On Tue, Jun 27, 2006 at 03:55:16PM +0200, FTP wrote: > On Tue, Jun 27, 2006 at 08:49:37AM -0400, Peter Blair wrote: > > SSL certificates for a hostname requires a unique IP address. Are you > > trying to do virtual name hosting with https? > > > > On 6/27/06, FTP <[EMAIL PROTECTED]> wrote: > > >On Mon, Jun 26, 2006 at 08:30:29AM -0700, Scott Francis wrote: > > >> On 6/26/06, FTP <[EMAIL PROTECTED]> wrote: > > >> >Hi there, > > >> > > > >> >I was trying to start Apache in SSL mode and I did follow the > > >> >http://openbsd.org/faq/faq10.html#HTTPS steps. After that I issued > > >> >"apachectl startssl" and everything went fine. > > >> > > > >> >Now, when I point to the https://<IP-address> from my server I get an > > >> >"unable to connect error"! > > >> > > > >> >What did I do wrong? > > >> > > > >> >In the ssl_engine_log I get: "Configuring server new.host.name:443 for > > >SSL > > >> >protocol". This server has no domain assigned. Did I do something wrong > > >in > > >> >the certs? > > >> > > >> no, but you probably neglected to edit /var/www/conf/httpd.conf > > >> appropriately (ServerName and NameVirtualHost come to mind, as well as > > >> the appropriate name-specific parts of the SSL config in the same > > >> file). ssl_engine_log probably won't give you the info you need here; > > >> take a look at your access_log and error_log. > > >> -- > > >> [EMAIL PROTECTED],darkuncle.net} || 0x5537F527 > > >> encrypted email to the latter address please > > >> http://darkuncle.net/pubkey.asc for public key > > >> > > > > > >Thanks for your reply. > > > > > >Well, the error_log doesn't get any message. Also, the regular http does > > >show the web page without having the IP address in the http.conf file. Why > > >doesn't this work with SSL as well? > > >Certs etc. are in the correct path. > > > > > >Thanks > > > > > >George > > > > > > > > the weird thing is that I don't anything in the logs! No errors - nothing! >
some more ifo: when trying curl https://localhost I get the follwing: curl: (60) Failed to connect to ::1: Connection refused More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. if I issue curl -k https://localhost instead, I do get the page. Could it be due to the self-signed cert? Thanks George
