On
#Alias /throot/ /thr4/jsp/
JkMount /manager/* jkstatus
JkMount /examples/* router
JkMount /* router
#JkMount /thr4/jsp/*.jsp router
#JkMount /thr4/* router
#JkMount /thr4/jsp/* router
JkUnMount /thr4/image/* router
JkUnMount /thr4/icons/* router
JkUnMount /thr4/ap/* router
JkUnMount /thr4/ap/*.jpg router
JkUnMount /thr4/ap/*.gif router
JkUnMount /thr4/ap/*.png router
JkUnMount /thr4/ap/*.pdf router
JkUnMount /thr4/ap/*.jsp router
JkUnMount /thr4/*.jpg router
JkUnMount /thr4/*.gif router
JkUnMount /thr4/*.png router
JkUnMount /thr4/*.pdf router
#JkUnMount /thr4/*.jpeg router
#JkUnMount /thr4/ap/*.jpeg router
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon
</IfModule>
</IfModule>
ServerName 172.17.2.238:80
DocumentRoot "W:/Tomcat/webapps/thr4/jsp"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<Directory "W:/Tomcat/webapps/thr4/jsp">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
#SSLOptions +StrictRequire
#SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
#satisfy any
RewriteEngine On
RewriteBase /ap/secure
#RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTPS} !=on
RewriteRule ^ap/secure(.*) https://%{SERVER_NAME}/ap/secure$1 [R,L]
</Directory>
<IfModule dir_module>
DirectoryIndex "thr4/jsp/home.jsp"
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error.log"
LogLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access.log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/Apache2.2/cgi-bin/"
</IfModule>
<Directory "/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Include conf/ssl.conf
</IfModule>
Include "W:/Tomcat/conf/auto/mod_jk.conf"
Ssl.conf-
Listen 172.17.2.238:443
AddType application/x-x509-ca-cert .crt
AddType application/x-x509-ca-cert .cer
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/Apache2.2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex default
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/Tomcat/webapps/thr4/jsp"
ServerName 2k8std-a:443
ServerAdmin
ErrorLog "/Apache2.2/logs/error.log"
TransferLog "/Apache2.2/logs/transfer.log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "conf/ssl/2k8std-a.cert"
SSLCertificateKeyFile "conf/ssl/2k8std-a.key"
SSLVerifyClient none
SSLVerifyDepth 1
<Directory "W:/Tomcat/webapps/thr4/ap/secure">
SSLVerifyClient none
SSLVerifyDepth 1
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/Apache2.2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/Apache2.2/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
________________________________
From: BJ Selman [mailto:bjselman@travelhost.com]
Sent: Monday, June 22, 2009 3:29 PM
To: users@tomcat.apache.org
Subject: Apache HTTPS doesn't work - redirects back to HTTP
I have tried to follow the myriad of procedures outlined on this, but I am just not seasoned enough.....
I have created a self-signed certificate on a test server (2k8std-a) with a CN of 2k8std-a. Should the CN be 172.17.2.238 since that is what my host name is "named" ?
Whenever I browse to https://2k8std-a<https://2k8std-a/>, it redirects me to http://2k8std-a/jsp/login.jsp and while on any page, if I manually type an "s" after the http and hit Enter, then it just takes it back to http without any pop-up or nothing. I've attached my httpd.conf and ssl.conf for reference, as well as the ssl_request, transfer and error logs.
Please help!! I'm at my wits end pulling all my hair out.
