SSL over non-standard port?
18,777
The answer is yes.
It's my mistake, I have setup 127.0.0.1 www.b.com
in the /etc/hosts
. Then, however I change the apache config files in the remote server, my browser always resolves www.b.com
to my localhost, where there is a broken certificate.
Related videos on Youtube
Author by
Xiè Jìléi
Updated on September 18, 2022Comments
-
Xiè Jìléi over 1 year
I have two different sites in one server:
a.com
andb.com
.If I use named virtualhost on ssl port, IE won't work.
So, I decided to use port 444 for SSL for
b.com
. However, it seems all browsers give error message:Chrome: Error 107 ssl protocol error Firefox: Error code: ssl_error_rx_record_too_long Epiphany: SSL handshake failed
Umm.. I don't know why, but I do have seen some web sites can be accessed like
https://example.com:1443
.Or did I miss something?
ports.conf:NameVirtualHost *:80 Listen 80 <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 NameVirtualHost *:444 Listen 443 Listen 444 </IfModule> <IfModule mod_gnutls.c> Listen 443 Listen 444 </IfModule>
b.site:
<VirtualHost *:444> ServerName www.b.com:444 ServerAdmin [email protected] LogLevel error ErrorLog /var/log/apache2/b_error.log CustomLog /var/log/apache2/b_access.log combined DocumentRoot ... <Directory ...> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> SSLEngine on SSLCertificateFile /etc/ssl/certs/b.crt SSLCertificateKeyFile /etc/ssl/private/b.pem </VirtualHost>
CA config file to generate the certificate:
[ca] default_ca = CA_default [CA_default] x509_extensions = root_ca_extensions [req] default_bits = 4096 default_keyfile = distinguished_name = req_distinguished_name attributes = req_attributes prompt = no x509_extensions = v3_ca req_extensions = v3_req [req_distinguished_name] C = ... ST = .. O = ... OU = .. CN = ... emailAddress = [email protected] [req_attributes] [root_ca_extensions] basicConstraints = CA:true [v3_ca] basicConstraints = CA:true [v3_req] basicConstraints = CA:false keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = b.com DNS.2 = www.b.com
-
DerfK almost 12 yearsUpdate the question with the configuration for port 444's VirtualHost block
-
uSlackr almost 12 yearsIt is likely your apache config is not correct. Perhaps the listening ports are not set right. If you post a config, we can provide better help
-
-
Xiè Jìléi almost 12 yearsI've just added the port number to see if it works. So, no luck whether or not there is a port number.
-
Mike almost 12 yearsgenerally when I see this it means the browser is talking https on a http port. Is there anything in the error log for the main server or the vhost on startup or connection?