SSL certificate blues

[oboyledk]

I'm having considerable difficulty configuring my HTTPS connection. I've already generated a key and sent it to my CA, but after configuring my sever I constantly get:
Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.

Here's my config:

Code:

Namevirtualhost 37.??.??.???:80
Namevirtualhost 37.??.??.???:443
<VirtualHost 37.??.??.???:80 >
        ServerAdmin webmaster@localhost
        Servername My FQN is here. (without the www)
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        # Disable direct access to the folder
<Directory /var/www/videos>
        AllowOverride None
        allow from all
</Directory>

and my SSL,
 <IfModule mod_ssl.c>
<VirtualHost 37.??.??.???:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/direct
        Servername my FQN (with www omitted)

        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
 SSLCertificateFile /etc/ssl/certs/my_site.crt
SSLCertificateKeyFile /etc/ssl/private/my.key
 SSLCertificateChainFile /etc/ssl/certs/my.ca-bundle

[webservervideos]

which program is giving the error "Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.", is that a browser?

[oboyledk]

which program is giving the error "Error 102 (net::ERR_CONNECTION_REFUSED): The server refused the connection.", is that a browser?

Yes that's in Chrome Browser, sorry I was unclear.

In IE I just get a general failed to connect.

[rubylaser]

Sounds like your SSLEngine is not enabled. Your vhost file needs an entry like this.

Code:

SSLEngine On

Typically placed right before your SSLCertificate section at the bottom.

[oboyledk]

Sounds like your SSLEngine is not enabled. Your vhost file needs an entry like this.

Code:

SSLEngine On

Typically placed right before your SSLCertificate section at the bottom.

I have SSLENgine on.

I also enabled the mod in apache
a2enmod sll

Still no joy.

Thanks for the ideas so far everyone.

[rubylaser]

Have you set Apache up to Listen on port 443?

[oboyledk]

Have you set Apache up to Listen on port 443?

Here's my Ports file: (I've also tried forcing the Listen443 line without the ifmodule)

Code:

#NameVirtualHost *:80
Listen 80
#NameVirtualHost *:443
#Listen 443
<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
   Listen 443
</IfModule>

[jason0]

Hello,

First, determine if anything is binding to port 443:

sudo netstat -anp |grep :443| grep LISTEN

you should see a line similar to:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10894/apache2

Whereas on my system, the number 10894 is the process id of the master apache process (prefork). you may see several lines, but that one is the critical one. If there is no line, then apache is not binding to port 443 at all (listen directive). If there IS, then perhaps there is a firewall running blocking access to that port.

--jason

[oboyledk]

Step one looks good. I issued netstat as suggested by Jason and recieved this:

Code:

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      7101/apache2

So apache is listening on 443.

[webservervideos]

is port open on your firewall? Tried a different browser? Are you doing something with proxy using/going through one?