Here is the output I'm getting in the error.log that might be of interest:
[debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 16 03 01 00 61 01 00 00-5d 03 01 ....a...].. |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 91/91 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 4a 3b b2 92 f6 cc f5 df-ab 9d 2b 2a 09 b6 79 1d J;........+*..y. |
[debug] ssl_engine_io.c(1789): | 0010: 52 70 37 bf 51 a5 92 a0-56 14 5d c9 bb de 9a 63 Rp7.Q...V.]....c |
[debug] ssl_engine_io.c(1789): | 0020: 20 84 ee 21 3b 8f 0a f1-e6 a4 9e ba 1f a9 aa e8 ..!;........... |
[debug] ssl_engine_io.c(1789): | 0030: 03 33 81 ea 40 23 73 ac-26 01 bf 55 9e e6 7e 7c .3..@#s.&..U..~| |
[debug] ssl_engine_io.c(1789): | 0040: 51 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00 Q...........d.b. |
[debug] ssl_engine_io.c(1789): | 0050: 03 00 06 00 13 00 12 00-63 01 ........c. |
[debug] ssl_engine_io.c(1793): | 0091 - <SPACES/NULS>
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_scache_shmcb.c(393): ssl_scache_shmcb_retrieve (0x84 -> subcache 4)
[debug] ssl_scache_shmcb.c(680): possible match at idx=0, data=0
[debug] ssl_scache_shmcb.c(697): shmcb_subcache_retrieve returning matching session
[debug] ssl_scache_shmcb.c(408): leaving ssl_scache_shmcb_retrieve successfully
[debug] ssl_engine_kernel.c(1598): Inter-Process Session Cache: request=GET status=FOUND id=84EE213B8F0AF1E6A49EBA1FA9AAE8033381EA402373AC2601BF559EE67E7C51 (session reuse)
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write change cipher spec A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write finished A
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data
[debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 14 03 01 00 01 ..... |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 1/1 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 01 . |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 16 03 01 ... |
[debug] ssl_engine_io.c(1793): | 0005 - <SPACES/NULS>
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 32/32 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 05 8f 21 33 00 90 8f 9d-f1 23 72 be f1 2b 4e a7 ..!3.....#r..+N. |
[debug] ssl_engine_io.c(1789): | 0010: f9 b5 77 b3 68 bd f8 9d-9e f2 93 74 be 91 e9 e9 ..w.h......t.... |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read finished A
[debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: done
[info] Connection: Client IP: 172.17.2.31, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)
[debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 17 03 01 02 73 ....s |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1817): OpenSSL: read 627/627 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o
[debug] ssl_engine_io.c(1750): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1789): | 0000: 51 63 ab ea 7d 97 bf 27-77 34 d9 11 9a 43 f7 cb Qc..}..'w4...C.. |
[debug] ssl_engine_io.c(1789): | 0010: 7b a3 97 87 ae 9d 5b 88-4a 55 02 7d 4c cf 71 4c {.....[.JU.}L.qL |
[debug] ssl_engine_io.c(1789): | 0020: 3f 94 bd 99 e1 09 d9 37-04 a5 44 08 21 9f fd c6 ?......7..D.!... |
[debug] ssl_engine_io.c(1789): | 0030: 01 de 8c a2 18 50 31 78-1a e5 44 4d e9 e6 aa ab .....P1x..DM.... |
[debug] ssl_engine_io.c(1789): | 0040: 8e f9 41 12 3e 04 1e 4f-58 0f 3e b2 91 9d 14 0c ..A.>..OX.>..... |
[debug] ssl_engine_io.c(1789): | 0050: 2e 91 a9 62 af 6a ee 04-67 39 14 4a 0e 7a 13 fe ...b.j..g9.J.z.. |
[debug] ssl_engine_io.c(1789): | 0060: 46 f1 dd 6d 15 6d f9 2d-df 8e 57 6d c3 50 97 f8 F..m.m.-..Wm.P.. |
[debug] ssl_engine_io.c(1789): | 0070: 5e fd 89 4b de df 14 e8-58 82 9b 08 8a e0 d7 bd ^..K....X....... |
[debug] ssl_engine_io.c(1789): | 0080: 0d 42 20 08 2f 5c 64 91-5c f3 f7 39 e7 a2 c0 aa .B ./\\d.\\..9.... |
