[users@httpd] SSL configuration not working

Fri, 17 Jun 2011 09:29:11 -0700 

 I am having some trouble getting an SSL connection to work properly.  It has 
been a while since I have done this.   If I disable SSL I can get to the http 
site just fine.  As a trouble shooting step I left the http site up and enabled 
the SSL site.  Again I can get to the http site but not the https site.  I am 
getting no helpful messages in my logs.  I have my log level set to debug.

I am running apache 2.2.14

I am using nearly the same configuration I had previously used for a SSL 
protected web server, but there are some difference.  For one thing, when I 
received the .crt I was instructed to load an intermediary .crt file.  I 
followed the instructions on the GeoTrust site and now have this SSL 
configuration:

  SSLEngine on

  SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

  SSLCertificateFile "/files/thisdomain.conf/thisdomain.crt"

  SSLCertificateKeyFile "/files/thisdomain.conf/thisdomain.key"

  SSLCACertificateFile "/files/thisdomain.conf/intermediate.crt"

  SSLOptions +StdEnvVars +ExportCertData


here is the ls output from /files/thisdomain.conf

-rw-r--r--  1 root       wheel  1989 Jun 16 23:55 apache.thisdomain.conf

-rw-r--r--  1 root       wheel  1756 Jun 16 22:46 thisdomain.crt

-rw-r--r--  1 root       wheel  1675 Jun 16 23:30 thisdomain.key

-rw-r--r--  1 root       wheel  1675 Jun 16 22:44 thisdomainkey.pem

-rw-r--r--  1 root       wheel  1391 Jun 16 23:41 intermediate.crt


Another thing I wonder about is that when I created the .crt, I forgot to 
indicate that I was using Apache SSL.  When I received the notice that the .crt 
was ready, the message indicated I was using some off brand, MS IIS.  I spoke 
with my reseller's help desk and they indicated this was not a problem.  Maybe 
they are wrong?

When I created my key, it was a .pem file.  Because my previously working site 
had a .key file, I copied the .pem to .key.  My research indicates there is a 
difference beyond file extension.  Could this be the problem?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to