On Mon, Dec 27, 2004 at 11:06:21PM -0500, leandro asnaghi-nicastro wrote: > $ openssl s_client -connect def.con.ca:443 > CONNECTED(00000003) > 24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:475: > That's usually what happens if the server is responding in HTTP instead of HTTPS. You could try adding -state -debug to the openssl s_client command to get more info. Also check your error log on the server, it should have something about invalid method. If def.con.ca is in fact the host with the problem, then I get the following with -debug:
[SNIP] 0000 - 3c 21 44 4f 43 54 59 <!DOCTY The <!DOCTY should never be sent in plain text over an SSL encrypted connection, so I'm quite sure SSL isn't on. > Further reading online: add SSLEngine on within the Virtual Host > setting (I'm guessing they meant in mod_ssl.conf?) and that is done. It has to go inside the VirtualHost block for the port 443 vhost. You also need a few other settings there pointing to the certificates. You could try posting the ssl related part of that vhost. > [EMAIL PROTECTED]:/etc/apache# netstat -tln | grep 443 > tcp 0 0 0.0.0.0:443 0.0.0.0:* > LISTEN > > Okay, so I'm not that off. > Certainly there is something listening on port 443 - the s_client error would have been different if there was nothing on that port. > Obviously I am doing something wrong, albeit I am at a loss as to > what excatly I screwed up. Can someone kindly kick me in the right > direction? > It still looks like you don't have SSLEngine on in the right place. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