[debug] ssl_engine_io.c(1789): | 0090: 92 c7 9a f1 51 78 99 4a-dc be fe bf 25 bc f3 0c ....Qx.J....%... |
[debug] ssl_engine_io.c(1789): | 00a0: 29 4c d2 7b b5 9c 17 72-51 56 52 3e f0 0b 68 d0 )L.{...rQVR>..h. |
[debug] ssl_engine_io.c(1789): | 00b0: e3 b6 04 1f 52 68 9f 51-30 8e 76 ce 06 ce 02 c6 ....Rh.Q0.v..... |
[debug] ssl_engine_io.c(1789): | 00c0: 6c 2d 58 f5 28 71 16 42-e6 aa df 04 fe db 0b 9f l-X.(q.B........ |
[debug] ssl_engine_io.c(1789): | 00d0: b5 d8 e1 63 72 0b 8c eb-95 80 2e 8c 31 76 ec 03 ...cr.......1v.. |
[debug] ssl_engine_io.c(1789): | 00e0: 46 85 4f 77 d2 b3 ed c1-fe 50 91 a4 89 75 29 4e F.Ow.....P...u)N |
[debug] ssl_engine_io.c(1789): | 00f0: dd ba f2 af de 0a 11 58-78 8b 09 9b 4b a7 0a 75 .......Xx...K..u |
[debug] ssl_engine_io.c(1789): | 0100: 79 8b 7f 2c aa a8 a8 66-19 91 27 c0 58 13 ea 2c y..,...f..'.X.., |
[debug] ssl_engine_io.c(1789): | 0110: 2c 36 e0 95 3c 45 13 fc-52 4f 96 90 ea 44 8a 5d ,6..<E..RO...D.] |
[debug] ssl_engine_io.c(1789): | 0120: 70 06 5a 50 54 f2 91 d5-af 00 18 51 7d 1a 6c 78 p.ZPT......Q}.lx |
[debug] ssl_engine_io.c(1789): | 0130: 67 a3 ea a6 d8 8d 97 99-ef 4c 32 a6 73 28 ed c9 g........L2.s(.. |
[debug] ssl_engine_io.c(1789): | 0140: 70 f0 88 08 21 ae e9 4a-52 b3 ee 0f da 4e 1c fe p...!..JR....N.. |
[debug] ssl_engine_io.c(1789): | 0150: f2 a9 4e c3 2a 66 e4 f4-61 ba cf 65 c8 34 42 12 ..N.*f..a..e.4B. |
[debug] ssl_engine_io.c(1789): | 0160: 16 e2 90 1a 65 77 40 86-45 95 2f 46 36 e4 ad 68 ....ew@.E./F6..h |
[debug] ssl_engine_io.c(1789): | 0170: 73 02 2e c1 bf ae 4e 3e-54 97 b7 9a 45 59 0a 72 s.....N>T...EY.r |
[debug] ssl_engine_io.c(1789): | 0180: 64 15 c1 58 22 ec 1b 90-cb 79 a7 87 ed e2 f4 f1 d..X"....y...... |
[debug] ssl_engine_io.c(1789): | 0190: a1 8b b3 b1 28 1a 69 2c-9a b2 a6 5a 7e 4f 48 4a ....(.i,...Z~OHJ |
[debug] ssl_engine_io.c(1789): | 01a0: 04 53 14 30 36 3e 21 72-51 bb 66 f7 ce f1 f1 ab .S.06>!rQ.f..... |
[debug] ssl_engine_io.c(1789): | 01b0: ca 5f 3e f9 aa 82 dc 14-32 f0 50 7f 21 c4 40 d4 ._>.....2.P.!.@. |
[debug] ssl_engine_io.c(1789): | 01c0: 3b 92 a8 6a 5e e1 96 88-12 6d 93 c7 7c 6d 57 42 ;..j^....m..|mWB |
[debug] ssl_engine_io.c(1789): | 01d0: 4a 46 53 55 61 c5 e0 65-db eb be 4d 98 90 e2 01 JFSUa..e...M.... |
[debug] ssl_engine_io.c(1789): | 01e0: 8e 56 06 dc 8e 5f 9f 84-c8 a8 23 1e 31 c1 8d d4 .V..._....#.1... |
[debug] ssl_engine_io.c(1789): | 01f0: 3f d5 c0 6e 7d 58 4e cd-c8 20 75 0e 39 6e 36 0e ?..n}XN.. u.9n6. |
[debug] ssl_engine_io.c(1789): | 0200: 2c c2 d9 8a b2 f8 3f 9b-64 85 10 58 54 d6 8c 0c ,.....?.d..XT... |
[debug] ssl_engine_io.c(1789): | 0210: 84 98 f5 bf e3 06 89 07-ce d1 8c 61 a9 4a 2a cb ...........a.J*. |
[debug] ssl_engine_io.c(1789): | 0220: 35 fa 55 a6 30 94 bb 33-c1 f5 a3 63 9b c8 8d 8d 5.U.0..3...c.... |
[debug] ssl_engine_io.c(1789): | 0230: 6d c3 35 ae 35 bc 24 20-cb ed 95 b9 71 02 47 65 m.5.5.$ ....q.Ge |
[debug] ssl_engine_io.c(1789): | 0240: 2e b1 4d 9c b5 1e 9e 45-dc 5d 3c 0e 38 6e 29 73 ..M....E.]<.8n)s |
[debug] ssl_engine_io.c(1789): | 0250: 4e 07 74 6a e5 fe 86 1e-5c 82 5f 17 31 e6 24 61 N.tj....\\._.1.$a |
[debug] ssl_engine_io.c(1789): | 0260: 22 4d 34 ad 6e 1b 88 fa-5d ac 30 57 bf d1 2d a5 "M4.n...].0W..-. |
[debug] ssl_engine_io.c(1789): | 0270: e2 ac f7 ... |
[debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[info] Initial (No.1) HTTPS request received for child 57 (server 2k8std-a:443)
[debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to read on BIO#%p [mem: %p]
[info] [client 172.17.2.31] (70014)End of file found: SSL input filter read failed.
[debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully
[info] [client 172.17.2.31] Connection closed to child 57 with standard shutdown (server 2k8std-a:443)