Apache 2 SSL Error
I set up a FreeBSD 4.11 jail to learn how to setup SSL on Apache 2 correctly. I installed Apache 2.0.54 from ports. I generated SSL certs just for testing purposes. I'm not able to get any response at all from the server on SSL unless I set the Listen :443 directive in the httpd.conf as where I think it is supposed to be set in ssl.conf. I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 As this is just temporary and for testing purposes I have posted the configs online as they are quite big and this is a work in progress, see links below. http://www.beerdrinka.com/httpd.conf http://www.beerdrinka.com/ssl.conf I keep re-reading the apache docs but there is just something I am missing. As a note I have also tried this in a non-jail environment on 5.3 p16 and get the same error results. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
On Tuesday 05 July 2005 11:01 am, Todd Suits wrote: I set up a FreeBSD 4.11 jail to learn how to setup SSL on Apache 2 correctly. I installed Apache 2.0.54 from ports. I generated SSL certs just for testing purposes. I'm not able to get any response at all from the server on SSL unless I set the Listen :443 directive in the httpd.conf as where I think it is supposed to be set in ssl.conf. I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 As this is just temporary and for testing purposes I have posted the configs online as they are quite big and this is a work in progress, see links below. http://www.beerdrinka.com/httpd.conf http://www.beerdrinka.com/ssl.conf I keep re-reading the apache docs but there is just something I am missing. As a note I have also tried this in a non-jail environment on 5.3 p16 and get the same error results. When trying to use SSL, are you using a URL with http://; or https://;? Andrew Gould ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
https:// is what im trying to use. http:// just brings my normal index.html page. On 7/5/05, Andrew L. Gould [EMAIL PROTECTED] wrote: On Tuesday 05 July 2005 11:01 am, Todd Suits wrote: I set up a FreeBSD 4.11 jail to learn how to setup SSL on Apache 2 correctly. I installed Apache 2.0.54 from ports. I generated SSL certs just for testing purposes. I'm not able to get any response at all from the server on SSL unless I set the Listen :443 directive in the httpd.conf as where I think it is supposed to be set in ssl.conf. I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 As this is just temporary and for testing purposes I have posted the configs online as they are quite big and this is a work in progress, see links below. http://www.beerdrinka.com/httpd.conf http://www.beerdrinka.com/ssl.conf I keep re-reading the apache docs but there is just something I am missing. As a note I have also tried this in a non-jail environment on 5.3 p16 and get the same error results. When trying to use SSL, are you using a URL with http://; or https://;? Andrew Gould ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
On Tue, 5 Jul 2005 14:21:03 -0400 Todd Suits [EMAIL PROTECTED] wrote: https:// is what im trying to use. http:// just brings my normal index.html page. ---cut--- I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 are you using a hardware-router or something ? if so, did you open the 443 port on that router and set up portforwarding to port 443 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
I have no problem accessing other https sites and there is not a router, the jail is set up on a dedicated server in a data center where serives like this are provided. On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Tue, 5 Jul 2005 14:21:03 -0400 Todd Suits [EMAIL PROTECTED] wrote: https:// is what im trying to use. http:// just brings my normal index.html page. ---cut--- I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 are you using a hardware-router or something ? if so, did you open the 443 port on that router and set up portforwarding to port 443 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
As an update the command: $ openssl s_client -connect localhost:443 -state -debug from the Apache documents, produces the following output: killians# openssl s_client -connect localhost:443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 0809A500 [080B1000] (142 bytes = 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46 ...F 0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a .eN9.`.. 0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q. SSL_connect:SSLv2/v3 write client hello A read from 0809A500 [080B7000] (7 bytes = 7 (0x7)) - 3c 21 44 4f 43 54 59 !DOCTY SSL_connect:error in SSLv2/v3 read server hello A 50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/s rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475: I'm just not sure how to deal with it. On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote: I have no problem accessing other https sites and there is not a router, the jail is set up on a dedicated server in a data center where serives like this are provided. On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Tue, 5 Jul 2005 14:21:03 -0400 Todd Suits [EMAIL PROTECTED] wrote: https:// is what im trying to use. http:// just brings my normal index.html page. ---cut--- I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 are you using a hardware-router or something ? if so, did you open the 443 port on that router and set up portforwarding to port 443 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
