Search Results

Search found 6253 results on 251 pages for 'apache2 ssl'.

Page 10/251 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Why can't I use SSL certs imported via Server Admin in a custom Apache install?

    - by morgant
    I've got a couple of Mac OS X 10.6.8 Server web servers that run a custom AMP255 (Apache 2.x, MySQL 5.x, and PHP 5.x) stack installed using MacPorts. We've got a lot of Mac OS X Server servers and generally install SSL certs via Server Admin and they "just work" in the built-in services, however, these web servers have always had SSL certs installed in a non-standard location and used only for Apache. Long story short, we're trying to standardize this part of our administration and install certs via Server Admin, but have run into the following issue: when the certs are installed via Server Admin and referenced in our Apache conf files, Apache then prompts for a password upon trying to start. It does not seem to be any password we know, certainly not the admin or keychain passwords! We've added the _www user to the certusers (mainly just to ensure they have the proper access to the private key in /etc/certificates/). So, with the custom installed certs we have the following files (basically just pasted in from the company we purchase our certs from): -rw-r--r-- 1 root admin 1395 Apr 10 11:22 *.domain.tld.ca -rw-r--r-- 1 root admin 1656 Apr 10 11:21 *.domain.tld.cert -rw-r--r-- 1 root admin 1680 Apr 10 11:22 *.domain.tld.key And the following in the VirtualHost in /opt/local/apache2/conf/extra/httpd-ssl.conf: SSLCertificateFile /path/to/certs/*.domain.tld.cert SSLCertificateKeyFile /path/to/certs/*.domain.tld.key SSLCACertificateFile /path/to/certs/*.domain.tld.ca This setup functions normally. If we use the certs installed via Server Admin, which both Server Admin & Keychain Assistant show as valid, they're installed in /etc/certificates/ as follows: -rw-r--r-- 1 root wheel 1655 Apr 9 13:44 *.domain.tld.SOMELONGHASH.cert.pem -rw-r--r-- 1 root wheel 4266 Apr 9 13:44 *.domain.tld.SOMELONGHASH.chain.pem -rw-r----- 1 root certusers 3406 Apr 9 13:44 *.domain.tld.SOMELONGHASH.concat.pem -rw-r----- 1 root certusers 1751 Apr 9 13:44 *.domain.tld.SOMELONGHASH.key.pem And if we replace the aforementioned lines in our httpd-ssl.conf with the following: SSLCertificateFile /etc/certificates/*.domain.tld.SOMELONGHASH.cert.pem SSLCertificateKeyFile /etc/certificates/*.domain.tld.SOMELONGHASH.key.pem SSLCertificateChainFile /etc/certificates/*.domain.tld.SOMELONGHASH.chain.pem This prompts for the unknown password. I have also tried httpd-ssl.conf configured as follows: SSLCertificateFile /etc/certificates/*.domain.tld.SOMELONGHASH.cert.pem SSLCertificateKeyFile /etc/certificates/*.domain.tld.SOMELONGHASH.key.pem SSLCertificateChainFile /etc/certificates/*.domain.tld.SOMELONGHASH.concat.pem And as: SSLCertificateFile /etc/certificates/*.domain.tld.SOMELONGHASH.cert.pem SSLCertificateKeyFile /etc/certificates/*.domain.tld.SOMELONGHASH.key.pem SSLCACertificateFile /etc/certificates/*.domain.tld.SOMELONGHASH.chain.pem We've verified that the certificate is configured to allow all applications access it (in Keychain Assistant). A diff of the /etc/certificates/*.domain.tld.SOMELONGHASH.key.pem & *.domain.tld.key files shows the former is encrypted and the latter is not, so we're assuming that Server Admin/Keychain Assistant is encrypting them for some reason. I know I can create an unencrypted key file as follows: sudo openssl rsa -in /etc/certificates/*.domain.tld.SOMELONGHASH.key.pem -out /etc/certificates/*.domain.tld.SOMELONGHASH.key.no_password.pem But, I can't do that without entering the password. I thought maybe I could export an unencrypted copy of the key from Keychain Admin, but I'm not seeing such an option (not to mention that the .pem options are greyed out in all export options). Any assistance would be greatly appreciated.

