apache2 - SSL

Kernels & Hardware, configuring network, installing services

apache2 - SSL

Postby coolghoul » 2006-02-09 19:21

Greetings fellow debians,

I went for a walk in the park yesterday evening and decided to try moving to apache2. Most of it went well. But SSL has been giving me problems.

I found a pretty good guide:
http://www.debianhelp.co.uk/apacheinstall.htm

But I still can't manage to get SSL working. And now I can't even restart my apache server! Arrrrrrgggghhh...

So I am here asking for help.

When I restart apache, I get the message:
/etc/init.d/apache2 restart
* Forcing reload of web server (Apache2)...
[Thu Feb 09 13:56:50 2006] [warn] NameVirtualHost *:0 has no VirtualHosts
...fail!


My trusted apache error log tells me this:
[Thu Feb 09 13:56:51 2006] [warn] RSA server certificate CommonName (CN) `brandy
.oucp.emory.edu' does NOT match server name!?
[Thu Feb 09 13:56:51 2006] [error] Illegal attempt to re-initialise SSL for serv
er (theoretically shouldn't happen!)


My server continues to mock me. And I am getting a little beaten down.

(this is where you come in) Not to mock me, but to help me. A mix of both is ok.

Any ideas?

Thanks
coolghoul
 
Posts: 30
Joined: 2005-08-25 21:41
Location: Atlanta, Georgia USA

Re: apache2 - SSL

Postby Guest » 2006-02-09 23:05

coolghoul wrote:Greetings fellow debians,

I went for a walk in the park yesterday evening and decided to try moving to apache2. Most of it went well. But SSL has been giving me problems.

I found a pretty good guide:
http://www.debianhelp.co.uk/apacheinstall.htm

But I still can't manage to get SSL working. And now I can't even restart my apache server! Arrrrrrgggghhh...

So I am here asking for help.

When I restart apache, I get the message:
/etc/init.d/apache2 restart
* Forcing reload of web server (Apache2)...
[Thu Feb 09 13:56:50 2006] [warn] NameVirtualHost *:0 has no VirtualHosts
...fail!


My trusted apache error log tells me this:
[Thu Feb 09 13:56:51 2006] [warn] RSA server certificate CommonName (CN) `brandy
.oucp.emory.edu' does NOT match server name!?
[Thu Feb 09 13:56:51 2006] [error] Illegal attempt to re-initialise SSL for serv
er (theoretically shouldn't happen!)


My server continues to mock me. And I am getting a little beaten down.

(this is where you come in) Not to mock me, but to help me. A mix of both is ok.

Any ideas?

Thanks


BTW - I just ran:
openssl x509 -subject -in /etc/apache2/ssl/apache.pem

The CN looks fine in my certificate. So I think the error message is misleading. I suspect I've misconfigured something in the SSL setup - but haven't determined what it could be ... yet.
Guest
 

Postby Guest » 2006-02-10 00:43

Well - I figured out the problem. I thought that I'd post the solution here in case it becomes of value to someone else. (or me again in the future) :-)

It took a long time (better part of a day) to hunt this down. I came across these useful steps from a person named "JBilbo" on an ubuntu archive site:

apt-get install apache2
apache2-ssl-certificate
(and answer the questions)

Now, enable ssl:
a2enmod ssl

configure ssl:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
"/etc/apache2/sites-enabled/ssl" should look like this:

NameVirtualHost *:443
<VirtualHost *:443>
(... configure the directories too...)
and "/etc/apache2/sites-enabled/default" should look like this:

NameVirtualHost *:80
<VirtualHost *:80>
(... configure the directories too...)
In /etc/apache2/ports.conf, add Listen 443

In the middle of /etc/apache2/sites-available/ssl file, insert this two lines:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
Guest
 

Postby coolghoul » 2006-02-10 00:45

Anonymous wrote:Well - I figured out the problem. I thought that I'd post the solution here in case it becomes of value to someone else. (or me again in the future) :-)

It took a long time (better part of a day) to hunt this down. I came across these useful steps from a person named "JBilbo" on an ubuntu archive site:

apt-get install apache2
apache2-ssl-certificate
(and answer the questions)

Now, enable ssl:
a2enmod ssl

configure ssl:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
"/etc/apache2/sites-enabled/ssl" should look like this:

NameVirtualHost *:443
<VirtualHost *:443>
(... configure the directories too...)
and "/etc/apache2/sites-enabled/default" should look like this:

NameVirtualHost *:80
<VirtualHost *:80>
(... configure the directories too...)
In /etc/apache2/ports.conf, add Listen 443

In the middle of /etc/apache2/sites-available/ssl file, insert this two lines:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem


PS. I forgot to sign in before making the above posts.... :D

The most useful information for the above came from a user named "JBilbo" on the ubuntu forum:
http://ubuntuforums.org/archive/index.php/t-4466.html
coolghoul
 
Posts: 30
Joined: 2005-08-25 21:41
Location: Atlanta, Georgia USA

Postby daedalus » 2006-08-02 06:42

yes, I know... this is an "old" topic, but.. :wink:
(ty for the great info about ssl)


I have this question about apache2 & ssl

How many ssl enabled sites (each site has his own cert) can you run on 1 webserver with 1 ip address?

Like, I want to enable ssl for www.somedomain.com & www.otherdomain.net. Both with their own cert
daedalus
 
Posts: 2
Joined: 2006-06-21 13:17

Postby lacek » 2006-08-02 15:24

Because of the nature of the SSL (HTTPS) connections, you can use one certificate for one IP address. It is not possible to use multiple certificates for the same IP.
lacek
Moderator Team Member
 
Posts: 769
Joined: 2004-03-11 18:49
Location: Budapest, Hungary

Postby fgs » 2008-02-27 01:09

People,

Like everybody else, I ran into the same SSL+APACHE problem.

The following topic will surely come in handy:

viewtopic.php?t=22502&highlight=makesslcert

Follow what's in there. Make sure that your Apache SSL module is loaded and your Apache server is listening on port 443.

I think that's pretty much it! At least for me was!

Regards,
Fernando.
User avatar
fgs
 
Posts: 25
Joined: 2008-02-07 15:24
Location: Rio de Janeiro, Brazil.

Postby coolghoul » 2008-02-27 18:09

fgs wrote:People,

Like everybody else, I ran into the same SSL+APACHE problem.

The following topic will surely come in handy:

viewtopic.php?t=22502&highlight=makesslcert

Follow what's in there. Make sure that your Apache SSL module is loaded and your Apache server is listening on port 443.

I think that's pretty much it! At least for me was!

Regards,
Fernando.


Glad that it worked out for you. Tudo bem! :-)
coolghoul
 
Posts: 30
Joined: 2005-08-25 21:41
Location: Atlanta, Georgia USA


Return to System configuration

Who is online

Users browsing this forum: No registered users and 16 guests

fashionable