On Mon, Dec 27, 2004 at 11:06:21PM -0500, leandro asnaghi-nicastro wrote:
>     $ openssl s_client -connect def.con.ca:443 
>     CONNECTED(00000003) 
>     24271:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
>     protocol:s23_clnt.c:475: 
That's usually what happens if the server is responding in HTTP instead
of HTTPS. You could try adding -state -debug to the openssl s_client
command to get more info. Also check your error log on the server, it
should have something about invalid method.
If def.con.ca is in fact the host with the problem, then I get the
following with -debug:

0000 - 3c 21 44 4f 43 54 59                              <!DOCTY

The <!DOCTY should never be sent in plain text over an SSL encrypted
connection, so I'm quite sure SSL isn't on.

> Further reading online: add SSLEngine on within the Virtual Host 
> setting (I'm guessing they meant in mod_ssl.conf?) and that is done.  

It has to go inside the VirtualHost block for the port 443 vhost. You
also need a few other settings there pointing to the certificates. You
could try posting the ssl related part of that vhost.

>     [EMAIL PROTECTED]:/etc/apache# netstat -tln | grep 443 
>     tcp        0      0   *              
>     LISTEN  
> Okay, so I'm not that off.
Certainly there is something listening on port 443 - the s_client error
would have been different if there was nothing on that port.

> Obviously I am doing something wrong, albeit I am at a loss as to 
> what excatly I screwed up.  Can someone kindly kick me in the right 
> direction?
It still looks like you don't have SSLEngine on in the right place.


Mads Toftum
`Darn it, who spiked my coffee with water?!' - lwall

Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to