    Read the article

  • Internet Explorer cannot display page from apache with single SSL virtual host

    - by P.scheit
    I have a question that has come up somehow in different questions but I still can't find the solution, yet. My problem is that I'm hosting a site on apache 2.4 on debian with SSL and Internet Explorer 7 on windows xp shows Internet Explorer cannot display the webpage I have only ONE virtual host that uses ssl, but DIFFERENT virtual hosts that use http. Here is my config for the site with SSL enabled (etc/sites-avaible/default-ssl is NOT linked) <Virtualhost xx.yyy.86.193:443> ServerName www.my-certified-domain.de ServerAlias my-certified-domain.de DocumentRoot "/var/local/www/my-certified-domain.de/current/www" Alias /files "/var/local/www/my-certified-domain.de/current/files" CustomLog /var/log/apache2/access.my-certified-domain.de.log combined <Directory "/var/local/www/my-certified-domain.de/current/www"> AllowOverride All </Directory> SSLEngine on SSLCertificateFile /etc/ssl/certs/www.my-certified-domain.de.crt SSLCertificateKeyFile /etc/ssl/private/www.my-certified-domain.de.key SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLCertificateChainFile /etc/apache2/ssl.crt/www.my-certified-domain.de.ca BrowserMatch "MSIE [2-8]" nokeepalive downgrade-1.0 force-response-1.0 </VirtualHost> <VirtualHost *:80> ServerName www.my-certified-domain.de ServerAlias my-certified-domain.de CustomLog /var/log/apache2/access.my-certified-domain.de.log combined Redirect permanent / https://www.my-certified-domain.de/ </VirtualHost> my ports.conf looks like this: NameVirtualHost *:80 Listen 80 <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> the output from apache2ctl -S is like this: xx.yyy.86.193:443 www.my-certified-domain.de (/etc/apache2/sites-enabled/020-my-certified-domain.de:1) wildcard NameVirtualHosts and _default_ servers: *:80 is a NameVirtualHost default server phpmyadmin.my-certified-domain.de (/etc/apache2/conf.d/phpmyadmin.conf:3) port 80 namevhost phpmyadmin.my-certified-domain.de (/etc/apache2/conf.d/phpmyadmin.conf:3) port 80 namevhost staging.my-certified-domain.de (/etc/apache2/sites-enabled/010-staging.my-certified-domain.de:1) port 80 namevhost testing.my-certified-domain.de (/etc/apache2/sites-enabled/015-testing.my-certified-domain.de:1) port 80 namevhost www.my-certified-domain.de (/etc/apache2/sites-enabled/020-my-certified-domain.de:31) I included the solution for this question: Internet explorer cannot display the page, other browsers can, possibly htaccess / server error And I understand the answer from this question: How to setup Apache NameVirtualHost on SSL? In fakt: I only have one ssl certificate for the domain. And I only want to run ONE virtual host with ssl. So I just want to use the one ip for the ssl virtual host. But still (after rebooting / restarting / testing) internet explorer will still not show the page. When I intepret the apachectl -S as well, I already have only one SSL host and this should response to the initial SSH handshake, shouldn't it? What is wrong in this setup? Thank you so much Philipp

    Read the article

  • Mutual SSL Client Authentication

    - by nordisk
    Hi, I'm trying to achieve mutual SSL client authentication but without much success so far. Let me explain my scenario first: I have a client certificate issued by an intermediate CA whose certificate in turn was issued by a root CA (the intermediate and root CAs are within the company's network). This is the certificate I am including as part of my call to the server (using the HttpWebRequest object). The server has imported my client certificate and it is one of the certificates presented to me. An important thing to note is that the server does not trust the intermediate CA or the root for that matter. What we're trying to achieve is authentication against the certificate directly, i.e. mutual authentication using my client certificate. The error I'm getting is: "The request was aborted: Could not create SSL/TLS secure channel." From my trace logs I also get the following: System.Net Information: 0 : [3380] SecureChannel#34868631 - We have user-provided certificates. The server has specified 2 issuer(s). Looking for certificates that match any of the issuers. System.Net Information: 0 : [3380] SecureChannel#34868631 - Left with 0 client certificates to choose from. One of the certificates presented to us from the server is the same as our client certificate but the matching between them seems to fail. It looks like it's trying to verify the issuer. Now to make things even more interesting: If the server trusts and sends back the intermediate CA then everything works fine! (This is not an option for the production environment though I'm told) Using jmeter to test the request works fine too. I can only assume that Java's SSL handshake implementation is somewhat different. So it really comes down to this: Do you need to implement mutual SSL authentication differently from normal client SSL authentication? Any ideas or comments would be greatly appreciated.

