Unable to establish SSL connection how do I fix my SSL cert

Question

I m trying to wget to my own box  and it can t be an internal address in the wget  so says another developer    When I wget  I get this   wget http   example com --2013-03-01 15 03 30--  http   example com  Resolving example com    172 20 0 224 Connecting to example com 172 20 0 224  80    connected  HTTP request sent  awaiting response    302 Found Location  https   www example com   following  --2013-03-01 15 03 30--  https   www example com  Resolving www example com    172 20 0 224 Connecting to www example com 172 20 0 224  443    connected  OpenSSL  error 140770FC SSL routines SSL23 GET SERVER HELLO unknown protocol Unable to establish SSL connection    I believe it is because I do not have the certificate setup properly  Using openssl   openssl s client -connect example com 443 CONNECTED 00000003  15586 error 140770FC SSL routines SSL23 GET SERVER HELLO unknown protocol s23 clnt c 588    While if I do the same command on another site  it shows the entire cert    Perhaps the ssl cert was never setup in the conf file on Apache for that domain   If so  what should I be specifying in the virtualhost  Is there any alternative other than specifying --no-check-certificate because I don t want to do that

User · Answer

Just a quick note  and possible cause    You can have a perfectly correct VirtualHost setup with  default  443 etc  in your Apache  conf file    But    If there is even one  conf file enabled with incorrect settings that also listens to port 443  then it will bring the whole SSL system down    Therefore  if you are sure your  conf file is correct  try disabling the other site  conf files in sites-enabled

User · Answer

SSL23 GET SERVER HELLO unknown protocol   This error happens when OpenSSL receives something other than a ServerHello in a protocol version it understands from the server   It can happen if the server answers with a plain  unencrypted  HTTP   It can also happen if the server only supports e g  TLS 1 2 and the client does not understand that protocol version   Normally  servers are backwards compatible to at least SSL 3 0   TLS 1 0  but maybe this specific server isn t  by implementation or configuration    It is unclear whether you attempted to pass --no-check-certificate or not   I would be rather surprised if that would work   A simple test is to use wget  or a browser  to request http   example com 443  note the http     not https      if it works  SSL is not enabled on port 443   To further debug this  use openssl s client with the -debug option  which right before the error message dumps the first few bytes of the server response which OpenSSL was unable to parse   This may help to identify the problem  especially if the server does not answer with a ServerHello message   To see what exactly OpenSSL is expecting  check the source  look for SSL R UNKNOWN PROTOCOL in ssl s23 clnt c   In any case  looking at the apache error log may provide some insight too

User · Answer

I had this problem when setting up a new EC2 instance  I had not added HTTPS to my security group  and so port 443 was not open

User · Answer

There are a few possibilities    Your workstation doesn t have the root CA cert used to sign your server s cert   How exactly you fix that depends on what OS you re running and what release  etc    I suspect this is not related  Your cert isn t installed properly   If your SSL cert requires an intermediate cert to be presented and you didn t set that up  you can get these warnings  Are you sure you ve enabled SSL on port 443      For starters  to eliminate  3   what happens if you telnet to that port   Assuming it s not  3   then depending on your needs you may be fine with ignoring these errors and just passing --no-certificate-check   You probably want to use a regular browser  which generally will bundle the root certs directly  and see if things are happy   If you want to manually verify the cert  post more details from the openssl s client output   Or use openssl x509 -text -in  path to cert to print it out to your terminal

User · Answer

The problem I faced was in client server environment  The client was trying to connect over http port 80 but wanted the server proxy to redirect the request to some other port and data was https  So basically asking secure information over http  So server should have http port 80 as well as the port client is requesting  let s say urla 1111 subB    The issue was server was hosting this on some other port e g urla 2222 subB  so the client was trying to access over 1111 was receiving the error  Correcting the port number should fix this issue  In this case to port number 1111

User · Answer

For me a DNS name of my server was added to  etc hosts and it was mapped to 127 0 0 1 which resulted in      SL23 GET SERVER HELLO unknown protocol   Removing mapping of my real DNS name to 127 0 0 1 resolved the problem

User · Answer

In my case I had not enabled the site  default-ssl   Only  000-default  was listed in the  etc apache2 sites-enabled folder   Enable SSL site on Ubuntu 14 LTS  Apache 2 4 7   a2ensite default-ssl service apache2 reload

User · Answer

I  meet this same question  The port 443 wasn t open in Centos   Check the 443 port with the following command      sudo lsof -i tcp 443   In the first line of  etc httpd conf d ssl conf add this two lines   LoadModule ssl module modules mod ssl so Listen 443

User · Answer

This problem happened for me only in special cases  when I called website from some internet providers   I ve configured only ip v4 in VirtualHost configuration of apache   but some of router use ip v6  and when I added ip v6 to apache config the problem solved

[apache] Unable to establish SSL connection, how do I fix my SSL cert?

Examples related to apache

Examples related to ssl

Examples related to openssl

Examples related to wget