logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache certificate problem
Author
bagu



Joined: 06 Jan 2011
Posts: 181
Location: France

PostPosted: Mon 29 Nov '21 23:28    Post subject: Apache certificate problem Reply with quote

Hello,

I am experiencing a rather strange error on one of my server's virtual hosts.
I have a let's encrypt certificate that manages all my domains and subdomains.
On https://forum.hyze.fr I have no problem, but on https://mumble.hyze.fr I have two types of errors.
SEC_ERROR_OCSP_TRY_SERVER_LATER on the first one
SEC_ERROR_UNKNOWN_ISSUER on the second one

Note that I only have this problem on Mozilla Firefox.
I checked the OSCP settings, and nothing has changed:
SSLUseStapling on in virtual hosts
SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(512000)" in apache configuration file.

Do you know where the problem comes from?
Thanks
Back to top
Otomatic



Joined: 01 Sep 2011
Posts: 56
Location: Paris, France, EU

PostPosted: Tue 30 Nov '21 10:05    Post subject: Re: Apache certificate problem Reply with quote

bagu wrote:

Note that I only have this problem on Mozilla Firefox.


Firefox, unlike almost all other browsers, has its own certificate store and doesn't use(?) the Windows stores.

Here is how I proceed, locally, with the sites I use in https:

- Firefox, Settings -> Privacy and security
- Certificates -> View Certificates.
- Store "Authorities" then Import
--- The client or Site certificate(s) with the suffix ".pfx or .p12".
It contains the certificate, its intermediary and the private key.
-- Windows, in the Certificate Manager (certmgr.msc), "Personal" store.
-- Firefox, in the "Your Certificates" store.
The password will be requested.
Back to top
bagu



Joined: 06 Jan 2011
Posts: 181
Location: France

PostPosted: Tue 30 Nov '21 10:31    Post subject: Reply with quote

Hello Otomatic,

The problem is solved.
I have a problem with port 80 on my apache.
So OCSP complain and certificate verification failed.

I change listen 127.0.0.1:80 to listen 80, restarted and everything work again. (don't follow bad security tuto on internet...)
I didn't see problem before because i also have listen 443.

Thanks
Back to top


Reply to topic   Topic: Apache certificate problem View previous topic :: View next topic
Post new topic   Forum Index -> Apache