You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jack Lauman <jl...@nwcascades.com> on 2004/03/20 19:14:35 UTC
[users@httpd] Enabling SSL
I'm running Apache 2.0.49 with OpenSSL 0.9.7d and mod_jk 2.0.4-dev.
I just purchased a certificate for a host with a fixed public IP
address. I'm currently using name-based hosting. I want the cert
to work with the primary site only. The "listen 443" directive has
been added, the server starts up properly, asks for the cert password
and the SSL config appears in system-info. When browsing using
https:// it fails with an unknown protocol message in the logs. Using
:443 displays the page in non-ssl mode.
What do I need to the server to respond to its FQDN name in SSL mode?
Thanks,
Jack
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Enabling SSL
Posted by Jack Lauman <jl...@nwcascades.com>.
I'm getting this error when trying to test the SSL installation. I've
seen several references to the same error on Google, but none of them
were answered. Any help relolving this would be appreciated.
I'm reasonably certain that the problem is with the named based vhost.
How do you set one host to be IP based just for SSL?
openssl s_client -connect localhost:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08160350 [081606F0] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q...
.....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04
.........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00
...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00
.c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08
......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 4d 8e 54 af
............M.T.
0060 - 90 02 80 ac bb 50 af 0b-b8 73 23 1e 74 50 60 1c
.....P...s#.tP`.
0070 - 62 f1 2c 17 5f 27 be c6-4a ca 98 11 b.,._'..J...
SSL_connect:SSLv2/v3 write client hello A
read from 08160350 [08165C50] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
23496:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
Jack Lauman wrote:
>
> I'm running Apache 2.0.49 with OpenSSL 0.9.7d and mod_jk 2.0.4-dev.
>
> I just purchased a certificate for a host with a fixed public IP
> address. I'm currently using name-based hosting. I want the cert
> to work with the primary site only. The "listen 443" directive has
> been added, the server starts up properly, asks for the cert password
> and the SSL config appears in system-info. When browsing using
> https:// it fails with an unknown protocol message in the logs. Using
> :443 displays the page in non-ssl mode.
>
> What do I need to the server to respond to its FQDN name in SSL mode?
>
> Thanks,
>
> Jack
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org