The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cannot view https on installed cert

Discussion in 'General Discussion' started by sv1, Jan 7, 2006.

  1. sv1

    sv1 Well-Known Member

    Joined:
    Aug 31, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    We have created a domain on it's own IP and when whm installs the cert it says everything is ok but when trying to access the site via https it does not work. Any help with this would be great.
     
  2. tuxdesk

    tuxdesk Well-Known Member

    Joined:
    Oct 1, 2005
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    check logs tail -f /var/log/messages also check the port 443 is opened to that domain.
     
  3. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I just responded to your other thread about this

    http://forums.cpanel.net/showthread.php?t=48388

    "IE complaints about incorrect CA bundles in particular, I've found Firefox doesn't really care and the site will continue to work for SSL.

    I suggest getting the correct CA bundle to ensure it works in both browsers"
     
  4. sv1

    sv1 Well-Known Member

    Joined:
    Aug 31, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    ramprage that isn't my thread

    Here's the log when trying to connect through SSL and the domain:

    Jan 7 12:59:07 pluto stunnel[2637]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
    Jan 7 12:59:07 pluto stunnel[2637]: Connection reset: 5736 bytes sent to SSL, 2768 bytes sent to socket
    Jan 7 12:59:07 pluto stunnel[2637]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
    Jan 7 12:59:07 pluto stunnel[2637]: Connection reset: 7362 bytes sent to SSL, 2776 bytes sent to socket
    Jan 7 12:59:07 pluto stunnel[2637]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
    Jan 7 12:59:07 pluto stunnel[2637]: Connection reset: 316 bytes sent to SSL, 382 bytes sent to socket
     
  5. sv1

    sv1 Well-Known Member

    Joined:
    Aug 31, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    Fixed it, 443 was not opened in APF, stupid oversight! Thanks for the help.
     
  6. Secret Agent

    Secret Agent Guest

    I'm having this problem. I reinstalled the SSL successfully but it still shows page not found when testing it. Without https it works fine (domain that is).

    443 is open in APF also.

    <VirtualHost xxx.202.68.167>
    ServerAlias www.ssldomain.com ssldomain.com
    ServerAdmin webmaster@ssldomain.com
    DocumentRoot /home/offshore/public_html
    User offshore
    Group offshore
    <IfModule mod_php4.c>
    php_admin_value open_basedir "/home/offshore/:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule mod_php5.c>
    php_admin_value open_basedir "/home/offshore/:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule mod_userdir.c>
    UserDir disabled
    UserDir enabled offshore
    </IfModule>
    ServerName www.ssldomain.com
    CustomLog domlogs/ssldomain.com combined
    ScriptAlias /cgi-bin/ /home/offshore/public_html/cgi-bin/
    </VirtualHost>

    <IfDefine SSL>
    <VirtualHost xxx.202.68.167:443>
    ServerAdmin webmaster@ssldomain.com
    DocumentRoot /home/offshore/public_html
    ServerName ssldomain.com
    UserDir public_html

    <IfModule mod_userdir.c>
    Userdir disabled
    Userdir enabled offshore
    </IfModule>

    <IfModule mod_php4.c>
    php_admin_value open_basedir "/home/offshore:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule mod_php5.c>
    php_admin_value open_basedir "/home/offshore:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>

    User offshore
    Group offshore
    ScriptAlias /cgi-bin/ /home/offshore/public_html/cgi-bin/

    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/ssldomain.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/ssldomain.com.key
    SSLCACertificateFile /usr/share/ssl/certs/ssldomain.com.cabundle
    SSLLogFile /usr/local/apache/domlogs/ssldomain.com-ssl_data_log
    CustomLog /usr/local/apache/domlogs/ssldomain.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>

    What could it be?
     
  7. simplestar

    simplestar Well-Known Member

    Joined:
    Nov 15, 2005
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    If you have NMAP installed (if you don't, it can be added via RPM) run this command:

    nmap -sT -O localhost

    The above command will show you what ports are open. check to see if 443 is listed. If not, you need to add SslEngine On in your httpd.conf. It should go in your Virual Host directive.


    EDIT: i say this because I don't it in your above post.
     
