Tuesday, June 21, 2016

My SSL configuration aren't working. Ubuntu apache 2.4

My ssl config arent working now. I just move a site from one host (I moved the certs files.



When I try access I have this error. (Chrome and Firefox say to me that SSL protocol is invalid)



Solved: Finally I forgottednto enable the site :( Sorry and thanks for the help with the SSL config.



I see this in my apache log (I think that is when I enter usin my http route)



[09/Apr/2016:16:54:05 +0000] "GET /homepage/ HTTP/1.1" 302 560 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36"



Here my SSL virtualhost file in sites-enable (I replaced name site to my-site):



Edited after the responses:
- Commented SSLCertificateChainFile line.




  • ErrorLog from ssl virtualhost changed to /home/my-site/logs/my-site.com-error-ssl.log


  • LogLevel setted to debug


  • CustomLog from ssl virtualhost changed to /home/my-site/logs/my-site.com.com-access-ssl.log combined





The new logs files are missing, I really can't see any ssl error.
I tested too that ssl module is enabled



Testing normal and private session in Chrome results in the same
Private session accessing the site



NON-SSL




    
        ServerAdmin webmaster@my-site.com
        ServerName my-site.com
        ServerAlias www.my-site.com
        DocumentRoot /home/my-site/www/my-site.com/current/public/
        
                Options FollowSymLinks
                AllowOverride None
        
        

                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Require all granted
        

        ErrorLog /home/my-site/logs/my-site.com-error.log
        LogLevel warn
        CustomLog /home/my-site/logs/my-site.com.com-access.log combined
    Alias /doc/ "/usr/share/doc/"
    
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Require all denied
        Allow from 127.0.0.0/255.0.0.0 ::1/128




SSL







ServerAdmin webmaster@my-site.com

ServerName my-site.com
ServerAlias www.my-site.com
DocumentRoot /home/my-site/www/my-site.com/current/public



    
            Allow from All
            Require all granted
            Options FollowSymLinks
            AllowOverride All
    

    ErrorLog /home/my-site/logs/my-site.com-error-ssl.log
    LogLevel debug
    CustomLog /home/my-site/logs/my-site.com.com-access-ssl.log combined
    SSLEngine on
    SSLCertificateFile /home/my-site/www/my-site.com/current/ssl/www.my-site.com.crt
    SSLCertificateKeyFile /home/my-site/www/my-site.com/current/ssl/www.my-site.com.key
    #SSLCertificateChainFile /home/my-site/www/my-site.com/current/ssl/my-site.com.crt
    SSLCACertificateFile  /home/my-site/www/my-site.com/current/ssl/my-site.com.crt
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    

             SSLOptions +StdEnvVars
    
    
             SSLOptions +StdEnvVars
    
    BrowserMatch "MSIE [2-6]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...