Apache 2 With Ssl

Hi, i am having troubles setting up apache with ssl accessing my server with https IP

this is one of the error message is get, the rest are just http IP:443 info

Quote:

[Sun Aug 12 03:09:23 2007] [error] [client 192.168.254.1] Invalid method in request \x16\x03\x01
[Sun Aug 12 03:09:43 2007] [info] [client ::1] Connection to child 1 established (server xx.xxx.xxx.xxx:443)
[Sun Aug 12 03:09:43 2007] [info] Seeding PRNG with 144 bytes of entropy
[Sun Aug 12 03:09:43 2007] [info] [client ::1] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Sun Aug 12 03:09:43 2007] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?
[/b]

If i request https within my Lan, i also get a browser error msg code 12263 which is i belief an max length violation.

I have a dynamic ip and my certificates are accordingly configured (restart log)

Quote:

[info] Loading certificate & private key of SSL-aware server
[info] Configuring server for SSL protocol
[info] RSA server certificate enables Server Gated Cryptography (SGC)
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[info] Loading certificate & private key of SSL-aware server
[info] Configuring server for SSL protocol
[info] RSA server certificate enables Server Gated Cryptography (SGC)
[Sun Aug 12 03:13:45 2007] [notice] Apache/2.2.0 (Linux/SUSE) configured -- resuming normal operations
[/b]

Here are excerpts of several configuration files:
1. default-server.conf

Quote:

ServerName billy -->(dns ip name)
NameVirtualHost 192.168.254.3
[/b]

Vhosts:

2. domain.conf

Quote:

<VirtualHost 192.168.254.3>
DocumentRoot /srv/html/htdocs/
ServerName xx.xxx.xxx.xxx
ServerAdmin blah
<Directory "/srv/html/htdocs/">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
[/b]

3. billy.conf (ssl vhost)

Quote:

DocumentRoot "/srv/html/htdocs"
ServerName xx.xxx.xxx.xxx:443
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!NULL:!aNULL:!eNULL:!ADH:!EXPORT56:!LOW:!SSLv2 :!EXP:+HIGH:+MEDIUM
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key

SSLCACertificatePath /etc/apache2/ssl.crt
SSLVerifyClient require
SSLVerifyDepth 1


SSLUserName SSL_CLIENT_S_DN_Email

<Directory "/srv/www/htdocs">
SSLOptions +StrictRequire
SSLRequireSSL
# This is broken in SuSE 9.3 and 10.0 alwas true!!!
# SSLRequire false
</Directory>
[/b]

4. /etc/sysconfig/apache2

Quote:

APACHE_MODULES="alias auth_basic auth_digest authz_user authz_host autoindex dir include log_config mime negotiation setenvif asis imagemap status ssl php5 perl python"
APACHE_SERVER_FLAGS="SSL"
APACHE_SERVERNAME="billy"
[/b]

I generated my certificates according to openssl-ca.sourceforge.net/ and use my dynamic ip address to generate the server certificate.
http// IP:443 gets me my page, so i guess port forwarding through my router works.

netstat -lntp

Quote:

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN 4763/httpd2-prefork
tcp 0 0 :::443 :::* LISTEN 4763/httpd2-prefork
[/b]

Now, i think i get this error due to the dynamic configuration. But i am not able to find my error.
Thank you for anyone who tries to help me.

Kai

here some more error and verification logs:

Quote:

[info] [client ::1] Connection to child 9 established (server 76.173.129.106:443)
[info] Seeding PRNG with 144 bytes of entropy
[debug] ssl_engine_kernel.c(1749): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1757): OpenSSL: Loop: before/accept initialization
[debug] ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#555555cda460 [mem: 555555d18c90] (BIO dump follows)
debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1747): | 0000: 47 45 542f 20 48 54-54 50 2f GET / HTTP/ |
[debug] ssl_engine_io.c(1753): +------------------------------------------------------------------------+
[debug] ssl_engine_kernel.c(1786): OpenSSL: Exit error in SSLv2/v3 read client hello A
[client ::1] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?
[/b]

here the certificate verifications:

Quote:

openssl verify -CAfile ca.crt server.crt
server.crt: OK
[/b]

Problem Solved.

You are not supposed to use NameVirtualHost in http.conf or default-server.conf without specifying a port, since it will interfere with ssl traffic. Uncomment that line and rename domain.conf in vhosts solved the problem.

Hope that helps.