Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: SSL certificate blues

  1. #1
    Join Date
    Apr 2011
    Beans
    10

    Red face SSL certificate blues

    I'm having considerable difficulty configuring my HTTPS connection. I've already generated a key and sent it to my CA, but after configuring my sever I constantly get:
    Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.

    Here's my config:
    Code:
    Namevirtualhost 37.??.??.???:80
    Namevirtualhost 37.??.??.???:443
    <VirtualHost 37.??.??.???:80 >
            ServerAdmin webmaster@localhost
            Servername My FQN is here. (without the www)
            DocumentRoot /var/www
            <Directory />
                    Options FollowSymLinks
                    AllowOverride None
            </Directory>
            <Directory /var/www/>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride All
                    Order allow,deny
                    allow from all
            </Directory>
    
            # Disable direct access to the folder
    <Directory /var/www/videos>
            AllowOverride None
            allow from all
    </Directory>
    
    and my SSL,
     <IfModule mod_ssl.c>
    <VirtualHost 37.??.??.???:443>
            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/direct
            Servername my FQN (with www omitted)
    
            <Directory />
                    Options FollowSymLinks
                    AllowOverride None
            </Directory>
            <Directory /var/www/>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride None
                    Order allow,deny
                    allow from all
            </Directory>
    
            ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
            <Directory "/usr/lib/cgi-bin">
                    AllowOverride None
                    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                    Order allow,deny
                    Allow from all
            </Directory>
     SSLCertificateFile /etc/ssl/certs/my_site.crt
    SSLCertificateKeyFile /etc/ssl/private/my.key
     SSLCertificateChainFile /etc/ssl/certs/my.ca-bundle
    Last edited by oboyledk; April 18th, 2012 at 02:59 PM. Reason: code tags

  2. #2
    Join Date
    Nov 2011
    Beans
    36

    Re: SSL certificate blues

    which program is giving the error "Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.", is that a browser?

  3. #3
    Join Date
    Apr 2011
    Beans
    10

    Re: SSL certificate blues

    Quote Originally Posted by webservervideos View Post
    which program is giving the error "Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.", is that a browser?
    Yes that's in Chrome Browser, sorry I was unclear.

    In IE I just get a general failed to connect.

  4. #4
    Join Date
    Jul 2010
    Location
    Michigan, USA
    Beans
    2,132
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSL certificate blues

    Sounds like your SSLEngine is not enabled. Your vhost file needs an entry like this.
    Code:
    SSLEngine On
    Typically placed right before your SSLCertificate section at the bottom.

  5. #5
    Join Date
    Apr 2011
    Beans
    10

    Re: SSL certificate blues

    Quote Originally Posted by rubylaser View Post
    Sounds like your SSLEngine is not enabled. Your vhost file needs an entry like this.
    Code:
    SSLEngine On
    Typically placed right before your SSLCertificate section at the bottom.
    I have SSLENgine on.

    I also enabled the mod in apache
    a2enmod sll

    Still no joy.

    Thanks for the ideas so far everyone.

  6. #6
    Join Date
    Jul 2010
    Location
    Michigan, USA
    Beans
    2,132
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSL certificate blues

    Have you set Apache up to Listen on port 443?

  7. #7
    Join Date
    Apr 2011
    Beans
    10

    Re: SSL certificate blues

    Quote Originally Posted by rubylaser View Post
    Have you set Apache up to Listen on port 443?
    Here's my Ports file: (I've also tried forcing the Listen443 line without the ifmodule)

    Code:
    #NameVirtualHost *:80
    Listen 80
    #NameVirtualHost *:443
    #Listen 443
    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
        Listen 443
    </IfModule>
    
    <IfModule mod_gnutls.c>
       Listen 443
    </IfModule>

  8. #8
    Join Date
    Dec 2009
    Beans
    7
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: SSL certificate blues

    Hello,

    First, determine if anything is binding to port 443:

    sudo netstat -anp |grep :443| grep LISTEN

    you should see a line similar to:

    tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10894/apache2
    Whereas on my system, the number 10894 is the process id of the master apache process (prefork). you may see several lines, but that one is the critical one. If there is no line, then apache is not binding to port 443 at all (listen directive). If there IS, then perhaps there is a firewall running blocking access to that port.

    --jason

  9. #9
    Join Date
    Apr 2011
    Beans
    10

    Re: SSL certificate blues

    Step one looks good. I issued netstat as suggested by Jason and recieved this:
    Code:
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      7101/apache2
    So apache is listening on 443.

  10. #10
    Join Date
    Nov 2011
    Beans
    36

    Re: SSL certificate blues

    is port open on your firewall? Tried a different browser? Are you doing something with proxy using/going through one?

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •