SSL working with nginx, not with httpd. Any ideas?

2015-03-14 Thread Ezequiel Garzon 
Greetings! For some reason I'm able to set up SSL support for my domain 
using nginx, but not httpd. I have combined my certificates like this:

# cat ssl.crt sub.class1.server.ca.pem ca.pem > /etc/ssl/server.crt

However, if I stop nginx and start httpd I get:

$ curl -I https://ezequiel-garzon.net 
curl: (60) SSL certificate problem: unable to get local issuer 
certificate

I have attempted to write a minimal config file at /etc/httpd.config:

server defaults {listen on egress ssl port 443}

Any ideas on what I'm doing wrong? Thanks for your help!

Cheers,

Ezequiel

Re: SSL working with nginx, not with httpd. Any ideas?

2015-03-14 Thread Hugo Osvaldo Barrera 
On 2015-03-14 18:41, Ezequiel Garzon wrote:
> Greetings! For some reason I'm able to set up SSL support for my domain
> using nginx, but not httpd. I have combined my certificates like this:
>
> # cat ssl.crt sub.class1.server.ca.pem ca.pem > /etc/ssl/server.crt
>
> However, if I stop nginx and start httpd I get:
>
> $ curl -I https://ezequiel-garzon.net
> curl: (60) SSL certificate problem: unable to get local issuer
> certificate
>
> I have attempted to write a minimal config file at /etc/httpd.config:
>
> server defaults {listen on egress ssl port 443}
>

Are yuo sure that's right? I don't see the "ssl" keyword anywhere in the
docs:

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/httpd.conf.5

You also seem to be missing TLS certificate/key is you're going to use TLS.

> Any ideas on what I'm doing wrong? Thanks for your help!
>
> Cheers,
>
> Ezequiel
>

Cheers,

--
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: SSL working with nginx, not with httpd. Any ideas?

2015-03-14 Thread Ezequiel Garzon 
Hi, Hugo!

> Are yuo sure that's right? I don't see the "ssl" keyword anywhere in the
> docs

I see what you're saying... I'm using 5.6-release, which is really not 
recommended for httpd as it's moving quite fast. I wonder if that would 
fix it.

> You also seem to be missing TLS certificate/key is you're going to use 
> TLS.

I'm using the default files, /etc/ssl/private/server.key and 
/etc/ssl/server.crt. I failed to mention that under (Ubuntu) Chrome I get 
a green lock. By now I'm pretty sure I'm missing the intermediate 
certificate.

Thanks for looking into it!

Best,

Ezequiel