  8. Secret Agent

    Secret Agent Guest

    root@server2 [/var/cpanel/users]# nmap -sT -O localhostl

    Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-01-25 06:00 CST
    Insufficient responses for TCP sequencing (3), OS detection may be less accurate
    Interesting ports on localhost (127.0.0.1):
    (The 1643 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    21/tcp open ftp
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    110/tcp open pop3
    143/tcp open imap
    443/tcp open https
    465/tcp open smtps
    631/tcp open ipp
    783/tcp open hp-alarm-mgr
    953/tcp open rndc
    993/tcp open imaps
    995/tcp open pop3s
    3306/tcp open mysql
    6666/tcp open irc-serv
    8009/tcp open ajp13
    8080/tcp open http-proxy
    Device type: general purpose
    Running: Linux 2.4.X
    OS details: Linux 2.4.23-grsec w/o timestamps, Linux 2.4.7 (x86)

    Nmap run completed -- 1 IP address (1 host up) scanned in 6.813 seconds
     
  9. tuxdesk

    tuxdesk Well-Known Member

    Joined:
    Oct 1, 2005
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    run this /usr/local/cpanel/startstunnel
     
    #9 tuxdesk, Jan 25, 2006
    Last edited: Jan 25, 2006
  10. Secret Agent

    Secret Agent Guest

    That didn't correct it either
     
  11. simplestar

    simplestar Well-Known Member

    Joined:
    Nov 15, 2005
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    Ok, regarding your first post, is that VirtualHost container where your'e trying to defin the SSL? I see the Virtual host container end (/VirualHost) before you've specified the cert, key, ca bundle paths. If you're defining a dedi cert, the SslEngine On and certs paths should be within the >VirtualHost< container.

    If it was working before, I would go into WHM and 'LOOK ONLY' through the rollback config for httpd. Go back a month or so and see how your VirtualHosts directive was previously laid out. I might be wrong, but I think the problem is not what is included in your httpd.conf but how it's laid out there.
     
  12. Secret Agent

    Secret Agent Guest

    Where do you see sslengine on?

    Also, I simpy reinstalled the SSL's via WHM. They insert the virtual host ssl info automatically
     
  13. simplestar

    simplestar Well-Known Member

    Joined:
    Nov 15, 2005
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    I don't see that commented in, that what I'm saying. The shared cert resides outside of the Virtual host container, while the dedi cert for the specific website is completely enclosed within the Virtual container. When the site needs to move to https:// state, it needs to know what/where SSL info to use (key,ca, ca bundle) specific to the domain. You don't have it within that directive. You don't need to delete anything, just try adding it in the container.
     
  14. Secret Agent

    Secret Agent Guest

    I'm only using dedicated ssl, not shared and I've always installed via whm without a problem (using rapidssl, comodo and geotrust)
     
  15. Secret Agent

    Secret Agent Guest

    How do I enable SSLEngine On? My other servers using SSL do not have this mentioned in httpd.conf and they work fine.
     
  16. Murtaza_t

    Murtaza_t Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    476
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cPanel Access Level:
    Website Owner
    I am not sure if this works for you but I had this same problem, SSL getting installed successfully but site with https gave "Page cannot be displayed" so I just did this :

    Code:
    ]# httpd -t
    ]# service httpd stop
    ]# service httpd startssl
    ]# service httpd start
    Hope that solves your prob as well :rolleyes:
     
  17. Secret Agent

    Secret Agent Guest

    No that didn't solve it.

    I would appreciate if someone can assist on this with a resolution
     
  18. Secret Agent

    Secret Agent Guest

    Here we go:

    root@server2 [/usr/local/apache/logs]# tail -f ssl_engine_log
    [31/Jan/2006 16:35:08 23417] [info] Init: Configuring temporary DH parameters (512/1024 bits)
    [31/Jan/2006 16:35:12 23448] [info] Init: 2nd startup round (already detached)
    [31/Jan/2006 16:35:12 23448] [info] Init: Reinitializing OpenSSL library
    [31/Jan/2006 16:35:12 23448] [info] Init: Seeding PRNG with 136 bytes of entropy
    [31/Jan/2006 16:35:12 23448] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
    [31/Jan/2006 16:35:12 23448] [info] Init: Configuring temporary DH parameters (512/1024 bits)
    [31/Jan/2006 16:35:12 23448] [info] Init: Initializing (virtual) servers for SSL
    [31/Jan/2006 16:35:12 23448] [warn] Init: SSL server IP/port conflict: domain1.com:443 (/usr/local/apache/conf/httpd.conf:22441) vs. domain1.com:443 (/usr/local/apache/conf/httpd.conf:26511)
    [31/Jan/2006 16:35:12 23448] [warn] Init: SSL server IP/port conflict: domain1.com:443 (/usr/local/apache/conf/httpd.conf:22368) vs. domain1.com:443 (/usr/local/apache/conf/httpd.conf:26477)
    [31/Jan/2006 16:35:12 23448] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!


    So what am I supposed to do? These SSL certs were all installed via WHM as usual and given "certification passed". How do I correct this?
     
  19. chud67

    chud67 Member

    Joined:
    Feb 9, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I'm getting the same thing. Anyone?
     
  20. Secret Agent

    Secret Agent Guest

    Someone please help out. This has been going on for a few days too much
     
Loading...

Share This Page