Re: configure a test SSL

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MEric Shubert at <-
MMAlex Dean at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: keith smith
Date:  
To: Main PLUG discussion list
Subject: Re: configure a test SSL
Here it is. Thanks!

Also log shows this about 10 times

[Mon Aug 31 18:30:09 2009] [warn] RSA server certificate CommonName (CN) `newcart.dev' does NOT match server name!?



<VirtualHost 192.168.20.20:443>
DocumentRoot "/work/dev/newcart.dev"
ServerName newcart.dev:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
##LogLevel warn

LogLevel debug

##SSLEngine on
##SSLProtocol all -SSLv2
##SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
##SSLCertificateFile /etc/pki/tls/certs/localhost.crt
##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt 

   ##<Files ~ "\.(cgi|shtml|phtml|php3?)$">
   ##    SSLOptions +StdEnvVars
   ##</Files>
   ##<Directory "/var/www/cgi-bin">
   ##    SSLOptions +StdEnvVars
   ##</Directory>


   ##SetEnvIf User-Agent ".*MSIE.*" \
   ##      nokeepalive ssl-unclean-shutdown \
   ##      downgrade-1.0 force-response-1.0


   ##CustomLog logs/ssl_request_log \
   ##       "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


</VirtualHost>


------------------------
Keith Smith


--- On Mon, 8/31/09, Alex Dean <> wrote:

> From: Alex Dean <>
> Subject: Re: configure a test SSL
> To: "Main PLUG discussion list" <>
> Date: Monday, August 31, 2009, 6:07 PM
>
> On Aug 31, 2009, at 7:08 PM, keith smith wrote:
>
> > openssl s_client -showcerts
> >
> > returns
> >
> > connect: Connection refused
> > connect:errno=29
> >
>
> no idea on that one.
>
> >
> > and when I try to access the site with https I get
> >
> >
> > Secure Connection Failed
> >
> > An error occurred during a connection to newcart.dev.
> >
> > SSL received a record with an unknown content type.
> >
> > (Error code: ssl_error_rx_unknown_record_type)
> >
> > The page you are trying to view can not be shown
> because the authenticity of the received data could not be
> verified.
> >
> >    * Please contact the web site owners to
> inform them of this problem.
> >
> > ---
> > Any ideas much appreciated.
>
> It's normal to see the 'authenticity could not be verified'
> error with a self-signed cert.  If you want to get rid
> of that error, you have to get your certificate signed by a
> recognized signing athority like Verisign or GoDaddy.
>
> The 'unknown content type' error may be another
> issue.  Post your VirtualHost config for your SSL vhost
> so we can troubleshoot.  Or, you can change LogLevel to
> 'debug' in your Apache config and watch the error log while
> you access the server with a browser.
>
> alex
>
> -----Inline Attachment Follows-----
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail
> settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-RE: Politics/Ethics: Operation PinWale - Obama AdministrationSeeksEmergency Control of the InternetRe: configure a test SSL->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)