httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jack Lauman <jlau...@nwcascades.com>
Subject Re: [users@httpd] Enabling SSL
Date Sat, 20 Mar 2004 22:46:50 GMT
I'm getting this error when trying to test the SSL installation.  I've
seen several references to the same error on Google, but none of them
were answered.  Any help relolving this would be appreciated.

I'm reasonably certain that the problem is with the named based vhost.
How do you set one host to be IP based just for SSL?

openssl s_client -connect localhost:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08160350 [081606F0] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00   .z....Q...
.....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04  
.........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00  
...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00  
.c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08  
......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 4d 8e 54 af  
............M.T.
0060 - 90 02 80 ac bb 50 af 0b-b8 73 23 1e 74 50 60 1c  
.....P...s#.tP`.
0070 - 62 f1 2c 17 5f 27 be c6-4a ca 98 11               b.,._'..J...
SSL_connect:SSLv2/v3 write client hello A
read from 08160350 [08165C50] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59                              <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
23496:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:



Jack Lauman wrote:
> 
> I'm running Apache 2.0.49 with OpenSSL 0.9.7d and mod_jk 2.0.4-dev.
> 
> I just purchased a certificate for a host with a fixed public IP
> address.  I'm currently using name-based hosting.  I want the cert
> to work with the primary site only.  The "listen 443" directive has
> been added, the server starts up properly, asks for the cert password
> and the SSL config appears in system-info.  When browsing using
> https:// it fails with an unknown protocol message in the logs.  Using
> :443 displays the page in non-ssl mode.
> 
> What do I need to the server to respond to its FQDN name in SSL mode?
> 
> Thanks,
> 
> Jack
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message