Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
swaro2020-01-31 14:31:01
Apache HTTP Server
swaro, 2020-01-31 14:31:01

Why doesn't SSL certificate work on Apache2?

Good afternoon. The following situation has arisen: the SSL certificate does not work on my Apache2 web server. I received 4 files: the certificate itself for the domain, key, intermediate and root. I uploaded it to the server, sorted it into folders, connected mod_ssl to Apache, configured all paths to folders and files in "default-ssl.conf". I restart Apache, I get nothing but errors. FireFox gives "SSL_ERROR_RX_RECORD_TOO_LONG", Chrome gives "ERR_SSL_PROTOCOL_ERROR". The config itself. Where did I go wrong or did something wrong?

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin [email protected]
                DocumentRoot /var/www/html
                #LogLevel info ssl:warn
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                #Include conf-available/serve-cgi-bin.conf
                SSLEngine on
                SSLCertificateFile /etc/ssl/certs/domain.crt
                SSLCertificateKeyFile /etc/ssl/private/private.key
                SSLCertificateChainFile /etc/ssl/certs/int.crt
                SSLCACertificatePath /etc/ssl/certs/
                SSLCACertificateFile /etc/ssl/certs/root.crt
                #SSLVerifyClient require
                #SSLVerifyDepth  10
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
        </VirtualHost>
</IfModule>

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Andrey Barbolin, 2020-01-31
@dronmaxman

My version.
Instead of SSLCertificateChainFile, my root and intermediate certificates are in the same /etc/ssl/certs/star_domain_ua.ca-bundle file.
In what form do you have certificates? Did you convert them or just change the extension?
What will the command

openssl x509 -in /etc/ssl/certs/wildcard-dv-domain-ua.cer -text -noout | grep -A1 'X509v3 Key Usage'
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment

SSLEngine on
        SSLCertificateFile /etc/ssl/certs/wildcard-dv-domain-ua.cer
        SSLCertificateKeyFile /etc/ssl/private/wildcard-dv-domain-ua-private.key
        SSLCACertificateFile    /etc/ssl/certs/star_domain_ua.ca-bundle
        SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
        SSLHonorCipherOrder on
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
        SSLHonorCipherOrder on
        SSLHonorCipherOrder on
        SSLStrictSNIVHostCheck Off
        SSLCompression off
        SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Similar questions
U
unsobill2011-05-13 06:07:21
Apache/php/mysql/rsync interview questions 2Reply
A
Alexander2018-02-13 15:00:10
Apache + WebDav folder access with authorization? 1Reply
A
Adiost2011-06-01 07:39:45
Setting up iptables on ubuntu server 3Reply
A
ANtlord2011-06-10 19:42:14
Zend Optimizer on Apache2 + ubuntu? 4Reply
N
Nikita Souvel2015-10-14 01:40:35
Why is there a 404 error after migrating wordpress? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question