logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Trying apache 2.4.3 ssl for days getting no -where
Author
dreuzel



Joined: 30 Jan 2006
Posts: 16

PostPosted: Sat 20 Oct '12 18:14    Post subject: Trying apache 2.4.3 ssl for days getting no -where Reply with quote

Trying to configure for days now trying every blog and forum whatever is written about it all fails.


run apache 2.4.3 binary build with ssl trying for days!!!!!! getting nowhere
Reading all random google information I COULD

Using the standard win32 BINARY generated APACHE SSL INCLUDED from apachelaunch (site locked up Apache not working ???)

My guess is the Apache config that is ill explained and full of obsuring technical slang

Nothing at all is working for ssl using virtualhost (I plan to have an identical responds from 3 web addresses (is not the issue here)

I suppose EVERY INDIVIDUAL trying this is bumping against the same limits.

I'm sorry for this outlet but it is hard to run into such problems after VERIFYING everything there is to read about ....





A) i had the need to install 2 modules (nowhere it is explained you need 2)

Code:
 #
# SSL
#
listen 443
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so   <<<<<<<<<<<<<<<<<<

susspect after many searches the above is correct
B) Due to log file complaints I added the random seeds and session cash

Code:
   SSLRandomSeed startup auth/server/urandom 512
   SSLRandomSeed connect auth/server/urandom 512
   SSLRandomSeed startup auth/server/random 512
   SSLRandomSeed connect auth/server/random 512
   SSLSessionCache        "shmcb:T:\install\Apache\logs\ssl_scache.dat(512000)"
   

c) i beleive I need a cyphersuite as in the book
Code:
  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

D) set up my certificats

in PEm FORM key included in the pem.file (created and signed bij a self signed cA exported using unix XCA)
want a wild domain certificat *.domain.com
Code:
     CN=domain.com
       Subject alternative name:DNS:*.domain.com (1)
       

It is unclear if this is enough for a wild certificat ??? *.domain.com but this comes from EXAMPLES

all are signed by A server CA(2) that is by itself signed By a master CA(3)(Self singed)
All certificats are validated and signal valid
E) I've created a Virtual host :


Code:
<VirtualHost *:433>
DocumentRoot "C:/internet/TEST"
ServerName  DOMAIN.COM
  SSLEngine on
 #  used cerificats    and the  private key   
    SSLCertificateFile       "C:/server/domain.com.pem" (1)Key  included
 #   SSLCertificateKeyFile    "C:/server/key/domain.com.pem" with explicit Key  or both  does not work either
 #
 # Setup Ca Certificat
 #
 #   SSLCACertificateFile  "C/server/CA/Chain_CA.crt" (2)   all certificats  CHAINED seem  to hace  no impact
    SSLCertificateChainFile  "C:/server/CA/Chain_CA.crt"   (2)   all certificats  CHAINED
 #   the file name should be the hash  value of the certificat    hashvalue.N
 #  SSLCertificateChainPath  "C/server/CA/" not used
 #  SSLCACertificatePath     "C/server/CA/" not used
   
CustomLog "C/log/apache/ssl_apache_access_ORG.log" COMMON
        ErrorLog    "C:/internet/log/apache/ssl_Serverlerror_ORG.log"
        TransferLog "C:/internet/log/apache/ssl_Serveraccess_ORG.log"
        ErrorLog     C:/internet/log/apache/ssl_Serverproxyerror_ORG.log
<Directory />
   Require all Granted
</Directory>
</VirtualHost>


I receive virtual empty log files
google Cgrome : SSL Unable to make secure connection tot the server SSL connection error .
It may be requiring a client authentication certificat ????? comming from what parameter ?????
error 107 Net: ERR_SSL PROTOCOL_ERROR

Code:
T:Apache\bin>openssl s_client -connect DOMAIN.COM:443 -state
Loading 'screen' into random state - done
CONNECTED(00000738)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
660:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s2
3_clnt.c:766:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 321 bytes
---
New, (NONE), Cipher is (NONE)[Why do Iadd  SSLCiperSuite  if it decides it to be  null]
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Test completly slang is as if browser is bad



