Greetings,
I’m trying to set up a test server for my students using “https” protocol.
Aside I want to keep a “running” http server listening on port 80.
So I have two .conf files on my /etc/apache2/vhost.d folder…
<VirtualHost www.server.dezordi.world:80>
...
</VirtualHost>
The server name is listed in /etc/hosts for now but may later, once it works, be added to the DNS in the lab.
<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost _default_:443>
ServerName www.secureserver.dezordi.world:443
SSLEngine on
SSLUseStapling on
SSLCertificateFile /etc/apache2/ssl.crt/secureserver.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/secureserver.key
</VirtualHost>
</IfDefine>
</IfDefine>
Using netstat -anp --tcp after restarting the apache2 server…
tcp 0 0 127.0.0.2:443 0.0.0.0:* LISTEN 9281/httpd-prefork
I can access the virtual host on 192.168.0.4 with http, but when trying the 127.0.0.2 on https I got SSL_ERROR_RX_RECORD_TOO_LONG message :{
**sirius:/etc/ssl/private #** openssl s_client -connect www.secureserver.dezordi.world:443
CONNECTED(00000003)
140201918243264:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 332 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
I can’t really understand what is the output from openssl -client…
Questions:
Is that firefox related issue (I will try with another browser) ?
I followed the tutorial (https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-apache2.html#sec-apache2-ssl), here is the situation in the file system
I put in /etc/ssl/private the file secureserver.key
**sirius:/etc/apache2 #** tree -L 2 ssl*
**ssl.crl**
└── README.CRL
**ssl.crt**
├── README.CRT
[FONT=monospace]└── secureserver.crt
**ssl.csr**
└── README.CSR
**ssl.key**
├── README.KEY
└── secureserver.key
**ssl.prm**
└── README.PRM
0 directories, 12 files
[/FONT]
Did I “mismoved” the files or mismatched the .key/.crt/*.pem as I have no particular knowledge in SSL/TLS protocol ?