How to run a virtualhost 443 without an SSL cert?

https openssl mod-ssl apache-2.2 ssl
37

Solution 1

It seems that an SSL certificate is required even if the SSLEngine is not turned on for this virtual host. Is there a way to get around the problem besides providing a cert?

No - when your browser has https in the URL, it expects to talk SSL. it doesn't, it'll fail. Apache is being nice by telling you this, otherwise you'd have some obscure browser errors to comprehend with. Therefore, you'll need to configure SSL in Apache before you can use port 443.

If you don't want browser warnings about it being a bad SSL certificate, you'll need to buy one from a Certificate Authority. You can get a free one from https://cert.startcom.org/ which are becoming accepted in more and more places but probably don't have the same level of recognition as paid ones (especially in older machines). I use this for my development sites and have yet to see a warning about them being untrusted, but then again I only use relatively new OSs/browsers.

Solution 2

Yes, there is a way:

Configure your Apache's Listen Directive (on Ubuntu /etc/apache2/ports.conf)

There will be something in it like: Listen *:443

You can enforce HTTP on it by adding the Protocol to that:

Listen *:443 http

That way Apache2 is able to listen on Port 443 as a simple HTTP Server

Found here: https://httpd.apache.org/docs/2.4/bind.html

Share:
37
vaibhav
Author by

vaibhav

Updated on September 18, 2022

Comments

  • vaibhav
    vaibhav over 1 year

    I am having a unique issue which I never came across. In my Case when I use the "#filterPop" in the Url chrome is appending additional slash after / like : "#/filterpop".

    Can someone Suggest how to eliminte this behaviour ?

    PS: I am using Angular JS but I am not using any Routing.

    Thanks.

    • Admin
      Admin over 11 years
    • Admin
      Admin over 8 years
      I know this is an old question, but now that it's 2015 there is a service called Let's Encrypt that makes the process of installing a valid, publically trusted SSL certificate for small installations like this incredibly easy, and best of all, free.
    • Jenny
      Jenny about 7 years
      please post some code.
    • Admin
      Admin about 6 years
      In my humble opinion this is really silly behavour by apache. This is a "default" https port rather than a requirement to have https configured on the port. I can set up/not set up https on any port I choose.
  • Question Overflow
    Question Overflow over 11 years
    The server failed to start. It has nothing to do with the browser.
  • Jee Garin
    Jee Garin over 11 years
    I made my answer clearer: you need to setup SSL certs to use the SSL port.
  • Question Overflow
    Question Overflow over 11 years
    Ok, I get what you mean -- there is no way to avoid not having a cert. Thanks for the freebee :)
  • Jee Garin
    Jee Garin over 11 years
    wildcard certificate which costs around 600 USD. No they don't.
  • JustMyThoughts -
    JustMyThoughts - over 11 years
    @jay - ok, I should have been clearer. They can cost 600 USD depending on your requirements for a wildcard cert. I buy mine from Digicert as I require unlimited CSR signing for multiple private keys and unlimited SANs.
  • Pancho
    Pancho about 6 years
    I don't agree that Apache is doing anyone any favours with this "rule". It should be the server administrator's prerogative to configure a server as desired, selecting whatever ports desired to communicate via the chosen protocols.
  • Pancho
    Pancho about 6 years
    I use a <VirtualHost :443> ServerName www.a.b.c => RewriteRule (.) a.b.c </VirtualHost>. Then I have another full <VirtualHost *:443> ServerName a.b.c .....</VirtualHost> which enables SSLEngine, has the cert etc etc. This approach allows me to purchase a single cert for domain a.b.c and not to care whether people come in on a.b.c or a.b.c. The Apache implementation breaks this and sadly although yours is a great approach I don't think it helps me
  • Bachsau
    Bachsau about 4 years
    @Pancho It does, but you can not have name-based virtual hosts with and without SSL on the same port, as the SSL handshake is the first thing that happens after the connection has been established. It is indeed possible to have a non-ssl webserver listening on port 443, as long as the SSLEngine is disabled for every virtual host on that port. However, it will result in an error if any browser tries to connect there with SSL. You would need to access it like http://domain:443/.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to install godaddy's ssl on apache
ssl_error_bad_mac_alert error in Firefox
SSL URL gives a 404
Possible to have different SSLCACertificateFiles under different Location in Apache (client side ssl certs)
How to disable TLS 1.1 & 1.2 in Apache?
SSL/HTTPS client in C
How to create an OpenSSL Self-Signed Certificate using SAN?
Apache ssl-enabled vhost returns random 400 bad request
SSL/TLS protocols and cipher suites with the AndroidHttpClient
How force that all connections to my Apache use TLSv1.1 or TLSv1.2?