[CLUE-Tech] apache & ssl problem

[Dave Anselmi]

Randy Arabie wrote:

> Hi all,
>
> I've got a redhat 7.1 system running apache-1.3.19-5.
> This is a default apache install, standalone configuration,
> with ssl running on port 443 as a virtual host.
>
> I can connect to my standard port 80, but can't to
> the ssl port 443.
>
> I can't seem to find relevant error messages to resolve
> the issue.
>
> An attempted lynx connection reports:
>
>         Looking up 192.168.1.200
>         Making HTTPS connection to 192.168.1.200
>         Retrying connection.
>         Looking up 192.168.1.200
>         Making HTTPS connection to 192.168.1.200
>         Alert!: Unable to make secure connection to remote host.
>
>         lynx: Can't access startfile https://192.168.1.200/
>
> An attempted IE 5.x connection results in the standard
> "Cannot find server or DNS Error" message.
>
> An attempted telnet connection to port 443 shows that httpd is
> running on port 443:

So telnet gets you the file, without encryption, without any apparent SSL handshake attempt?  Seems
like you aren't really using SSL.  I assume you're using mod_ssl, not OpenSSL.

Your virtual host config is wrapped in an IfDefine - did you start Apache with something like -DSSL
to define it?  If not, the config isn't getting run.

If that isn't it, I can dig up an old SSL config I used to use - let me know.

Also, SSLVerifyClient require will require clients to have certificates which they usually don't
(unless you've got a way to give them out).  So maybe that isn't what you want.

Finally, there are many bugs in the IE implementation of SSL that can cause it to fail with
mod_ssl.  The workarounds include IE specific settings (SetEnvIF, which you have some of) and
disabling some cipher suites.  You can check the mod_ssl mailing list of FAQ for details.  There
can also be problems getting SCG to work on Netscape with Verisign certs.

Dave