    Read the article

  • Test SSL Certificate for MQ SSL Testing

    - by user171523
    I am in the process of testing MQ calls over the SSL. I woul like to know where i can get some demo SSL certificates. That i can use them for testing. I also would like to know if there any code sample which i can use to pass SSL kind of connection. The exaple i am looking is in C#

    Read the article

  • Comparison of SSL Certificates

    - by Walley
    My web application most definately needs an SSL certificate I was looking into godaddy's: http://www.godaddy.com/ssl/ssl-certificates.aspx The standard doesn't appear to have the lock in the URL bar, which a lot of users might not consider secure... How true is this? The Standard has https:// obviously in the bar, but is that enough to persuade users to want to enter in confidential information?? I'd appreciate any experience anyone has had with this. or any alterates they've dealt with. Is $100/year really the going rate for an SSL cert that has the lock in the url bar? Thanks SO!

    Read the article

  • Setting multiple Apache2 VirtualHosts with the same DocumentRoot?

    - by sobi3ch
    I'm trying to accomplish something like this DocumentRoot /www/_offline.com <VirtualHost *:80> ServerName example1.com ServerAlias www.example1.com </VirtualHost> <VirtualHost *:80> ServerName example2.com ServerAlias www.example2.com DocumentRoot /www/_offline.com </VirtualHost> Is it possible to have ONE documentRoot for different domains? VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:80 is a NameVirtualHost default server localhost (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost localhost (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost aa.atd (/etc/apache2/sites-enabled/all-phoenix-domains:2) port 80 namevhost atd.atd (/etc/apache2/sites-enabled/all-phoenix-domains:13) port 80 namevhost test (/etc/apache2/sites-enabled/test:1) Syntax OK

    Read the article

  • apache2 installation conflicts with previous lampp content

    - by Fruit
    hej, i downloaded xampp-linux-1.7.3a.tar.gz and installed it manually, not with aptitude. That was a mistake as proved later, due to some configurational issues i decided to remove it and install it via aptitude install apache2. Now the previous lampp conflicts with the new apache2, i get this error message. Starting web server apache2 apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down how can delete the existing lampp files entirely or how can i configure apache2 to work as intended ? any help will be appreciated

    Read the article

  • Apache SSL reverse proxy to a Embed Tomcat

    - by ggarcia24
    I'm trying to put in place a reverse proxy for an application that is running a tomcat embed server over SSL. The application needs to run over SSL on the port 9002 so I have no way of "disabling SSL" for this app. The current setup schema looks like this: [192.168.0.10:443 - Apache with mod_proxy] --> [192.168.0.10:9002 - Tomcat App] After googling on how to make such a setup (and testing) I came across this: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137 Which lead to make my current configuration (to try to emulate the --secure-protocol=sslv3 option of wget) /etc/apache2/sites/enabled/default-ssl: <VirtualHost _default_:443> SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key SSLProxyEngine On SSLProxyProtocol SSLv3 SSLProxyCipherSuite SSLv3 ProxyPass /test/ https://192.168.0.10:9002/ ProxyPassReverse /test/ https://192.168.0.10:9002/ LogLevel debug ErrorLog /var/log/apache2/error-ssl.log CustomLog /var/log/apache2/access-ssl.log combined </VirtualHost> The thing is that the error log is showing error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol Complete request log: [Wed Mar 13 20:05:57 2013] [debug] mod_proxy.c(1020): Running scheme https handler (attempt 0) [Wed Mar 13 20:05:57 2013] [debug] mod_proxy_http.c(1973): proxy: HTTP: serving URL https://192.168.0.10:9002/ [Wed Mar 13 20:05:57 2013] [debug] proxy_util.c(2011): proxy: HTTPS: has acquired connection for (192.168.0.10) [Wed Mar 13 20:05:57 2013] [debug] proxy_util.c(2067): proxy: connecting https://192.168.0.10:9002/ to 192.168.0.10:9002 [Wed Mar 13 20:05:57 2013] [debug] proxy_util.c(2193): proxy: connected / to 192.168.0.10:9002 [Wed Mar 13 20:05:57 2013] [debug] proxy_util.c(2444): proxy: HTTPS: fam 2 socket created to connect to 192.168.0.10 [Wed Mar 13 20:05:57 2013] [debug] proxy_util.c(2576): proxy: HTTPS: connection complete to 192.168.0.10:9002 (192.168.0.10) [Wed Mar 13 20:05:57 2013] [info] [client 192.168.0.10] Connection to child 0 established (server demo1agrubu01.demo.lab:443) [Wed Mar 13 20:05:57 2013] [info] Seeding PRNG with 656 bytes of entropy [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/connect initialization [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: unknown state [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_io.c(1897): OpenSSL: read 7/7 bytes from BIO#7f122800a100 [mem: 7f1230018f60] (BIO dump follows) [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_io.c(1830): +-------------------------------------------------------------------------+ [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_io.c(1869): | 0000: 15 03 01 00 02 02 50 ......P | [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_io.c(1875): +-------------------------------------------------------------------------+ [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in unknown state [Wed Mar 13 20:05:57 2013] [info] [client 192.168.0.10] SSL Proxy connect failed [Wed Mar 13 20:05:57 2013] [info] SSL Library Error: 336032002 error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol [Wed Mar 13 20:05:57 2013] [info] [client 192.168.0.10] Connection closed to child 0 with abortive shutdown (server example1.domain.tld:443) [Wed Mar 13 20:05:57 2013] [error] (502)Unknown error 502: proxy: pass request body failed to 172.31.4.13:9002 (192.168.0.10) [Wed Mar 13 20:05:57 2013] [error] [client 192.168.0.10] proxy: Error during SSL Handshake with remote server returned by /dsfe/ [Wed Mar 13 20:05:57 2013] [error] proxy: pass request body failed to 192.168.0.10:9002 (172.31.4.13) from 172.31.4.13 () [Wed Mar 13 20:05:57 2013] [debug] proxy_util.c(2029): proxy: HTTPS: has released connection for (172.31.4.13) [Wed Mar 13 20:05:57 2013] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSL negotiation finished successfully [Wed Mar 13 20:05:57 2013] [info] [client 192.168.0.10] Connection closed to child 6 with standard shutdown (server example1.domain.tld:443) If I do a wget --secure-protocol=sslv3 --no-check-certificate https://192.168.0.10:9002/ it works perfectly, but from apache is not working. I'm on an Ubuntu Server with the latest updates running apache2 with mod_proxy and mod_ssl enabled: ~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS" ~# dpkg -s apache2 ... Version: 2.2.22-1ubuntu1.2 ... ~# dpkg -s openssl ... Version: 1.0.1-4ubuntu5.7 ... Hope that anyone may help

