Cannot view https on installed cert

**sv1** · 01-07-2006 12:30 PM

We have created a domain on it's own IP and when whm installs the cert it says everything is ok but when trying to access the site via https it does not work. Any help with this would be great.

**tuxdesk** · 01-07-2006 12:34 PM

check logs tail -f /var/log/messages also check the port 443 is opened to that domain.

**ramprage** · 01-07-2006 01:36 PM

I just responded to your other thread about this

http://forums.cpanel.net/showthread.php?t=48388

"IE complaints about incorrect CA bundles in particular, I've found Firefox doesn't really care and the site will continue to work for SSL.

I suggest getting the correct CA bundle to ensure it works in both browsers"

**sv1** · 01-07-2006 02:02 PM

ramprage that isn't my thread

Here's the log when trying to connect through SSL and the domain:

Jan 7 12:59:07 pluto stunnel[2637]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Jan 7 12:59:07 pluto stunnel[2637]: Connection reset: 5736 bytes sent to SSL, 2768 bytes sent to socket
Jan 7 12:59:07 pluto stunnel[2637]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Jan 7 12:59:07 pluto stunnel[2637]: Connection reset: 7362 bytes sent to SSL, 2776 bytes sent to socket
Jan 7 12:59:07 pluto stunnel[2637]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Jan 7 12:59:07 pluto stunnel[2637]: Connection reset: 316 bytes sent to SSL, 382 bytes sent to socket

**sv1** · 01-07-2006 02:11 PM

Fixed it, 443 was not opened in APF, stupid oversight! Thanks for the help.

Secret Agent · 01-25-2006 06:45 AM

I'm having this problem. I reinstalled the SSL successfully but it still shows page not found when testing it. Without https it works fine (domain that is).

443 is open in APF also.

<VirtualHost xxx.202.68.167>
ServerAlias www.ssldomain.com ssldomain.com
ServerAdmin webmaster@ssldomain.com
DocumentRoot /home/offshore/public_html
User offshore
Group offshore
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/offshore/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir "/home/offshore/:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule mod_userdir.c>
UserDir disabled
UserDir enabled offshore
</IfModule>
ServerName www.ssldomain.com
CustomLog domlogs/ssldomain.com combined
ScriptAlias /cgi-bin/ /home/offshore/public_html/cgi-bin/
</VirtualHost>

<IfDefine SSL>
<VirtualHost xxx.202.68.167:443>
ServerAdmin webmaster@ssldomain.com
DocumentRoot /home/offshore/public_html
ServerName ssldomain.com
UserDir public_html

<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled offshore
</IfModule>

<IfModule mod_php4.c>
php_admin_value open_basedir "/home/offshore:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir "/home/offshore:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>

User offshore
Group offshore
ScriptAlias /cgi-bin/ /home/offshore/public_html/cgi-bin/

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/ssldomain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/ssldomain.com.key
SSLCACertificateFile /usr/share/ssl/certs/ssldomain.com.cabundle
SSLLogFile /usr/local/apache/domlogs/ssldomain.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/ssldomain.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>

What could it be?

**simplestar** · 01-25-2006 06:58 AM

If you have NMAP installed (if you don't, it can be added via RPM) run this command:

nmap -sT -O localhost

The above command will show you what ports are open. check to see if 443 is listed. If not, you need to add SslEngine On in your httpd.conf. It should go in your Virual Host directive.

EDIT: i say this because I don't it in your above post.

Secret Agent · 01-25-2006 07:02 AM

root@server2 [/var/cpanel/users]# nmap -sT -O localhostl

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-01-25 06:00 CST
Insufficient responses for TCP sequencing (3), OS detection may be less accurate
Interesting ports on localhost (127.0.0.1):
(The 1643 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
631/tcp open ipp
783/tcp open hp-alarm-mgr
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
6666/tcp open irc-serv
8009/tcp open ajp13
8080/tcp open http-proxy
Device type: general purpose
Running: Linux 2.4.X
OS details: Linux 2.4.23-grsec w/o timestamps, Linux 2.4.7 (x86)

Nmap run completed -- 1 IP address (1 host up) scanned in 6.813 seconds

**tuxdesk** · 01-25-2006 07:09 AM

run this /usr/local/cpanel/startstunnel

Secret Agent · 01-25-2006 07:09 AM

That didn't correct it either

**simplestar** · 01-25-2006 08:10 AM

Ok, regarding your first post, is that VirtualHost container where your'e trying to defin the SSL? I see the Virtual host container end (/VirualHost) before you've specified the cert, key, ca bundle paths. If you're defining a dedi cert, the SslEngine On and certs paths should be within the >VirtualHost< container.

If it was working before, I would go into WHM and 'LOOK ONLY' through the rollback config for httpd. Go back a month or so and see how your VirtualHosts directive was previously laid out. I might be wrong, but I think the problem is not what is included in your httpd.conf but how it's laid out there.

Secret Agent · 01-25-2006 08:46 AM

Where do you see sslengine on?

Also, I simpy reinstalled the SSL's via WHM. They insert the virtual host ssl info automatically

**simplestar** · 01-25-2006 09:24 AM

Where do you see sslengine on?

I don't see that commented in, that what I'm saying. The shared cert resides outside of the Virtual host container, while the dedi cert for the specific website is completely enclosed within the Virtual container. When the site needs to move to https:// state, it needs to know what/where SSL info to use (key,ca, ca bundle) specific to the domain. You don't have it within that directive. You don't need to delete anything, just try adding it in the container.

Secret Agent · 01-26-2006 05:04 PM

I'm only using dedicated ssl, not shared and I've always installed via whm without a problem (using rapidssl, comodo and geotrust)

Secret Agent · 01-30-2006 11:48 PM

How do I enable SSLEngine On? My other servers using SSL do not have this mentioned in httpd.conf and they work fine.

LinkBack

Thread Tools

Cannot view https on installed cert

SSL Cert added but can't use https?

SSL cert installed; no https connection

ssl cert, https, will not work.

HELP: Installed SSL Cert, but https:// "page not found"