Apache SSL Configuration Error SSL Connection Error

Question

I m trying to configure Apache on my server to work with ssl  but everytime I visit my site  I get the following message in my browser   SSL connection error  Unable to make a secure connection to the server  This may be a problem with the server  or it may be requiring a client authentication certificate that you don t have  Error 107  net  ERR SSL PROTOCOL ERROR   SSL protocol error   The error message above seems to be native to Google Chrome  However  even though the messages are different  ssl for the site is not working on any browser   Just some background on the situation  I am using Ubuntu 10 04 desktop edition    I installed apache by installing zend server  it installed apache automatically    I then installed openssl  Non-https pages work fine on the site   I tried getting trial certificates from multiple certificate sites but nothing is working  same error   I was previously hosting my site on another server on which ssl worked just fine  I also tried using the key and cert file from that server  but I got the same error    The domain name and IP are still the same though  My SSLCertificateFile and SSLCertificateKeyFile are pointing to the correct directory and files    I also do not have SSLVerifyClient enabled   If anyone has any suggestions  it would be most appreciated

User · Answer

Make sure that you specify the port for both http and https ie  NameVirtualHost 80 NameVirtualHost 443  and   lt VirtualHost   80 gt   lt VirtualHost   443 gt    mixing   and   443 does not work it has to be   80 and   443

User · Answer

A common cause I wanted to suggest for this situation   Sometimes a customer is running Skype  which is using port 443 without their realizing it   When they go to start Tomcat or Apache  it appears to start but cannot bind with port 443   This is the exact message that the user would receive in the browser   The fix is to stop what was running on port 443 and re-start the webserver so it can bind with port 443   The customer can re-start Skype after starting the webserver  and Skype will detect that port 443 is in use and choose a different port to use

User · Answer

It turns out that the SSL certificate was installed improperly  Re-installing it properly fixed the problem

User · Answer

I got this problem and the solution was a bit silly    I am using Cloudflare which acts as a proxy to my website  In order to be able to login via SSH  I added an entry to my  etc hosts file so I didn t need to remember my server s IP address    xxx xx xx xxx  example com   So in my browser when I went to https   www example com  I was using the Cloudflare proxy  and when I went to to https   example com I was going directly to the server  Because the Cloudflare setup doesn t require you to add the intermediate certificates  I was seeing this security exception in my browser when I went to https   example com  but https   www example com was working   The solution  remove the entry from my laptop s  etc hosts file   If this isn t your problem  I recommend using one of the many online SSL checker tools to try diagnose your problem   I also recommend using ping to check the IP address being reported and check it against the IP address expected   ping https   www example com    Another very helpful SSL resource is the Mozilla SSL Configuration Generator  It can generate SSL configuration for you

User · Answer

I had this error when I first followed instructions to set up the default apache2 ssl configuration  by putting a symlink for  etc apache2 sites-available default-ssl in  etc apache2 sites-enabled   I then subsequently tried to add another NameVirtualHost on port 443 in another configuration file  and started getting this error     I fixed it by deleting the  etc apache2 sites-enabled default-ssl symlink  and then just having these lines in another config file  httpd conf  which probably isn t good form  but worked    NameVirtualHost   443   lt VirtualHost   443 gt    SSLEngine on   SSLCertificateChainFile     etc apache2 ssl chain file crt   SSLCertificateFile     etc apache2 ssl site certificate crt   SSLCertificateKeyFile  etc apache2 ssl site key key   ServerName www mywebsite com   ServerAlias www mywebsite com   DocumentRoot  var www mywebsite root     lt  VirtualHost gt

User · Answer

I had the same problem as  User39604  and had to follow VARIOUS advices   Since he doesnt remember the precise path he followed  let me list my path    check if you have SSL YES using  lt  php echo phpinfo     gt    if necessary  A  enable ssl on apache sudo a2enmod ssl  B  install openssl sudo apt-get install openssl  C  check if port 443 is open sudo netstat -lp  D  if necessary  change  etc apache2 ports conf  this works  NameVirtualHost   80 Listen 80   lt IfModule mod ssl c gt        If you add NameVirtualHost   443 here  you will also have to change       the VirtualHost statement in  etc apache2 sites-available default-ssl       to  lt VirtualHost   443 gt        Server Name Indication for SSL named virtual hosts is currently not       supported by MSIE on Windows XP      NameVirtualHost   443     Listen 443  lt  IfModule gt    lt IfModule mod gnutls c gt      Listen 443  lt  IfModule gt   acquire a key and a certificate by  A  paying a Certificating Authority  Comodo  GoDaddy  Verisign  for a pair   B  generating your own  - see below  testing purposes ONLY   change  your configuration  in ubuntu12  etc apache2 httpd conf - default is an empty file  to include a proper  lt VirtualHost gt   replace MYSITE COM as well as key and cert path name to point to your certificate and key     lt VirtualHost  default  443 gt   ServerName MYSITE COM 443 SSLEngine on SSLCertificateKeyFile  etc apache2 ssl MYSITE COM key SSLCertificateFile  etc apache2 ssl MYSITE COM cert ServerAdmin MYWEBGUY localhost DocumentRoot  var www  lt Directory   gt      Options FollowSymLinks     AllowOverride None  lt  Directory gt   lt Directory  var www  gt      Options Indexes FollowSymLinks MultiViews     AllowOverride None     Order allow deny     allow from all  lt  Directory gt    ErrorLog   APACHE LOG DIR  errorSSL log    Possible values include  debug  info  notice  warn  error  crit    alert  emerg  LogLevel warn  CustomLog   APACHE LOG DIR  accessSSL log combined   lt  VirtualHost gt     while many other virtualhost configs wil be available in  etc apache2 sites-enabled  and in  etc apache2 sites-available  it was  etc apache2 httpd conf that was CRUCIAL to solving all problems   for further info   http   wiki vpslink com Enable SSL on Apache2  http   httpd apache org docs 2 0 ssl ssl faq html selfcert   generating your own certificate  self-signed  will result in a certificate whose authority the user s browser will not recognize   therefore  the browser will scream bloody murder and the user will have to  understand the risks  a dozen times before the browser actually opens up the page   so  it only works for testing purposes   having said that  this is  the HOW-TO    goto the apache folder  in ubuntu12  etc apache2    create a folder like ssl  or anything that works for you  the name is not a system requirement  goto chosen directory  etc apache2 ssl run sudo openssl req -new -x509 -nodes -out MYSITE COM crt -keyout MYSITE COM key use MYSITE COM crt and MYSITE COM key  in your  lt VirtualHost gt  tag    name format is NOT under a strict system requirement  must be the same as the file         - names like 212-MYSITE COM crt  june2014-Godaddy-MYSITE COM crt should work

