[Klug-general] https in Apache

Nathan Friend nathan.friend at gmail.com
Fri Apr 24 09:27:27 UTC 2009 

Here's my cert.  Didn't have any success with the Apache snake oil example
one either.

testserver:/etc/apache2/ssl.csr # openssl req -noout -text -in
testserver.domain.csr
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=UK, ST=Kent, L=Canterbury, O=Canterbury College,
OU=Computing Support, CN=testserver.domain/emailAddress=
n.friend at cant-col.ac.uk
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:ac:7b:10:9c:75:54:5c:09:85:38:eb:51:ca:75:
                    bb:07:72:5b:ae:fc:cb:c9:3f:ca:61:a4:61:6f:02:
                    20:54:62:be:cf:f0:71:4b:74:d0:1b:60:4f:9a:9e:
                    c3:d4:f7:ec:d8:58:bc:89:0d:3b:bf:28:e1:44:0f:
                    cb:f2:dc:a6:aa:3f:00:46:ae:a5:67:8e:08:04:2b:
                    5c:6d:1c:52:6c:a1:6a:19:76:b2:a1:49:01:d0:6b:
                    69:b5:6f:59:cd:bf:48:d3:2f:a8:90:bf:8a:e1:7f:
                    23:88:74:41:56:83:fe:3e:42:a4:4f:1d:af:ec:8b:
                    7e:45:d4:3c:bd:68:ec:90:7d
                Exponent: 65537 (0x10001)
        Attributes:
            challengePassword        :unable to print attribute
    Signature Algorithm: sha1WithRSAEncryption
        80:e7:3c:f8:d0:b6:cb:76:7d:9f:c7:5e:28:7a:94:4d:ae:cd:
        a5:8f:49:aa:3c:0f:4c:6e:f2:b0:58:43:cc:70:48:66:1c:9f:
        a8:1c:50:38:4d:66:26:f3:f7:98:2b:1f:b6:e9:49:cf:7a:85:
        1f:5b:44:af:e0:c9:ad:56:8e:e0:52:bc:7d:1e:0c:47:af:74:
        a5:37:66:54:2a:b8:06:5e:a7:b8:a8:7c:4e:a6:3a:57:3e:62:
        0a:7f:63:4a:05:2b:10:f5:8e:f2:12:6a:1e:3d:40:78:ad:76:
        01:97:f4:ca:73:55:7e:98:eb:1c:cd:42:66:20:2a:35:1a:12:
        4e:31

Cheers,

Nathan.

On Thu, Apr 23, 2009 at 10:43 PM, MacGyveR
<macgyver at thedumbterminal.co.uk>wrote:

> On Thursday 23 Apr 2009, Nathan Friend wrote:
> > Hi all,
> > I'm tyring to use SSL in Apache.  I've created a self signed cert for
> > testing and setup an SSL vhost using the template provided.
> >
> > When I got to https:\\testserver.domain.com in Firefox I get
> >
> > Secure Connection Failed
> > An error occurred during a connection to testserver.domain.com
> > SSL received a record that exceeded the maximum permissible length.
> > (Error code: ssl_error_rx_record_too_long)
> > The page you are trying to view can not be shown because the authenticity
> > of the received data could not be verified.
> >     *  Please contact the web site owners to inform them of this problem.
> >
> > After a bit of searching round the net I tried
> >
> > testserver:~ # openssl s_client -connect localhost:443 -state -debug
> > CONNECTED(00000003)
> > SSL_connect:before/connect initialization
> > write to 0x80c61c0 [0x80c6208] (136 bytes => 136 (0x88))
> > 0000 - 80 86 01 03 01 00 5d 00-00 00 20 00 00 39 00 00   ......]... ..9..
> > 0010 - 38 00 00 35 00 00 88 00-00 87 00 00 84 00 00 16   8..5............
> > 0020 - 00 00 13 00 00 0a 07 00-c0 00 00 33 00 00 32 00   ...........3..2.
> > 0030 - 00 2f 00 00 45 00 00 44-00 00 41 03 00 80 00 00   ./..E..D..A.....
> > 0040 - 05 00 00 04 01 00 80 00-00 15 00 00 12 00 00 09   ................
> > 0050 - 06 00 40 00 00 14 00 00-11 00 00 08 00 00 06 04   .. at .............
> > 0060 - 00 80 00 00 03 02 00 80-33 fa 66 1e 41 05 b8 e3   ........3.f.A...
> > 0070 - 00 59 e5 ed 08 77 c1 45-ac 4b 05 1d 51 d3 28 65   .Y...w.E.K..Q.(e
> > 0080 - 79 ad 7a ac 1b 37 65 8f-                          y.z..7e.
> > SSL_connect:SSLv2/v3 write client hello A
> > read from 0x80c61c0 [0x80cb768] (7 bytes => 7 (0x7))
> > 0000 - 3c 3f 78 6d 6c 20 76                              <?xml v
> > SSL_connect:error in SSLv2/v3 read server hello A
> > 6384:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > protocol:s23_clnt.c:585:
> >
> > Any ideas?
> >
> > Cheers,
> >
> > Nathan.
>
> Most distros' apache ssl package comes with some self signed certs already,
> did they work ok for you?
>
> Could you give an text dump of your cert using openssl:
>
> openssl req -noout -text -in cert.csr
>
> This looks a bit strange in the packet dump you posted above:
>
> 0000 - 3c 3f 78 6d 6c 20 76                              <?xml v
>
> --
> --------------------------------
> http://www.thedumbterminal.co.uk
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/kent/attachments/20090424/6ac7541e/attachment.htm

More information about the Kent mailing list