    Read the article

  • How to log invalid client SSL certificate in SSL

    - by matra
    I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to do this? I probably can not use WireShark, because client certificatethat is passed from the client is probably already encryped. I am running a WIndows 2003 server. Matra

    Read the article

  • How Do I Enable My Ubuntu Server To Host Various SSL-Enabled Websites?

    - by Andy Ibanez
    Actually, I Have looked around for a few hours now, but I can't get this to work. The main problem I'm having is that only one out of two sites works. I have my website which will mostly be used for an app. It's called atajosapp.com . atajosapp.com will have three main sites: www.atajosapp.com <- Homepage for the app. auth.atajosapp.com <- Login endpoint for my API (needs SSL) api.atajosapp.com <- Main endpoint for my API (needs SSL). If you attempt to access api.atajosapp.com it works. It will throw you a 403 error and a JSON output, but that's fully intentional. If you try to access auth.atajosapp.com however, the site simply doesn't load. Chrome complains with: The webpage at https://auth.atajosapp.com/ might be temporarily down or it may have moved permanently to a new web address. Error code: ERR_TUNNEL_CONNECTION_FAILED But the website IS there. If you try to access www.atajosapp.com or any other HTTP site, it connects fine. It just doesn't like dealing with more than one HTTPS websites, it seems. The VirtualHost for api.atajosapp.com looks like this: <VirtualHost *:443> DocumentRoot /var/www/api.atajosapp.com ServerName api.atajosapp.com SSLEngine on SSLCertificateFile /certificates/STAR_atajosapp_com.crt SSLCertificateKeyFile /certificates/star_atajosapp_com.key SSLCertificateChainFile /certificates/PositiveSSLCA2.crt </VirtualHost> auth.atajosapp.com Looks very similar: <VirtualHost *:443> DocumentRoot /var/www/auth.atajosapp.com ServerName auth.atajosapp.com SSLEngine on SSLCertificateFile /certificates/STAR_atajosapp_com.crt SSLCertificateKeyFile /certificates/star_atajosapp_com.key SSLCertificateChainFile /certificates/PositiveSSLCA2.crt </VirtualHost> Now I have found many websites that talk about possible solutions. At first, I was getting a message like this: _default_ VirtualHost overlap on port 443, the first has precedence But after googling for hours, I managed to solve it by editing both apache2.conf and ports.conf. This is the last thing I added to ports.conf: <IfModule mod_ssl.c> NameVirtualHost *:443 # SSL name based virtual hosts are not yet supported, therefore no # NameVirtualHost statement here NameVirtualHost *:443 Listen 443 </IfModule> Still, right now only api.atajosapp.com and www.atajosapp.com are working. I still can't access auth.atajosapp.com. When I check the error log, I see this: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) I don't know what else to do to make both sites work fine on this. I purchased a Wildcard SSL certificate from Comodo that supposedly secures *.atajosapp.com, so after hours trying and googling, I don't know what's wrong anymore. Any help will be really appreciated. EDIT: I just ran the apachectl -t -D DUMP_VHOSTS command and this is the output. Can't make much sense of it...: root@atajosapp:/# apachectl -t -D DUMP_VHOSTS apache2: Could not reliably determine the server's fully qualified domain name, using atajosapp.com for ServerName [Thu Nov 07 02:01:24 2013] [warn] NameVirtualHost *:443 has no VirtualHosts VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:443 is a NameVirtualHost default server api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1) port 443 namevhost api.atajosapp.com (/etc/apache2/sites-enabled/api.atajosapp.com:1) port 443 namevhost auth.atajosapp.com (/etc/apache2/sites-enabled/auth.atajosapp.com:1) *:80 is a NameVirtualHost default server atajosapp.com (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost atajosapp.com (/etc/apache2/sites-enabled/000-default:1)

