Re: Problemas ssl apache
On Fri, Dec 23, 2011 at 12:43:03PM -0300, Larry Letelier wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 23/12/11 12:08, Reinaldo Orrego wrote: > > Estimados, > > > > Estoy instalando un servidor web con ssl. > > > > Resumiendo y al grano. > > > > Use la conf por defecto de apache (default-ssl) para crear la > > maquina. Y no esta funcionando. > > > > > > # openssl s_client -servername localhost -connect localhost:443 > > -state -debug CONNECTED(0003) SSL_connect:before/connect > > initialization write to 0x8459878 [0x845a8e0] (113 bytes => 113 > > (0x71)) - 16 03 01 00 6c 01 00 00-68 03 01 4e f4 8c d2 ab > > l...h..N 0010 - ef 6e 26 06 c7 24 b3 e4-f4 30 88 5d 79 4d > > f0 df .n&..$...0.]yM.. 0020 - d4 ab 6d ed ab 2e fb 09-22 c0 b3 00 > > 00 28 00 39 ..m."(.9 0030 - 00 38 00 35 00 16 00 13-00 0a > > 00 33 00 32 00 2f .8.5...3.2./ 0040 - 00 05 00 04 00 15 00 > > 12-00 09 00 14 00 11 00 08 0050 - 00 06 00 03 00 > > ff 02 01-00 00 16 00 00 00 0e 00 0060 - 0c 00 00 > > 09 6c 6f 63 61-6c 68 6f 73 74 00 23 localhost.# 0071 - > > SSL_connect:SSLv2/v3 write client hello A read from > > 0x8459878 [0x845fe40] (7 bytes => 7 (0x7)) - 3c 21 44 4f 43 54 > > 59 > SSLv2/v3 read server hello A 17200:error:140770FC:SSL > > routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:607: > > > > Firefox me da el siguiente mensaje. > > > > Secure Connection Failed > > > > An error occurred during a connection to ws.cap.msgg.gov.cl. > > > > SSL received a record that exceeded the maximum permissible > > length. > > > > (Error code: ssl_error_rx_record_too_long) > > > > The page you are trying to view can not be shown because the > > authenticity of the received data could not be verified. Please > > contact the web site owners to inform them of this problem. > > Alternatively, use the command found in the help menu to report > > this broken site. > > > > En mi /etc/apache2/ports.conf tengo esto > > > > > > NameVirtualHost *:80 Listen 80 > > > > # If you add NameVirtualHost *:443 here, you > > will also have to change # the VirtualHost statement in > > /etc/apache2/sites-available/default-ssl # to # > > Server Name Indication for SSL named virtual hosts is currently > > not # supported by MSIE on Windows XP. Listen 443 > > > > Listen 443 > > > > Cuando escribo la url:443 me sale un error de not found, en el > > browser. > > > > No tengo muy claro por donde buscar una solución. > > > > Cordialmente > > > Rey, > > Tienes habilitadas las variables ? > > SSLEngine On > SSLCertificateFile /ruta/al/cert/ > > Adicionalmente, que dicen los logs ssl_* de tu apache ? Encontre el problema. logs de ssl no decian mucho. Para variar problema tonto. Agregar al virtualhost de apache ServerName nombrededominio Ahora esta funcionando. Por lomenos esa parte. Cordialmente -- Reinaldo Orrego n...@quodvis.net
Re: Problemas ssl apache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/12/11 12:08, Reinaldo Orrego wrote: > Estimados, > > Estoy instalando un servidor web con ssl. > > Resumiendo y al grano. > > Use la conf por defecto de apache (default-ssl) para crear la > maquina. Y no esta funcionando. > > > # openssl s_client -servername localhost -connect localhost:443 > -state -debug CONNECTED(0003) SSL_connect:before/connect > initialization write to 0x8459878 [0x845a8e0] (113 bytes => 113 > (0x71)) - 16 03 01 00 6c 01 00 00-68 03 01 4e f4 8c d2 ab > l...h..N 0010 - ef 6e 26 06 c7 24 b3 e4-f4 30 88 5d 79 4d > f0 df .n&..