How to run a virtualhost 443 without an SSL cert?
Solution 1
It seems that an SSL certificate is required even if the SSLEngine is not turned on for this virtual host. Is there a way to get around the problem besides providing a cert?
No - when your browser has https
in the URL, it expects to talk SSL. it doesn't, it'll fail. Apache is being nice by telling you this, otherwise you'd have some obscure browser errors to comprehend with. Therefore, you'll need to configure SSL in Apache before you can use port 443
.
If you don't want browser warnings about it being a bad SSL certificate, you'll need to buy one from a Certificate Authority. You can get a free one from https://cert.startcom.org/ which are becoming accepted in more and more places but probably don't have the same level of recognition as paid ones (especially in older machines). I use this for my development sites and have yet to see a warning about them being untrusted, but then again I only use relatively new OSs/browsers.
Solution 2
Yes, there is a way:
Configure your Apache's Listen Directive (on Ubuntu /etc/apache2/ports.conf
)
There will be something in it like: Listen *:443
You can enforce HTTP on it by adding the Protocol to that:
Listen *:443 http
That way Apache2 is able to listen on Port 443 as a simple HTTP Server
Found here: https://httpd.apache.org/docs/2.4/bind.html
vaibhav
Updated on September 18, 2022Comments
-
vaibhav over 1 year
I am having a unique issue which I never came across. In my Case when I use the
"#filterPop"
in the Url chrome is appending additional slash after / like :"#/filterpop"
.Can someone Suggest how to eliminte this behaviour ?
PS: I am using Angular JS but I am not using any Routing.
Thanks.
-
Admin over 11 years
-
Admin over 8 yearsI know this is an old question, but now that it's 2015 there is a service called Let's Encrypt that makes the process of installing a valid, publically trusted SSL certificate for small installations like this incredibly easy, and best of all, free.
-
Jenny about 7 yearsplease post some code.
-
Admin about 6 yearsIn my humble opinion this is really silly behavour by apache. This is a "default" https port rather than a requirement to have https configured on the port. I can set up/not set up https on any port I choose.
-
-
Question Overflow over 11 yearsThe server failed to start. It has nothing to do with the browser.
-
Jee Garin over 11 yearsI made my answer clearer: you need to setup SSL certs to use the SSL port.
-
Question Overflow over 11 yearsOk, I get what you mean -- there is no way to avoid not having a cert. Thanks for the freebee :)
-
Jee Garin over 11 years
wildcard certificate which costs around 600 USD
. No they don't. -
JustMyThoughts - over 11 years@jay - ok, I should have been clearer. They can cost 600 USD depending on your requirements for a wildcard cert. I buy mine from Digicert as I require unlimited CSR signing for multiple private keys and unlimited SANs.
-
Pancho about 6 yearsI don't agree that Apache is doing anyone any favours with this "rule". It should be the server administrator's prerogative to configure a server as desired, selecting whatever ports desired to communicate via the chosen protocols.
-
Pancho about 6 yearsI use a <VirtualHost :443> ServerName www.a.b.c => RewriteRule (.) a.b.c </VirtualHost>. Then I have another full <VirtualHost *:443> ServerName a.b.c .....</VirtualHost> which enables SSLEngine, has the cert etc etc. This approach allows me to purchase a single cert for domain a.b.c and not to care whether people come in on a.b.c or a.b.c. The Apache implementation breaks this and sadly although yours is a great approach I don't think it helps me
-
Bachsau about 4 years@Pancho It does, but you can not have name-based virtual hosts with and without SSL on the same port, as the SSL handshake is the first thing that happens after the connection has been established. It is indeed possible to have a non-ssl webserver listening on port 443, as long as the SSLEngine is disabled for every virtual host on that port. However, it will result in an error if any browser tries to connect there with SSL. You would need to access it like
http://domain:443/
.