    Read the article

  • SSL cert issued to and SAN attribute

    - by Jai
    I have added a cert to my application cacerts file. The new cert is issued to one DNS(abc.com) and they have added few other DNS(XYZ.com, TEST.com) to the SAN attribute while creating. I tried accessing one of the DNS(XYZ.com) given in SAN attribute, it throws me the below mentioned error. <Certificate chain received from XYZ.com failed hostname verification check. Certificate contained abc.com but check expected XYZ.com> If we have more DNS for an application, Do we need to generate cert for every single DNS?

    Read the article

  • Generating SSL certificates

    - by user73483
    Hi, I was wondering if anyone has any idea in how to generate a signed CA cert and key using openssl? I have found this website (http://dev.mysql.com/doc/refman/5.1/en/secure-create-certs.html) to generate the client and server certs for mysql server but the example is a self-signed certificate. I use the following command for running the server and client using openssl and the generated certs and keys: openssl s_server -accept 6502 -cert server-cert.pem -key server-key.pem -CAfile ca-cert.pem -www openssl s_client -connect 192.168.1.92:6502 -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem The error output I get is "Verify return code: 18 (self signed certificate)". Paul

    Read the article

  • SSL to SSL Redirects in IIS - Possible?

    - by Eric
    We have a situation where we would like to redirect https://service1.domain.com to https://service2.domain.com. I know this is very simple with http endpoints, but I'm not too sure about https. We have some legacy windows application web service clients that will not be updating their software version soon, and we cannot update their web references to https://service2.domain.com. Is there any way to leave these web service clients pointing to https://service1.domain.com, but have their requests forwarded to (and responded to by) https://service2.comain.com? The old server is running IIS 6.0. The new server is running IIS 7.0. We could probably upgrade it to 7.5 if needed, but I'm not certain. We could also probably make a seamless transition of the old web service to a new server using public DNS, but we cannot change the DNS name of "service1.domain.com." Thanks ServerFault!

    Read the article

  • SSL/https setup for herokuapp.com address rather than my actual domain

    - by new2ruby
    I have a subdomain of my site pointed to a rails app at mysite.herokuapp.com. I bought a certificate from godaddy and seem to have that all set up correctly. So that when I go to: http://mysite.herokuapp.com or http://dev.mysite.com it's redirected to: https://mysite.herokuapp.com or https://dev.mysite.com The problem is that when I visit dev.mysite.com, I get the error: Safari can't verify the identity of the website. But when I go to mysite.herokuapp.com, I don't get the error. I wanted this to be set up the other way, so that dev.mysite.com did not cause the error. I'm not sure where I went wrong. I used dev.mysite.com when generating the key and when setting it up at godaddy.com. Any ideas where I should look? P.S. The old site is hosted at dreamhost and the DNS info is stored there as well. So I created a subdomain there of type cname which points to mysite.herokuapp.com.

    Read the article

  • Apache2 unable to start: private key not found

    - by user3161330
    today I edited some vhosts in my Apache installation and when I tried to restart it I got this error: [Sun Jun 08 15:20:19 2014] [error] Init: Private key not found [Sun Jun 08 15:20:19 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Sun Jun 08 15:20:19 2014] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error [Sun Jun 08 15:20:19 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Sun Jun 08 15:20:19 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Sun Jun 08 15:20:19 2014] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib [Sun Jun 08 15:20:19 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Sun Jun 08 15:20:19 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error I have tried to generate new self signed certificates issuing this command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.cert.key -out server.cert.crt but the error still exists. The private key chmod is 600, and if I open it with nano looks, fine. I'm running Apache2 on a debian 7 machine.

    Read the article

  • How to configure Apache to act as an SSL proxy to an application server?

