Subject: Re: httpd tls - what am i missing? On 3/25/15, Theodore Wynnychenko <t...@uchicago.edu> wrote: > > Is there anything for me to look at/consider in trying to correct this? > > Thanks > Ted > >
Here is a working example from my server. Note that I don't bother with port 80. You might want to try without the port 80 listen line to rule out some config parsing issue. Also the tls options are in a {} block and make sure your cert and key have secure permissions. server "mydomain.com" { listen on $ext_addr tls port 443 alias "www.mydomain.com" tls { certificate "/etc/ssl/mydomain.com.crt" key "/etc/ssl/private/mydomain.com.key" } # Set max upload size to 513M (in bytes) connection max request body 537919488 root "/htdocs" directory index index.html } ---------------- I tried modifying my httpd.conf to only include the only the https server (and changed the tls options as shown above); but this did not allow me to connect with https. The permissions on the cert is 644 root.wheel, and the key is 400 root.wheel. I did notice that when I try to connect, and firefox is "hanging" (little spinning wheel going round and round), if I kill the httpd parent process on the server, then firefox (within a second or so) drops into an "unable to connect" page. It seems to me that something odd is happening within httpd - like it starts to process the request, but refuses to complete it. Are there any restrictions on the key size or certificate properties (like alternative names) for use with httpd? (I don't see anything in the man pages) Is there any way to get more verbose logs of what httpd is doing/waiting for? (I don't see anything in the man pages) Thanks again Ted [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]