Sorry for all the responses but Googling has brought up possible problems or questions. I am starting Apache with /usr/local/sbin/apachectl startssl is this correct for the FreeBSD compiled version? On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote: As an update the command: $ openssl s_client -connect localhost:443 -state -debug from the Apache documents, produces the following output: killians# openssl s_client -connect localhost:443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 0809A500 [080B1000] (142 bytes = 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46 ...F 0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a .eN9.`.. 0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q. SSL_connect:SSLv2/v3 write client hello A read from 0809A500 [080B7000] (7 bytes = 7 (0x7)) - 3c 21 44 4f 43 54 59 !DOCTY SSL_connect:error in SSLv2/v3 read server hello A 50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/s rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475: I'm just not sure how to deal with it. On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote: I have no problem accessing other https sites and there is not a router, the jail is set up on a dedicated server in a data center where serives like this are provided. On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Tue, 5 Jul 2005 14:21:03 -0400 Todd Suits [EMAIL PROTECTED] wrote: https:// is what im trying to use. http:// just brings my normal index.html page. ---cut--- I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 are you using a hardware-router or something ? if so, did you open the 443 port on that router and set up portforwarding to port 443 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
Todd Suits wrote: Sorry for all the responses but Googling has brought up possible problems or questions. I am starting Apache with /usr/local/sbin/apachectl startssl is this correct for the FreeBSD compiled version? you don't *have to* use that, you can just use /usr/local/etc/rc.d/apache.sh and make sure that apache2ssl_enable=YES in /etc/rc.conf to my knowledge, which may be lacking, you should be able to execute apaches start script as well. if you run `ps -waux | grep httpd` from the prompt do you see httpd listed with -DSSL ?? the errors about 'invalid method' lead me to believe that you its only started as http not https. what is in the error log as soon as you run /usr/local/sbin/apachectl startssl and what does the above ps show. jeff On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote: As an update the command: $ openssl s_client -connect localhost:443 -state -debug from the Apache documents, produces the following output: killians# openssl s_client -connect localhost:443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 0809A500 [080B1000] (142 bytes = 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46 ...F 0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a .eN9.`.. 0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q. SSL_connect:SSLv2/v3 write client hello A read from 0809A500 [080B7000] (7 bytes = 7 (0x7)) - 3c 21 44 4f 43 54 59 !DOCTY SSL_connect:error in SSLv2/v3 read server hello A 50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/s rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475: I'm just not sure how to deal with it. On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote: I have no problem accessing other https sites and there is not a router, the jail is set up on a dedicated server in a data center where serives like this are provided. On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Tue, 5 Jul 2005 14:21:03 -0400 Todd Suits [EMAIL PROTECTED] wrote: https:// is what im trying to use. http:// just brings my normal index.html page. ---cut--- I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 are you using a hardware-router or something ? if so, did you open the 443 port on that router and set up portforwarding to port 443 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Apache 2 SSL Error
Jeff You are correct! I was not starting Apache with SSL. I knew I had to use the startssl command however I was using webmin for ease of clicking start and stop and I had entered startssl in the wrong box in the module config so therefor I was not starting Apache with SSL. Once I started with SSL there were a few error's I had to correct with the certificates I generated and in the ssl.conf but starting it correctly was the problem. Thank you.. I have spent many hours trying to get this set up and was very frustrated over the whole project. Thanks again to everyone who took the time to reply. This list is a great resource and without everyones participation it would not work. 7/5/05, jdyke [EMAIL PROTECTED] wrote: Todd Suits wrote: Sorry for all the responses but Googling has brought up possible problems or questions. I am starting Apache with /usr/local/sbin/apachectl startssl is this correct for the FreeBSD compiled version? you don't *have to* use that, you can just use /usr/local/etc/rc.d/apache.sh and make sure that apache2ssl_enable=YES in /etc/rc.conf to my knowledge, which may be lacking, you should be able to execute apaches start script as well. if you run `ps -waux | grep httpd` from the prompt do you see httpd listed with -DSSL ?? the errors about 'invalid method' lead me to believe that you its only started as http not https. what is in the error log as soon as you run /usr/local/sbin/apachectl startssl and what does the above ps show. jeff On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote: As an update the command: $ openssl s_client -connect localhost:443 -state -debug from the Apache documents, produces the following output: killians# openssl s_client -connect localhost:443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 0809A500 [080B1000] (142 bytes = 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 b3 46 ...F 0070 - 18 14 e5 bd de 65 4e 39-1c 60 c4 c2 81 f5 bb 8a .eN9.`.. 0080 - 68 00 e0 db 23 c8 ad c2-44 23 81 83 51 93 h...#...D#..Q. SSL_connect:SSLv2/v3 write client hello A read from 0809A500 [080B7000] (7 bytes = 7 (0x7)) - 3c 21 44 4f 43 54 59 !DOCTY SSL_connect:error in SSLv2/v3 read server hello A 50689:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/s rc/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475: I'm just not sure how to deal with it. On 7/5/05, Todd Suits [EMAIL PROTECTED] wrote: I have no problem accessing other https sites and there is not a router, the jail is set up on a dedicated server in a data center where serives like this are provided. On 7/5/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Tue, 5 Jul 2005 14:21:03 -0400 Todd Suits [EMAIL PROTECTED] wrote: https:// is what im trying to use. http:// just brings my normal index.html page. ---cut--- I get the following error in httpd-error.log: [Tue Jul 05 10:15:28 2005] [error] [client 24.123.123.123] Invalid method in request \x80g\x01\x03 are you using a hardware-router or something ? if so, did you open the 443 port on that router and set up portforwarding to port 443 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]