[RESOLVED] Apache2.2, SSL, I'm stuck 8(
I hope you can help me. I've been setting up a new webserver running
Apache2.2, PHP5.3,MYSQL5.1,Mod/SSL, OpenSSL.
Now I'm afraid I've done about all I can do and I'm out of leads. I need a good push in the right direction.
I've gotten my server completely setup. I have my valid Certs I have everything correct (as far as I kno) and I still cannot access my site via SSL.
I even have the site running as we speak. I can get to my site via HTTP but not VIA HTTPS. And I can't figure out why. I'm behind a router but my router is setup to transfer both webport and SSL port to the server.
I have the directorys setup correctly one for HTTP requests and one for HTTPS requests. VIA the virtual server config in the SSL_conf file.
What possible reasons are there that I couldn't acccess my site via SSL protocols?
Even tho apache shows no SSL errors and starts and runs.
I have stop and restarted the with latest changes so..
(I also checked my router logs and the HTTPS requests that are made are in fact recieved by my router and transfered to my pc so I am recieving the requests)
Please make sure that you have assigned the dedicated IP address to your site which you would like to access with https.
Originally Posted by thewebhostingdi
Can you elaborate please. This doesn't really tell me anything.
SSL certificate requires the dedicated IP address. Hence, kindly verify that you have assigned the dedicated IP address to your domain to access your site with https.
Again can u elaborate further. Pretend I'm retarded.
I use my domain name not an IP address.
I do appreciate your help, but can u just be more in-depth in your explainations.
Saying what you said doesn't explain to me what that is.
If I was a professional at this I wouldn't be here asking questions.
I've followed several different tutorials since my setup is not the same as the tutorials used.
I have a grasp of whats going on but I'm not fluent. I'm obviously missing something important.
upon Creating my key I gave my domain name "mydomain.com" for servername and "mydomain.com" for common name
apache is setup in the config files with a virutal host that sends all *:443 requests to the "SSLdocs" directory.
I did notice that if I try to go to my site via HTTPS using "localhost" I'm able to connect to the server, but then I get a 403 error saying
could that be a clue to whats wrong?
Last edited by efficacious; 08-24-2009 at 09:47 PM.
You might have more than one config error. One thing I often forget to do when setting up SSL on a fresh server is to open port 443 in the firewall. If you tell your router to forward 443 to the right machine, but that machine's firewall still blocks 443 then you're going nowhere. I'm guessing that's why you can reach the server when you use localhost, but still get the 403.
Ahh thank you, that makes sense. I thought I had set the port in the firewall on the pc but after your post I double checked it and it was in there but I had the port set to 433 instead of 443.
Originally Posted by Stephen Philbin
I popped my browser open to the "https://mydomain.com" url and I didn't time out this time. But I am still getting the Forbidden 403:
Most likely causes:
This website requires you to log in.
My guess is that the 403 is caused by a problem in your SSL configuration file (/usr/local/apache2/conf/extra/httpd-ssl.conf ?).
A few quick questions that might help find the cause of the problem.
1) Do you have another site with a domain name assigned to it on the same host?
2) Does the Listen directive specify 443?
3) Does the opening tag of the <VirtualHost> element (usually fairly near the top of the file) look like this
? If it doesn't, what does it look like?
4) Do the ServerName, DocumentRoot, SSLCertificateFile, SSLCertificateKeyFile directives all say the right things and point to the right places?
5) can you see anything in your SSL log file (/usr/local/apache2/logs/error_log ?) that you think might be helpful in figuring out what's wrong?
6) Are you certain you've uncommented the line in the main httpd.conf file that instructs Apache to include the SSL config file? It'll be way down near the bottom of the file and will read
Originally Posted by httpd.conf
I just have 1 domain name. But I don't intend on having everything on my site encrypted. I was intending to have it so that http://mysite.com would go to one directory and https://mysite.com another.
The listen is 443, the virtual host looks same as you have printed.
The include is uncommented.
I believe ServerName, DocumentRoot, SSLCertificateFile, SSLCertificateKeyFile
are set properly. The error log shows that when I navigate to https://mysite.com its goes the "SSLdocs" directory.
[Sun Aug 30 00:08:18 2009] [error] [client IP] client denied by server configuration: C:/Apache2.2/SSLdocs/index.php
And my normal http://mysite.com works fine.
Ok just for ships and giggles... I took my SSLdocs folder and put it into my htdocs folder. Updated my ssl.conf to the change. Restarted apache..
I go to https://mysite.com and it works! The lock is on the browser and everything. Woot right? No no not woot. Cuz if I go to http://mysite.com/SSLdocs.. I can still get to the SSLdocs unencrypted.
Is there a way that I can have the directory structure as I did before without the permisson errors?
So that the entire directory is unreachable unless through SSL protocols?
You don't need to move all of your files and folders around. You can require that SSL be used on a per-file or per-directory basis. For example, here's a cutting from my httpd.conf file that requires basic auth over SSL for directories beginning with closed_
Accessing anything marked with SSLRequireSSL will, naturally, not be served unless SSL/TLS is in use.
AuthName "Restricted stuff"
Require user stephen
Nice, can you break down the parts of this code for me and kinda explain how it works a bit. Thankx
Of course. It's basically just a set of instructions enclosed in an element that specifies where they should apply.
The <DirectoryMatch></DirectoryMatch> element is the container that you put your directives into, and the expression in the opening tag of the element specifies where they should apply. To use <DirectoryMatch>, you'll need to learn about Regular Expressions. For simple situations, however, you can use just the <Directory> element which just matches literal strings. You can read more about them from their manual page sections. In the case of the one I've posted, it means that the enclosed directives should apply to any directories whose path starts (from the root) with /usr/local/apache2/htdocs/ and has a directory name beginning with closed_ and then one or more characters that are not the / character.
All but one of the directives inside the <DirectoryMatch> element are about authentication. You can learn all you need to know about setting up authentication from the Apache manual section: Authentication, Authorization and Access Control
The example I posted is about as simple as you can get. AuthType is used to specify which authentication mechanism is to be used. In this case, Basic. AuthName is like the name of a realm. If you have another part of your site that requires authentication that has the same AuthName, then if someone authenticates themself in that part, they will automatically be allowed into this one and vice-versa. AuthBasicProvider indicates the source type of the data used for authentication. The default is file, but if you are willing to put in the extra effort, you can use databases instead. AuthUserFile is just the path to the file containing the authentication details, and Require user stephen specifies that only the listed user(s) may be authenticated for directories that this block applies to (as opposed to a group of users).
All of the directives so far are related specifically to basic auth and have no direct connection to SSL/TLS, though. Just as the remaining directive--SSLRequireSSL--is concerned with SSL only and has no direct relevance to basic auth (although the two are very commonly combined just like this). Specifying SSLRequireSSL in a block will cause Apache to refuse any request for a resource that falls within the scope of the <Directory>, <DirectoryMatch>, <FilesMatch> etc. element unless the connection is encrypted.
I tried to implement this on my system. But I can't seem to get it to work.
I don't want the directory password protected so I left out most of the "Auth" bits.
I just added this section to my Virtual Host for SSL
But it doesn't seem to be working. Maybe I'm not understanding how it works fully?
Yea I've tried this several ways and its not working for me at all.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)