Current time: 11-23-2024, 07:02 AM Hello There, Guest! (LoginRegister)


Post Reply 
SSL
Author Message
cham74 Offline


Posts: 4
Joined: Jan 2011
Reputation: 0
Post: #1
SSL
Trying to install a Self-Signed Certificate to a virtual site, however the https page times out.

the suexec log gives:

Quote:[2011-06-28 06:11:36]: uid: (vu2016/vu2016) gid: (2016/2016) cmd: php5-fcgi-starter
[2011-06-28 06:15:07]: uid: (vu2009/vu2009) gid: (2009/2009) cmd: php5-fcgi-starter
[2011-06-28 06:21:08]: uid: (vu2004/vu2004) gid: (2004/2004) cmd: php5-fcgi-starter

Created a cert following these instructions https://help.ubuntu.com/8.04/serverguide...urity.html (where I put for Your name as mydomain.tld)

Then followed directions here: http://isp-control.net/forum/thread-9169.html

The /etc/apache2/sites-available/ispcp-ssl file looks like this for the domain I want https for

Quote:NameVirtualHost xx.xxx.xxx.xx:443

<VirtualHost xx.xxx.xxx.xx:443>

SSLEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key


<IfModule suexec_module>
SuexecUserGroup vu2027 vu2027
</IfModule>

ServerAdmin webmaster@mydomain.tld
DocumentRoot /var/www/virtual/mydomain.tld/htdocs


ServerName mydomain.tld
ServerAlias http://www.mydomain.tld mydomain.tld *.mydomain.tld

Alias /errors /var/www/virtual/mydomain.tld/errors/

RedirectMatch permanent ^/ftp([\/]?) http://admin.hosting.domain.tld/ftp/
RedirectMatch permanent ^/pma([\/]?) http://admin.hosting.domain.tld/pma/
RedirectMatch permanent ^/webmail([\/]?) http://admin.hosting.domain.tld/webmail/

ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser mydomain.tld
</IfModule>

# httpd awstats support BEGIN.

# httpd awstats support END.

# httpd dmn entry cgi support BEGIN.
ScriptAlias /cgi-bin/ /var/www/virtual/mydomain.tld/cgi-bin/
<Directory /var/www/virtual/mydomain.tld/cgi-bin>
AllowOverride AuthConfig
#Options ExecCGI
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry cgi support END.

<Directory /var/www/virtual/mydomain.tld/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# httpd dmn entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/mydomain.tld/:/var/www/virtual/mydomain.tld/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/mydomain.tld/phptmp/"
php_admin_value session.save_path "/var/www/virtual/mydomain.tld/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2027 -t -i'
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/mydomain.tld/
<Directory "/var/www/fcgi/mydomain.tld">
AllowOverride None
Options +ExecCGI -MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/mydomain.tld/htdocs>
FCGIWrapper /var/www/fcgi/mydomain.tld/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/mydomain.tld">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd dmn entry PHP2 support END.

Include /etc/apache2/ispcp/mydomain.tld.conf

</VirtualHost>

Any ideas anyone. Thanks
06-28-2011 08:24 PM
Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #2
RE: SSL
The configuration looks fine, and if apache does not complain when you start it, then the error is probably elsewhere (php?). Can you test with a static (html) file?
06-28-2011 10:15 PM
Visit this user's website Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #3
RE: SSL
I haven't looked at your config but the most up to date documentation I mantain is the on this wiki page:
http://isp-control.net/documentation/dok...efaultport
There might be some errors on the other one.
In any case, if kilburn says it's ok, it's probably fine.
06-29-2011 12:46 AM
Find all posts by this user Quote this message in a reply
cham74 Offline


Posts: 4
Joined: Jan 2011
Reputation: 0
Post: #4
RE: SSL
Thanks for the replies. Actually I cannot telnet domain 443 or connect with penssl s_client -connect domain.tld:443 however the ports are listening.

netstat -lnp | grep '443'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10523/apache2
06-29-2011 12:52 AM
Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #5
RE: SSL
(06-29-2011 12:52 AM)cham74 Wrote:  Thanks for the replies. Actually I cannot telnet domain 443 or connect with penssl s_client -connect domain.tld:443 however the ports are listening.

netstat -lnp | grep '443'
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10523/apache2
That has no sense, have you tried directly with the ip address instead of the domain?
Otherwise it would seem something related to the firewall or your connectivity
06-29-2011 02:58 AM
Find all posts by this user Quote this message in a reply
cham74 Offline


Posts: 4
Joined: Jan 2011
Reputation: 0
Post: #6
RE: SSL
Yes it was my hosting company's firewall blocking port 443 for the ip address. I had been told and presumed it was open their end. Thanks again for the support.
06-29-2011 06:38 PM
Find all posts by this user Quote this message in a reply
aseques Offline
Member
*****
Dev Team

Posts: 330
Joined: May 2008
Reputation: 4
Post: #7
RE: SSL
Never trust your ISP Tongue
06-30-2011 04:19 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)