configure a test SSL
keith smith
klsmith2020 at yahoo.com
Mon Aug 31 18:50:06 MST 2009
Here it is. Thanks!
Also log shows this about 10 times
[Mon Aug 31 18:30:09 2009] [warn] RSA server certificate CommonName (CN) `newcart.dev' does NOT match server name!?
<VirtualHost 192.168.20.20:443>
DocumentRoot "/work/dev/newcart.dev"
ServerName newcart.dev:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
##LogLevel warn
LogLevel debug
##SSLEngine on
##SSLProtocol all -SSLv2
##SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
##SSLCertificateFile /etc/pki/tls/certs/localhost.crt
##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
##<Files ~ "\.(cgi|shtml|phtml|php3?)$">
## SSLOptions +StdEnvVars
##</Files>
##<Directory "/var/www/cgi-bin">
## SSLOptions +StdEnvVars
##</Directory>
##SetEnvIf User-Agent ".*MSIE.*" \
## nokeepalive ssl-unclean-shutdown \
## downgrade-1.0 force-response-1.0
##CustomLog logs/ssl_request_log \
## "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
------------------------
Keith Smith
--- On Mon, 8/31/09, Alex Dean <alex at crackpot.org> wrote:
> From: Alex Dean <alex at crackpot.org>
> Subject: Re: configure a test SSL
> To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
> Date: Monday, August 31, 2009, 6:07 PM
>
> On Aug 31, 2009, at 7:08 PM, keith smith wrote:
>
> > openssl s_client -showcerts
> >
> > returns
> >
> > connect: Connection refused
> > connect:errno=29
> >
>
> no idea on that one.
>
> >
> > and when I try to access the site with https I get
> >
> >
> > Secure Connection Failed
> >
> > An error occurred during a connection to newcart.dev.
> >
> > SSL received a record with an unknown content type.
> >
> > (Error code: ssl_error_rx_unknown_record_type)
> >
> > The page you are trying to view can not be shown
> because the authenticity of the received data could not be
> verified.
> >
> > * Please contact the web site owners to
> inform them of this problem.
> >
> > ---
> > Any ideas much appreciated.
>
> It's normal to see the 'authenticity could not be verified'
> error with a self-signed cert. If you want to get rid
> of that error, you have to get your certificate signed by a
> recognized signing athority like Verisign or GoDaddy.
>
> The 'unknown content type' error may be another
> issue. Post your VirtualHost config for your SSL vhost
> so we can troubleshoot. Or, you can change LogLevel to
> 'debug' in your Apache config and watch the error log while
> you access the server with a browser.
>
> alex
>
> -----Inline Attachment Follows-----
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail
> settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list