    - by ripper234
    I have one physical server that runs: an Apache (httpd) server another web server (let's say Tomcat for sake of argument) on port 1234 Can I configure the Apache server to act as a proxy for SSL traffic, while keeping the application server blissfully unaware of SSL? What I imagine is: Traffic to http://myserevr.com/app is redirected to https://myserver.com/app Traffic to https://myserver.com/app is proxied to the application server. My SSL certificate is only installed on the Apache server, not on the Application server Other traffic to the Apache server (http://myserver.com/anotherapp) is served directly from the Apache server What's the best setup to achieve this? (On Ubuntu, if that matters)

    Read the article

  • Apache2 Permission denied: access to / denied

    - by futureled
    Hi, after installing and starting apache2 i can't open the website and got the error "Forbidden You don't have permission to access / on this server." I tried some different options in the httpd.conf, but nothing helped me solving this problem. All permissions for every directory are "drwxr-xr-x". The directory /www contains a file names index.html with the same permissions. Please do not wonder, the time in the errorlog is not correctly. I have no idea what the problem is, i hope someone can help me. my httpd.conf: ServerRoot "/etc/apache2" Listen 80 User daemon Group daemon ServerAdmin [email protected] DocumentRoot "/var/www" Options FollowSymLinks AllowOverride None Order Deny,Allow Deny from all Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html Order allow,deny Deny from all Satisfy All ErrorLog /var/apache2/logs/error_log LogLevel warn LogFormat "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog /var/apache2/logs/access_log common ScriptAlias /cgi-bin/ "/usr/share/apache2/cgi-bin/" AllowOverride None Options None Order allow,deny Allow from all DefaultType text/plain TypesConfig /etc/apache2/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz SSLRandomSeed startup builtin SSLRandomSeed connect builtin my error_log: [Sat Jan 01 00:50:26 2000] [notice] caught SIGTERM, shutting down [Sat Jan 01 00:50:33 2000] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Sat Jan 01 00:50:34 2000] [notice] Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8j configured -- resuming normal operations [Sat Jan 01 00:50:36 2000] [error] [client 192.168.1.44] (13)Permission denied: access to / denied [Sat Jan 01 00:50:37 2000] [error] [client 192.168.1.44] (13)Permission denied: access to / denied [Sat Jan 01 00:50:37 2000] [error] [client 192.168.1.44] (13)Permission denied: access to / denied [Sat Jan 01 00:50:37 2000] [error] [client 192.168.1.44] (13)Permission denied: access to / denied [Sat Jan 01 00:50:38 2000] [error] [client 192.168.1.44] (13)Permission denied: access to / denied [Sat Jan 01 00:50:38 2000] [error] [client 192.168.1.44] (13)Permission denied: access to / denied

    Read the article

  • Running gdb on Ubuntu 9.10 Apache2 Install

    - by AJ
    Hi all, I am trying to run gdb to debug my Ubuntu 9.10 Apache2 install and having a couple of problems: It seems like the package installed by Ubuntu for Apache2 does not include debugging symbols; is there a different version of the package I should be using for developing/debugging? When I try to run gdb, I get an error that looks to be caused by some missing environment variable. Are there additional options I should pass to "run" to get this to work? Here is the output of the debugger session: root@aj-ubuntu:/usr/sbin# gdb apache2 GNU gdb (GDB) 7.0-ubuntu Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/apache2...(no debugging symbols found)...done. (gdb) run -X Starting program: /usr/sbin/apache2 -X [Thread debugging using libthread_db enabled] apache2: bad user name ${APACHE_RUN_USER} Program exited with code 01. (gdb) Thanks in advance, -aj

    Read the article

  • Apache2's recursive directory permission requirement

    - by Sn3akyP3t3
    The experience I've had thus far is from Ubuntu 10.04 and 12.04 64 bit OS so if there are other OS differences I'd like to know if this is an OS specific problem or not. The issue I've experienced is mostly confusion. Once the cause of the problem is identified and corrected there are no further related problems experienced. The symptom is Error 403 forbidden. Typically the cause is attempting to use a directory other than /var/www/ for content. The cause is simply permissions, but its puzzling why the required permissions must persist from at least one level deeper than root onward till the current working directory where the content is stored. For example: Alias /example/ "/home/user/permissions/can/be/confusing/with/apache/" <Directory /home/user/permissions/can/be/confusing/with/apache/> Options FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> With www-data being the user that spawned apache and "user" being a member of the www-data group. Thus, if ownership of /home/user/* is user:user then all that is necessary to display content with apache is permssions of read and execute. So d---r-x--- should suffice, but for practical purposes I'm using drwxr-x--- for most. However, if all directories /home/user/* are permissions of drwxr-x-- and /home/user/ itself has permissions of drwx------ then content will always fail with error 403. This is strange because it doesn't follow what I would consider traditional logic of permissions which should only be applicable to the current working directory or a particular file in that directory and not any directory further back in the chain. Is this by design or is it a bug?

