Re: [rhelv5-list] Apache SSL configuration issues.

Fri, 15 Feb 2008 03:25:15 -0800 

Nick Jennings wrote:

Hello everyone,

  I'm having trouble getting any more than one SSL/IP instance
functioning. When I add a second SSL virtual host in conf.d/ssl.conf I
get this in the log:

Invalid method in request \x16\x03\x01


Here is the additional entry I added to the ssl.conf:
<VirtualHost 1.2.3.5:443>
DocumentRoot "/home/sites/testing.foo.com"
ServerName testing.foo.com:443
</VirtualHost>
It looks as though you haven't turned the SSLEngine on for that virtual host; it certainly looks as though you're talking SSL on a connection that expects to be plain text. Take a look at the other :443 VirtualHost definition to see what you need to add. 


Also, I generated a key, as instructed in the RHEL5 documentation, using
genkey, but I keep getting this email:

 ################# SSL Certificate Warning ################

  Certificate for hostname 'host.foo.com', in file:
     /etc/pki/tls/certs/host.foo.com.cert

  The certificate needs to be renewed; this can be done
  using the 'genkey' program.

  Browsers will not be able to correctly connect to this
  web site using SSL until the certificate is renewed.

 ##########################################################
                                  Generated by certwatch(1)

I'm not using a CA cert, just a homemade one, and there is nothing in
the documentation about renewing. Just creating. I've tried re-creating
it, and get the same email the next day.

Thanks for any help on these SSL issues.
Renewing is the same as creating. Generally when I "renew" my self-signed certs I just change the serial number and leave everything else the same. I can never remember from one year to the next what the commands are though so I'd suggest doing what I do -- take a look at the Makefile that you use the generate the cert.
If you're getting the warning about the expired cert then it's quite possibly that the cert you thought you'd updated hasn't been updated. Is the file's mod time wrong?
Once you get the Virtual Host thing working try "openssl s_client -connect <host>:443" and pay close attention to what it spits out (over a couple of screensful). 


jch

_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to