I'm having another go at getting https working. I've followed this short guide <a href="goog_1243519068208">http://en.</a><a href="goog_1243519068208">opensuse</a><a href="goog_1243519068208">.org/Apache_</a><a href="goog_1243519068208">Howto</a><a href="goog_1243519068208">_</a><a href="http://en.opensuse.org/Apache_Howto_SSL">SSL</a><div>
<br></div><div>I looks like I've run into the problem described at the end of the document, unfortunately it doesn't explain how to resolve it.<br></div><div><br></div><div><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; font-size: 12px; line-height: 18px; "><i>Cause: client speaks HTTPS, server speaks HTTP. If that happens to be port 443, it means that the server is listening on the port but not with SSL.</i></span></div>
<div><font class="Apple-style-span" face="'Trebuchet MS'" size="3"><span class="Apple-style-span" style="font-size: 12px; line-height: 18px;"><i><br></i></span></font></div><div><font class="Apple-style-span" face="'Trebuchet MS'" size="3"><span class="Apple-style-span" style="font-size: 12px; line-height: 18px;">This is a fresh install of opensuse 11.1, so please disregard my previous e-mail thread on this subject.</span></font></div>
<div><font class="Apple-style-span" face="'Trebuchet MS'" size="3"><span class="Apple-style-span" style="font-size: 12px; line-height: 18px;"><br></span></font></div><div><font class="Apple-style-span" face="'Trebuchet MS'" size="3"><span class="Apple-style-span" style="font-size: 12px; line-height: 18px;">Cheers,</span></font></div>
<div><font class="Apple-style-span" face="'Trebuchet MS'" size="3"><span class="Apple-style-span" style="font-size: 12px; line-height: 18px;"><br></span></font></div><div><font class="Apple-style-span" face="'Trebuchet MS'" size="3"><span class="Apple-style-span" style="font-size: 12px; line-height: 18px;">Nathan.</span></font></div>
<div><br><div class="gmail_quote">On Fri, Apr 24, 2009 at 10:27 AM, Nathan Friend <span dir="ltr"><<a href="mailto:nathan.friend@gmail.com">nathan.friend@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Here's my cert. Didn't have any success with the Apache snake oil example one either.<br><br>testserver:/etc/apache2/ssl.csr # openssl req -noout -text -in testserver.domain.csr<br>Certificate Request:<br> Data:<br>
Version: 0 (0x0)<br> Subject: C=UK, ST=Kent, L=Canterbury, O=Canterbury College, OU=Computing Support, CN=testserver.domain/emailAddress=<a href="mailto:n.friend@cant-col.ac.uk" target="_blank">n.friend@cant-col.ac.uk</a><br>
Subject Public Key Info:<br> Public Key Algorithm: rsaEncryption<br> RSA Public Key: (1024 bit)<br> Modulus (1024 bit):<br> 00:ac:7b:10:9c:75:54:5c:09:85:38:eb:51:ca:75:<br>
bb:07:72:5b:ae:fc:cb:c9:3f:ca:61:a4:61:6f:02:<br> 20:54:62:be:cf:f0:71:4b:74:d0:1b:60:4f:9a:9e:<br> c3:d4:f7:ec:d8:58:bc:89:0d:3b:bf:28:e1:44:0f:<br> cb:f2:dc:a6:aa:3f:00:46:ae:a5:67:8e:08:04:2b:<br>
5c:6d:1c:52:6c:a1:6a:19:76:b2:a1:49:01:d0:6b:<br> 69:b5:6f:59:cd:bf:48:d3:2f:a8:90:bf:8a:e1:7f:<br> 23:88:74:41:56:83:fe:3e:42:a4:4f:1d:af:ec:8b:<br> 7e:45:d4:3c:bd:68:ec:90:7d<br>
Exponent: 65537 (0x10001)<br> Attributes:<br> challengePassword :unable to print attribute<br> Signature Algorithm: sha1WithRSAEncryption<br> 80:e7:3c:f8:d0:b6:cb:76:7d:9f:c7:5e:28:7a:94:4d:ae:cd:<br>
a5:8f:49:aa:3c:0f:4c:6e:f2:b0:58:43:cc:70:48:66:1c:9f:<br> a8:1c:50:38:4d:66:26:f3:f7:98:2b:1f:b6:e9:49:cf:7a:85:<br> 1f:5b:44:af:e0:c9:ad:56:8e:e0:52:bc:7d:1e:0c:47:af:74:<br> a5:37:66:54:2a:b8:06:5e:a7:b8:a8:7c:4e:a6:3a:57:3e:62:<br>