    Read the article

  • 500 error with deploying rails application via apache2+passenger

    - by user1633983
    I finally completed my own app, so the only work left is deploying the app. I'm using Ubuntu 10.04 and apache2(installed by apt-get), so I'm trying to deploy through passenger. I installed passenger gem like this: sudo gem install passenger rvmsudo passenger-install-apache2-module and I configured apache settings as what the installation message says. I added below lines in the middle of /etc/apache2/apache2.conf file. LoadModule passenger_module /home/admin/.rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.17/ext/apache2/mod_passenger.so PassengerRoot /home/admin/.rvm/gems/ruby-1.9.3-p194/gems/passenger-3.0.17 PassengerRuby /home/admin/.rvm/wrappers/ruby-1.9.3-p194/ruby and, I appended below lines in /etc/apache2/sites-available/default file. <VirtualHost *:80> ServerName localhost # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /home/admin/homepage/public <Directory /home/admin/homepage/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> But when I restart the apache service and hit the address, 500 error occurs. At first, it was same 500 error but the 500 error page is from apache's, but when I reinstalled the libapache2-module-passenger, the 500 error page is changed to that from rails'. Because of rails' 500 error page(which is located at public/500.html), I think passenger module is properly connected with apache. What should I do to fix this problem? Do I need to configure something inside my app before deployment?

    Read the article

  • Bizarre image loading problem from apache2

    - by NateDSaint
    Users have complained a few times about seeing a bizarre set of pink or green stripes on our webpage. At first I thought there were a rash of video card outages, but then someone sent me a screenshot from their browser (IE8). I later saw the same thing, but with slightly different colors on Chrome. Users have experienced this on their iPads and iPhones (iOS Safari). Because I've optimized the site to cache images, the bad image stays around until you clear your cache, so once you do, it resolves itself. My assumption is that the transmission of the image is being cut off mid-stream and then staying that way, but I can't for the life of me figure out why. Here's what I've checked: Header length is being sent, and transmission looks okay (wget sample below): wget http://www.superiorlivestock.com/templates/sla2/images/wallbg2.jpg --2012-04-05 08:46:00-- http://www.superiorlivestock.com/templates/sla2/images/wallbg2.jpg Resolving www.superiorlivestock.com (www.superiorlivestock.com)... [ip redacted] Connecting to www.superiorlivestock.com (www.superiorlivestock.com)|[ip redacted]|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 45926 (45K) [image/jpeg] Saving to: `wallbg2.jpg' Images are not being served gzipped (apache conf below): SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary The site is www.superiorlivestock.com, and here's a sample of the bad page load: Is there something obvious I'm missing? Am I saving my images in the wrong format somehow?

    Read the article

  • Apache2 + Php + Pthreads HowTos

    - by Drug
    04 LTS 64 bit. What I would really love to do is sudo apt-get install libapache2-mod-php5 but compile PHP with --enable-maintainer-zts so I could later install pthreads with pecl install pthreads. Sadly I understand that it is not possible. I know that the easiest way is to recompile PHP together with apache support and zts. However I really like the way the standard Ubuntu PHP package is configured and I am used to the path`s for CLI php.ini config, Apache php.ini config and other paths for modules and files that this Ubuntu package defines. So i just want to change the package source a little bit and install it. # Get the stuff necessary to build the package sudo apt-get build-dep php5-common # Get the package source sudo apt-get source php5-common At this point I am getting sources not for the php5-common package but the whole php5 package. If I would sudo make && make install at this point, would it mean that I am installing a lot of unnecessary stuff? # Add configuration options ./configure --enable-maintainer-zts Does this mean that I am appending a configuration option? Or am I generating a whole new config? Alternative at this point Is there a way of getting the config options that this package defines, so that I can grab a php source from php.net and compile it with $ ./configure --prefix=package_prefix \ // Option 1 from package --enable-embed \ // Option 2 from package --with-regex=php \ // Option 3 from package Continuing the main idea ... Solution 1 # Compile (Not compiling) sudo make && make install Will I be building PHP with EVERYTHING at this point? If I compile like this, I will not be able to remove the mess I made using sudo apt-get purge php5? Solution 2 # ReCompile the package dpkg-buildpackage -rfakeroot -uc -b This does not compile also. Please correct my steps, so I can install everything correctly.