User · Answer

Step to enable SSL correctly   sudo a2enmod ssl   sudo apt-get install openssl   Configure the path of SSL certificates in your SSL config file  default-ssl conf  that might be located in  etc apache2 sites-available  I have stored certificates under  etc apache2 ssl   SSLEngine On SSLCertificateFile  etc apache2 ssl certificate crt SSLCertificateChainFile  etc apache2 ssl ca bundle crt SSLCertificateKeyFile  etc apache2 ssl private key   Enable SSL config file  sudo a2ensite default-ssl conf

User · Answer

I encounter this problem  because I have  lt VirtualHost gt  defined  both in httpd conf and httpd-ssl conf    in httpd conf  it s defined as   lt VirtualHost localhost gt    in httpd-ssl conf  it s defined as   lt VirtualHost  default  443 gt    The following change solved this problem  add  80 in httpd conf   lt VirtualHost localhost 80 gt

User · Answer

I didn t know what I was doing when I started changing the Apache configuration  I picked up bits and pieces thought it was working until I ran into the same problem you encountered  specifically Chrome having this error    What I did was comment out all the site-specific directives that are used to configure SSL verification  confirmed that Chrome let me in  reviewed the documentation before directive before re-enabling one  and restarted Apache  By carefully going through these you ought to be able to figure out which one s  are causing your problem   In my case  I went from this   SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions  StdEnvVars  StrictRequire SSLRequireSSL On   to this   lt Location  sessions gt    SSLRequireSSL   SSLVerifyClient require  lt  Location gt    As you can see I had a fair number of changes to get there

User · Answer

Similar to other answers  this error can be experienced when there are no sites configured to use SSL   I had the error when I upgraded from Debian Wheezy to Debian Jessie  The new version of Apache requires a site configuration file ending in  conf  Because my configuration file didn t  it was being ignored  and there were no others configured to serve SSL connections

User · Answer

I was getting the same error in chrome  and different one in Firefox  IE   Also in error log i was getting  error   client cli ent ip add  Invalid method in request  x16 x03  Following the instructions form this site I changed my configuration FROM    lt VirtualHost subdomain domain com 443 gt      ServerAdmin admin domain com    ServerName subdomain domain com     SSLEngine On    SSLCertificateFile conf ssl ssl crt    SSLCertificateKeyFile conf ssl ssl key  lt  VirtualHost gt    TO    lt VirtualHost  default  443 gt      ServerAdmin admin domain com    ServerName subdomain domain com     SSLEngine On    SSLCertificateFile conf ssl ssl crt    SSLCertificateKeyFile conf ssl ssl key  lt  VirtualHost gt    Now it s working fine

User · Answer

I encountered this issue  also due to misconfiguration   I was using tomcat and in the server xml had specified my connector as such    lt Connector port  17443  SSLEnabled  true             protocol  org apache coyote http11 Http11NioProtocol             maxThreads  150  scheme  https  secure  true             clientAuth  false  sslProtocol  TLS             keyAlias  wrong  keystorePass  secret             keystoreFile   ssl right jks    gt    When i fixed it thusly    lt Connector port  17443  SSLEnabled  true             protocol  org apache coyote http11 Http11NioProtocol             maxThreads  150  scheme  https  secure  true             clientAuth  false  sslProtocol  TLS             keyAlias  right  keystorePass  secret             keystoreFile   ssl right jks    gt    It worked as expected   In other words  verify that you not only have the right keystore  but that you have specified the correct alias underneath it   Thanks for the invaluable hint user396404

User · Answer

I solved it by commenting out  AcceptFilter https none in httpd conf according to  http   www apachelounge com viewtopic php t 4461

User · Answer

This is what fixed it for me on Ubuntu    Enabled the module  a2enmod ssl Moved all cert related files to a folder  usr local ssl and made it world readable  chmod -R  r  usr local ssl Changed  lt VirtualHost   80 gt  to  lt VirtualHost     gt  in my virtual host  Added SSLEngine On before all other SSL directives in my virtual host    If you set a pass phrase on the cert  Apache should prompt you for it on restart

[apache] Apache SSL Configuration Error (SSL Connection Error)

Examples related to apache

Examples related to ssl

Examples related to https

Examples related to openssl