Apache log file : so the firewall is passing things through

Quote:
109.131.14.172 - - [20/Oct/2012:17:11:43 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:11:43 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:11:43 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:11:43 +0200] "\x16\x03" 400 226
109.131.14.172 - - [20/Oct/2012:17:17:59 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:17:59 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:17:59 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:17:59 +0200] "\x16\x03" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:00 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:00 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:00 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:00 +0200] "\x16\x03" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:04 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:04 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:04 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:04 +0200] "\x16\x03" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:05 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:05 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:05 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:05 +0200] "\x16\x03" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:06 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:06 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:06 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:06 +0200] "\x16\x03" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:07 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:07 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:07 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:18:07 +0200] "\x16\x03" 400 226
81.242.41.67 - - [20/Oct/2012:17:18:26 +0200] "\x16\x03\x01\x01<\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:06 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:06 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:06 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:06 +0200] "\x16\x03" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:08 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:08 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:08 +0200] "\x16\x03\x01" 400 226
109.131.14.172 - - [20/Oct/2012:17:22:08 +0200] "\x16\x03" 400 226

log file completely useless.No added value
THere is no other error or indication something is wrong Error LOGS ARE EMPTY
LOg files are useless but prove at least I'm getting through the firewall

PLease help me I'm getting killed by SSL !!!
I thought i made it simple enough to start But all seems to refuse
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2873
Location: Hilversum, NL, EU

PostPosted: Sat 20 Oct '12 20:10    Post subject: Reply with quote

There is a guide installing Apache with SSL here on the Additional Download page. It's for 2.2 but should work except you should add (you already had it):

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

SSLSessionCache shmcb:logs/ssl_scache(512000)


Also a good read: http://httpd.apache.org/docs/2.4/ssl/

Steffen
Back to top
dreuzel



Joined: 30 Jan 2006
Posts: 16

PostPosted: Sun 21 Oct '12 10:35    Post subject: Reply with quote

Thanks i will reread them all

is there some reading stuff how to specify the certificat
i know about DNS:domain.com
and CN =*.domain.com

I would need combinations of both.. and as such
I need some references how to create the Certificat
meaning what CN, DNS fields are required and used
in the interpretation of the certificat content
(commands how to create,sign,convert are all over the web and are not the problem, its the usage conventions that are not known...
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2873
Location: Hilversum, NL, EU

PostPosted: Sun 21 Oct '12 10:43    Post subject: Reply with quote

See also www.apachelounge.com/viewtopic.php?t=603
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6998
Location: Germany, Next to Hamburg

PostPosted: Mon 22 Oct '12 11:30    Post subject: Re: Trying apache 2.4.3 ssl for days getting no -where Reply with quote

dreuzel wrote:

susspect after many searches the above is correct
B) Due to log file complaints I added the random seeds and session cash

Code:
   SSLRandomSeed startup auth/server/urandom 512
   SSLRandomSeed connect auth/server/urandom 512
   SSLRandomSeed startup auth/server/random 512
   SSLRandomSeed connect auth/server/random 512
   SSLSessionCache        "shmcb:T:\install\Apache\logs\ssl_scache.dat(512000)"
   



auth/server/urandom does not exist in Windows! You have to use builtin and configure it only once Wink
[code]
SSLRandomSeed connect builtin
SSLRandomSeed startup builtin
Back to top
tabestmaker



Joined: 18 Dec 2012
Posts: 4
Location: Ma

PostPosted: Wed 19 Dec '12 13:01    Post subject: Reply with quote

Hey guys I have the same problem any news on the solution ?

تصميم الصور

http://www.arab-teck.com/
daily unblocked games


Last edited by tabestmaker on Sun 21 Sep '14 14:02; edited 12 times in total
Back to top
imfriend4u



Joined: 15 Dec 2012
Posts: 2
Location: HR

PostPosted: Sun 23 Dec '12 22:27    Post subject: Reply with quote

Do you have Visual C++ 2008 redistributable installed on the httpd server?

Try the settings for the virtual host i posted here http://www.apachelounge.com/viewtopic.php?t=5085 I still have problems as described with xp sp3 client requesting webpage.

What are the settings for Directory here??:
Quote:
<Directory />
Require all Granted
</Directory>
( on which directory you GRANT permission as you work on the Windows host?

The third option is you did something wrong during certificates creation.
Back to top


Reply to topic   Topic: Trying apache 2.4.3 ssl for days getting no -where View previous topic :: View next topic
Post new topic   Forum Index -> Apache