0a:7f:63:4a:05:2b:10:f5:8e:f2:12:6a:1e:3d:40:78:ad:76:<br> 01:97:f4:ca:73:55:7e:98:eb:1c:cd:42:66:20:2a:35:1a:12:<br> 4e:31<br><br>Cheers,<br><font color="#888888"><br>Nathan.</font><div><div></div>
<div class="h5"><br><br><div class="gmail_quote">On Thu, Apr 23, 2009 at 10:43 PM, MacGyveR <span dir="ltr"><<a href="mailto:macgyver@thedumbterminal.co.uk" target="_blank">macgyver@thedumbterminal.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex"><div><div></div><div>On Thursday 23 Apr 2009, Nathan Friend wrote:<br>
> Hi all,<br>
> I'm tyring to use SSL in Apache. I've created a self signed cert for<br>
> testing and setup an SSL vhost using the template provided.<br>
><br>
> When I got to https:\\<a href="http://testserver.domain.com" target="_blank">testserver.domain.com</a> in Firefox I get<br>
><br>
> Secure Connection Failed<br>
> An error occurred during a connection to <a href="http://testserver.domain.com" target="_blank">testserver.domain.com</a><br>
> SSL received a record that exceeded the maximum permissible length.<br>
> (Error code: ssl_error_rx_record_too_long)<br>
> The page you are trying to view can not be shown because the authenticity<br>
> of the received data could not be verified.<br>
> * Please contact the web site owners to inform them of this problem.<br>
><br>
> After a bit of searching round the net I tried<br>
><br>
> testserver:~ # openssl s_client -connect localhost:443 -state -debug<br>
> CONNECTED(00000003)<br>
> SSL_connect:before/connect initialization<br>
> write to 0x80c61c0 [0x80c6208] (136 bytes => 136 (0x88))<br>
> 0000 - 80 86 01 03 01 00 5d 00-00 00 20 00 00 39 00 00 ......]... ..9..<br>
> 0010 - 38 00 00 35 00 00 88 00-00 87 00 00 84 00 00 16 8..5............<br>
> 0020 - 00 00 13 00 00 0a 07 00-c0 00 00 33 00 00 32 00 ...........3..2.<br>
> 0030 - 00 2f 00 00 45 00 00 44-00 00 41 03 00 80 00 00 ./..E..D..A.....<br>
> 0040 - 05 00 00 04 01 00 80 00-00 15 00 00 12 00 00 09 ................<br>
> 0050 - 06 00 40 00 00 14 00 00-11 00 00 08 00 00 06 04 ..@.............<br>
> 0060 - 00 80 00 00 03 02 00 80-33 fa 66 1e 41 05 b8 e3 ........3.f.A...<br>
> 0070 - 00 59 e5 ed 08 77 c1 45-ac 4b 05 1d 51 d3 28 65 .Y...w.E.K..Q.(e<br>
> 0080 - 79 ad 7a ac 1b 37 65 8f- y.z..7e.<br>
> SSL_connect:SSLv2/v3 write client hello A<br>
> read from 0x80c61c0 [0x80cb768] (7 bytes => 7 (0x7))<br>
> 0000 - 3c 3f 78 6d 6c 20 76 <?xml v<br>
> SSL_connect:error in SSLv2/v3 read server hello A<br>
> 6384:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown<br>
> protocol:s23_clnt.c:585:<br>
><br>
> Any ideas?<br>
><br>
> Cheers,<br>
><br>
> Nathan.<br>
<br>
</div></div>Most distros' apache ssl package comes with some self signed certs already,<br>
did they work ok for you?<br>
<br>
Could you give an text dump of your cert using openssl:<br>
<br>
openssl req -noout -text -in cert.csr<br>
<br>
This looks a bit strange in the packet dump you posted above:<br>
<div><div></div><div><br>
0000 - 3c 3f 78 6d 6c 20 76 <?xml v<br>
<br>
</div></div><font color="#888888">--<br>
--------------------------------<br>
<a href="http://www.thedumbterminal.co.uk" target="_blank">http://www.thedumbterminal.co.uk</a><br>
<br>
_______________________________________________<br>
Kent mailing list<br>
<a href="mailto:Kent@mailman.lug.org.uk" target="_blank">Kent@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
</font></blockquote></div><br>
</div></div></blockquote></div><br></div>