$...0.]yM.. 0020 - d4 ab 6d ed ab 2e fb 09-22 c0 b3 00 > 00 28 00 39 ..m."(.9 0030 - 00 38 00 35 00 16 00 13-00 0a > 00 33 00 32 00 2f .8.5...3.2./ 0040 - 00 05 00 04 00 15 00 > 12-00 09 00 14 00 11 00 08 0050 - 00 06 00 03 00 > ff 02 01-00 00 16 00 00 00 0e 00 0060 - 0c 00 00 > 09 6c 6f 63 61-6c 68 6f 73 74 00 23 localhost.# 0071 - > SSL_connect:SSLv2/v3 write client hello A read from > 0x8459878 [0x845fe40] (7 bytes => 7 (0x7)) - 3c 21 44 4f 43 54 > 59 SSLv2/v3 read server hello A 17200:error:140770FC:SSL > routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:607: > > Firefox me da el siguiente mensaje. > > Secure Connection Failed > > An error occurred during a connection to ws.cap.msgg.gov.cl. > > SSL received a record that exceeded the maximum permissible > length. > > (Error code: ssl_error_rx_record_too_long) > > The page you are trying to view can not be shown because the > authenticity of the received data could not be verified. Please > contact the web site owners to inform them of this problem. > Alternatively, use the command found in the help menu to report > this broken site. > > En mi /etc/apache2/ports.conf tengo esto > > > NameVirtualHost *:80 Listen 80 > > # If you add NameVirtualHost *:443 here, you > will also have to change # the VirtualHost statement in > /etc/apache2/sites-available/default-ssl # to # > Server Name Indication for SSL named virtual hosts is currently > not # supported by MSIE on Windows XP. Listen 443 > > Listen 443 > > Cuando escribo la url:443 me sale un error de not found, en el > browser. > > No tengo muy claro por donde buscar una solución. > > Cordialmente Rey, Tienes habilitadas las variables ? SSLEngine On SSLCertificateFile /ruta/al/cert/ Adicionalmente, que dicen los logs ssl_* de tu apache ? Saludos, - -- LL -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJO9KGHAAoJEPrcLH/1RnsgrFMIANd5JNDvZQL5INZHIzMcXcTs pKUcSM6fw3w9ltXqi/3c5NOprgVBybtPQwumcI1j8rcPYbzaeAZAL6ZZuzgqRErt U4bNLMsO2ZsEOBT96H2RZraHzSEdEFrCJWZdvlf8RG3CjE1jV8zWTyrasud5ibzX wMXIeA/rtq0R+h6yhFxSxOffeZg48ygMvlmbG2Wubn8NxBRUWYWS0jfjaPaKpBEr baJ7DRN/mNxTk4ttDRwLQg0ekKvcgqFhGA2LXFdfjODyS1lyMts0V0qEtcnnW8sQ XhqzJN25VUwJj7hAlHtQOWbyON7O0SJK8c8OsjNCvgf9l6AW/4XoHfcII3jaQdc= =CFwy -END PGP SIGNATURE-
Problemas ssl apache
Estimados, Estoy instalando un servidor web con ssl. Resumiendo y al grano. Use la conf por defecto de apache (default-ssl) para crear la maquina. Y no esta funcionando. # openssl s_client -servername localhost -connect localhost:443 -state -debug CONNECTED(0003) SSL_connect:before/connect initialization write to 0x8459878 [0x845a8e0] (113 bytes => 113 (0x71)) - 16 03 01 00 6c 01 00 00-68 03 01 4e f4 8c d2 ab l...h..N 0010 - ef 6e 26 06 c7 24 b3 e4-f4 30 88 5d 79 4d f0 df .n&..$...0.]yM.. 0020 - d4 ab 6d ed ab 2e fb 09-22 c0 b3 00 00 28 00 39 ..m."(.9 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5...3.2./ 0040 - 00 05 00 04 00 15 00 12-00 09 00 14 00 11 00 08 0050 - 00 06 00 03 00 ff 02 01-00 00 16 00 00 00 0e 00 0060 - 0c 00 00 09 6c 6f 63 61-6c 68 6f 73 74 00 23 localhost.# 0071 - SSL_connect:SSLv2/v3 write client hello A read from 0x8459878 [0x845fe40] (7 bytes => 7 (0x7)) - 3c 21 44 4f 43 54 59 # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 Listen 443 Cuando escribo la url:443 me sale un error de not found, en el browser. No tengo muy claro por donde buscar una solución. Cordialmente -- Reinaldo Orrego n...@quodvis.net