You are not logged in.

#1 2005-03-06 21:31:15

nehsa
Member
Registered: 2003-01-14
Posts: 159

SSL problems.

Hey.. I am trying to follow Cactus's wiki post (http://wiki2.archlinux.org/index.php/Postfix%20How%20To) on setting up a secure site.

This is what I have:

<VirtualHost _default_:443>
DocumentRoot "/home/httpd/ssl/html"
ServerName niftyass.come:443
ServerAdmin admin@niftyass.com
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

#<Directory "/usr/cgi-bin">
#    SSLOptions +StdEnvVars
#</Directory>

<Directory "/home/httpd/ssl/html">
    Options -Indexes +FollowSymLinks
    AllowOverride Options Indexes AuthConfig
    Order allow,deny
    Allow from all
</Directory>

I left everything else default except disabling the previous <directory> tags.  Is there something else I need to do to get it to work?  [/code]

Offline

#2 2005-03-06 21:36:58

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: SSL problems.

did you follow the instructions in the ssl text file in the httpd conf dir?
(sorry, can't recall the name of the file offhand)

Also, you need to edit /etc/conf.d/httpd and set ssl to yes..


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2005-03-06 21:42:06

nehsa
Member
Registered: 2003-01-14
Posts: 159

Re: SSL problems.

Awsome.  Just that command in conf.d.

Offline

#4 2005-03-06 21:44:10

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: SSL problems.

8)


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#5 2005-03-06 22:08:11

nehsa
Member
Registered: 2003-01-14
Posts: 159

Re: SSL problems.

Note:  Someday I will be good with linux.    lol

So.. I got it to goto the secure site (just threw in a index.php that does phpinfo).  And it works.  So next I tried to move phpmyadmin there.  When I tried to goto https://niftyass.com/mysql I get an error now. 

The error says: 
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, admin@niftyass.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Here is what my log says:

Wed Mar 02 21:36:19 2005] [warn] RSA server certificate CommonName (CN) `www.niftyass.com.' does NOT match server name!?
[Wed Mar 02 21:36:19 2005] [notice] Apache configured -- resuming normal operations
[Wed Mar 02 21:51:25 2005] [error] [client 192.168.0.1] File does not exist: /home/httpd/html/mysql
[Wed Mar 02 21:52:43 2005] [alert] [client 192.168.0.1] /home/httpd/ssl/html/mysql/.htaccess: deny not allowed here
[Wed Mar 02 21:52:45 2005] [alert] [client 192.168.0.1] /home/httpd/ssl/html/mysql/.htaccess: deny not allowed here

Looks like two different problems, where do I specify my common same so that message goes away.  And more importantly, why is it trying to goto /home/httpd/html/mysql instead of /home/httpd/ssl/html/mysql?  I tried setting up a second virtualhost for mysql but that didn't help.  Also, do I need a different ssl key for every secure site?

Offline

#6 2005-03-06 22:24:45

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: SSL problems.

nehsa wrote:

Here is what my log says:
Wed Mar 02 21:36:19 2005] [warn] RSA server certificate CommonName (CN) `www.niftyass.com.' does NOT match server name!?

mod_ssl.txt says
# Be sure to enter the FQDN of your apache server as the "Common Name".
This means putting niftyass.com as the Common name, or CN. and use niftyass.com, without the www. prepended.

[Wed Mar 02 21:52:43 2005] [alert] [client 192.168.0.1] /home/httpd/ssl/html/mysql/.htaccess: deny not allowed here
[Wed Mar 02 21:52:45 2005] [alert] [client 192.168.0.1] /home/httpd/ssl/html/mysql/.htaccess: deny not allowed here

you allow override settings are at issue here for the directory.

Looks like two different problems, where do I specify my common same so that message goes away.

It is part of the ssl generation process. It should specify in the little ssl text file how to in the httpd conf directory (mod_ssl.txt).

[Wed Mar 02 21:36:19 2005] [notice] Apache configured -- resuming normal operations
[Wed Mar 02 21:51:25 2005] [error] [client 192.168.0.1] File does not exist: /home/httpd/html/mysql

And more importantly, why is it trying to goto /home/httpd/html/mysql instead of /home/httpd/ssl/html/mysql?  I tried setting up a second virtualhost for mysql but that didn't help.

Likely a misconfiguration in apache. post the contents of your ssl.conf, or pm it to me..

Also, do I need a different ssl key for every secure site?

only if they have different root domain names.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#7 2005-03-07 00:39:26

nehsa
Member
Registered: 2003-01-14
Posts: 159

Re: SSL problems.

Here is the file:  https://www.niftyass.com/ssl.txt

Somehow I got it set that everything should be secured, I fixed the link above so that you can look at it.. still trying to figure out why its doing that tho.

Offline

#8 2005-03-07 03:08:41

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: SSL problems.

i get a connection refused when trying to view it..


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#9 2005-03-08 02:13:44

nehsa
Member
Registered: 2003-01-14
Posts: 159

Re: SSL problems.

Should work now.  When I flipped the use ssl tag in /conf.d/httpd to yes it makes my entire website SSL.  Don't understand why it'd make the normal pages ssl also.  Anyways, any suggestions would be cool

Offline

#10 2005-03-08 03:40:37

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: SSL problems.

try the following snip in ssl.conf, replacing what you have as needed..

<VirtualHost *:443>
DocumentRoot "/home/httpd/ssl/html"
ServerName niftyass.com
ServerAlias www.niftyass.com
ServerAdmin admin@niftyass.com
.
.
.

Notice the changes are in the virtualhost tag, the servername, and the addition of serveralias..

try that and report back..


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#11 2005-03-08 06:52:52

nehsa
Member
Registered: 2003-01-14
Posts: 159

Re: SSL problems.

Hey.. I'm getting a lot closer.  You example didn't fix the problem but helped me in my messing around.  Through the use of these two commands:

/usr/sbin/httpd -S

and

/usr/sbin/apachectl startssl

I was able to somewhat get everything going.  It is still doing some things that, as far as I can tell, it shouldn't.  Maybe you can help me figure out why.  For instance:  I have two virtualhosts setup for :443 (ssl and mysql).  Why does https://www.niftyass.com work?  In httpd.conf that is set specifically to :80. 

The second issue i'm having is with the stupid certificates popping up, so, am I going to need a different server.key and server.crt for each subdomain?  https://mysql.niftyass.com and https://ssl.niftyass.com.  I know I already asked this questions and you responded with only if the root domain is different, the root domain is niftyass.com right?  So the answer is no?

Offline

#12 2005-03-08 07:24:40

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: SSL problems.

hmm...shouldn't need another one. maybe. I never really tried it. I suppose you might..*shrug*
anyway, the problem is likely how you have your virtual hosts setup. Make sure you are using the same syntax for regular and for ssl. I for instance, do not use _default_ syntax. I use the * (ie named base virtual hosts).


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#13 2005-03-09 01:39:52

nehsa
Member
Registered: 2003-01-14
Posts: 159

Re: SSL problems.

Well.. I'll worry about the SSL popup later.  It's working and thats good enough for now.  Thanks for your help.

Offline

Board footer

Powered by FluxBB