    Read the article

  • Using Apache2 to set up a basic webpage

    - by mrhatter
    I am having a problem with a test page I set up for my website. The config file (index.html) looks like this <html> <head> <title>Welcome to website.net!</title> </head> <body> <h1>Success! The website.net virtual host is working!</h1> </body> </html> Which should display a page like this in my browser when I navigate to www.mywebsite.net Welcome to website.net! Success! The website.net virtual host is working! However I get a 403 "forbidden" error when I navigate to the page. What am I missing? I have the directory installed on /var/www/mywebsite.net/public_html/index.html I have the permissions of the /var/www directory set to 755 so that others can read and exicute it but it does not seem to be working. I also have port 80 open on my iptable. The server is a VPS server if that makes a difference however I have added a DNS record for the ip address. Any help is appreciated! UPDATE: Here is my virtual host configuration file "mywebsite.net.conf" <VirtualHost *:80> # Admin email, Server Name (domain name), and any aliases ServerAdmin [email protected] ServerName www.mywebsite.net ServerAlias mywebsite.net # Index file and Document Root (where the public files are located) DirectoryIndex index.html index.php DocumentRoot /home/myusername/public/mywebsite.net/public # Log file locations LogLevel warn ErrorLog /home/mysuername/public/mywebsite.net/log/error.log CustomLog /home/myusername/public/mywebsite.net/log/access.log combined <Directory /home/myusername/public/mywebsite.net/public> Options Indexes ExecCGI Includes FollowSymLinks MultiViews AllowOverride All Order Deny,Allow Allow from all </Directory> </VirtualHost>

    Read the article

  • Apache2 VirtualHost on Debian not working

    - by milo5b
    I am having some problems with Apache2 configuration. I have already tried to look for documentation on the web (Apache's site, Debian's site, here on serverfault, etc), but nothing really helps. I have tried different configurations, but my current configuration is the following (/etc/apache2/sites-available/default): <VirtualHost *:80> ServerAdmin [email protected] ServerName mysite.dev ServerAlias mysite.dev DocumentRoot /var/www/mysite.dev/httpdocs/ ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:80> ServerAdmin [email protected] ServerName livesite.com ServerAlias www.livesite.com DocumentRoot /var/www/livesite.com/httpdocs/ <Directory /var/www/livesite.com/httpdocs/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> mysite.dev it's just an entry in hosts file on my client machine, while livesite.com it's an actual DNS record which would resolve to the same IP as the IP set in hosts file for mysite.dev. The problem is that when i try to type mysite.dev in my browser, it would automatically go to livesite.com. I tried to have different /etc/apache2/sites-enabled/ files (/etc/apache2/sites-enabled/mysite.dev , /etc/apache2/sites-enabled/livesite.com ) - and of course with the actual sites-available related files, but achieving the same results. I have tried to have a peak on error.log and access.log but there's nothing I can see. My httpd.conf contains: AccessFileName .htaccess And I have no /etc/apache2/conf.d/virtual.conf file. Any help would be greatly appreciated - if I did not provide enough info please let me know I will do my best to provide all necessary info. Thanks

    Read the article

  • How to figure out how much RAM each prefork thread requires for maximum Wordpress performance on an EC2 small instance

    - by two7s_clash
    Just read Making WordPress Stable on EC2-Micro In the "Tuning Apache" section, I can't quite figure out how he comes up with his numbers for his prefork config. He explains how to get the numbers for an average process, which I get. But then: Or roughly 53MB per process...In this case, ten threads should be safe. This means that if we receive more than ten simultaneous requests, the other requests will be queued until a worker thread is available. In order to maximize performance, we will also configure the system to have this number of threads available all of the time. From 53MB per process, with 613MB of RAM, he somehow gets this config, which I don't get: <IfModule prefork.c> StartServers 10 MinSpareServers 10 MaxSpareServers 10 MaxClients 10 MaxRequestsPerChild 4000 </IfModule> How exactly does he get this from 53MB per process, with 613MB limit? Bonus question From the below, on a small instance (1.7 GB memory), what would good settings be? bitnami@ip-10-203-39-166:~$ ps xav |grep httpd 1411 ? Ss 0:00 2 0 114928 15436 0.8 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1415 ? S 0:06 10 0 125860 55900 3.1 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1426 ? S 0:08 19 0 127000 62996 3.5 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1446 ? S 0:05 48 0 131932 72792 4.1 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1513 ? S 0:05 7 0 125672 54840 3.1 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1516 ? S 0:02 2 0 125228 48680 2.7 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1517 ? S 0:06 2 0 127004 55796 3.1 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1518 ? S 0:03 1 0 127196 54208 3.0 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf 1531 ? R 0:04 0 0 127500 54236 3.0 /opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >