Sunday, November 11, 2018

SSL Not being served by Apache



I am running multiple virtual hosts on my apache and I want one virtual host to server ssl.



I have followed the instructions given to me from where I purchased my certificate.




Whenever I visit my site using https, I get an "Unable to connect error" in Firefox.



My ssl.conf which is included by httpd.conf looks like this: 



NameVirtualHost xxx.xxx.xxx.xxx:443



DocumentRoot "/var/www/html/path/to/dir"

ServerName *.xxx.xxx.com
ServerAlias *.xxx.xxx.com
Alias /path "/var/www/html/development/path/to/somewhere/else"

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/ssl/crt/STAR_xxx_xxx_com.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCACertificateFile /etc/httpd/conf/STAR_xxx_xxx_com.ca-bundle



  Order Deny,Allow 
  Allow from all
  Options -Indexes
  AllowOverride All







What else can I do to solve this?



EDIT Some other thoughts:




  1. I have read that my apache has to be compiled somehow with SSL. Is this an issue?

  2. In some configurations the Listen 443 in enclosed in tags. Is this also an issue?




When I do a lsof -I :443 I get a




COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME 




httpd   8872   root    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8874 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8875 apache    5u  IPv6 78180368       TCP *:https (LISTEN)

httpd   8876 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8877 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8878 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8879 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8880 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8881 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8893 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8894 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   8895 apache    5u  IPv6 78180368       TCP *:https (LISTEN)
httpd   9067 apache    5u  IPv6 78180368       TCP *:https (LISTEN)



I think prolly not waht I expected since I only want one virtual host to listen to 443. Or is this correct?


Answer



Was able to solve this problem by restarting the iptables



service iptables stop
service iptables start

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...