0

I have been trying to setup SSL virtual host

<VirtualHost *:443> 

    ServerAdmin webmaster@mts.com
    ServerName moclm.tap.pt

    SSLEngine on
    SSLCertificateFile /etc/ssl/moclm.cer
    SSLCertificateKeyFile /etc/ssl/moclm.pem

    DocumentRoot /var/www/tapme/

    <Directory />
            Options FollowSymLinks
            AllowOverride All
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
    <Directory /var/www/tapme/>
            Options -Indexes FollowSymLinks MultiViews
            AllowOverride All
            #Order allow,deny
            #allow from all
    </Directory> 

</VirtualHost>

For some reason, the server automatically redirect to SSL (http:// to https://). The apache is not configured to redirect and application was working fine on port 80 only. I have no knowledge how the internal network works as i am working remotely.

The SSL error logs show:

[Tue Oct 02 22:40:32 2012] [error] Hostname linemnt01.tap.pt provided via SNI and hostname moclm.tap.pt provided via HTTP are different

I thought may be the hostname has some issue and have changed the hostname of the server from "linemnt01.tap.pt" to "moclm.tap.pt" but the issue is still there.

I am getting the following error on browser:

Bad Request

Your browser sent a request that this server could not understand.

i have /etc/hosts:

    127.0.0.1       localhost.localdomain   localhost       moclm.tap.pt    moclm

and openssl returns:

    openssl verify -CAfile cert-CA.cer moclm.cer
    moclm.tap.pt.cer: OK

I have been trying to troubleshoot the issue but no luck. Need help

Thanks

ALex_hha
  • 7,193
  • 1
  • 25
  • 40
user105566
  • 29
  • 1
  • 5
  • can you include the top part of your config with the Virtualhost directive? – user16081-JoeT Oct 02 '12 at 23:00
  • ie you've shown but not (it is in your config file, right?) Also could you look for a "Listen" directive and or "NameVirtualHost" directive in your apache config files and post them here? – user16081-JoeT Oct 02 '12 at 23:04
  • Yeah sorry i missed directive. The config is OK. apachectl configtest say OK. I dont know it could be because of this name mess may be. The server is behind the dmz with reverse proxy to forward the requests. and the server has two DNS records in the internal name server. here is what i heard from the network team in the Portugal office. – user105566 Oct 03 '12 at 19:32
  • "The server LINEMNT01 is behind a DMZ (behind a firewall). Access to it is possible via the firewall (access controlled) either directly for management purposes, or via reverse-proxy (and the firewall) for service availability. The name linemnt01.tap.pt resolves to 172.17.128.77 and my opinion is that it should remain like that because it refers to the host itself. On the other hand, moclm.tap.pt resolves to 10.129.9.142 (from internal networks) and to 91.198.90.142 (from the internet). – user105566 Oct 03 '12 at 19:36
  • This (moclm) refers to the “service”. Access to moclm.tap.pt (either internally or from the web) is made via a reverse-proxy, which then forwards the requests to the machine linemnt01." – user105566 Oct 03 '12 at 19:37
  • Now i am still stuck with the issue "[Tue Oct 02 22:40:32 2012] [error] Hostname linemnt01.tap.pt provided via SNI and hostname moclm.tap.pt provided via HTTP are different" Some of the guys are calling it an apache2.2.X bug now where could i get 2.1.x.LOL – user105566 Oct 03 '12 at 19:38

2 Answers2

-1

If your apache config file does not have a line like this <VirtualHost 192.168.1.100:443> you need to add that before the relevant directory block(s) in apache2/conf/extra/httpd-ssl.conf Note the ip address needs to be available on the server and your website hostname (not necessarily the server hostname!) should have a DNS record pointing to that ip address if you want SSL to work without a warning.

Assuming you start apache using apachectl, you should run apachectl configtest before restarting apache to see if there are any warnings or errors.

user16081-JoeT
  • 1,948
  • 11
  • 18
-1

Guys this is a big time bug in apache-2.2.X where X>15.

i shifted to nginx and everything worked fine.

This bug is reported and apache guys are saying it will be fixed in 2.4.x.

user105566
  • 29
  • 1
  • 5
  • 9
    It would be useful to provide a link to reference for that bug (or relevant discussion about it) so other people finding their way to this page can read the details to see if it is the cause of their issue. – David Spillett Aug 03 '13 at 07:36
  • 3
    Apache/2.2.31 all works as expected. It seems you are wrong. The root of the issue something else. – ALex_hha Feb 27 '16 at 18:44
  • 1
    the bug is in his `.htaccess` file that no longer works on nginx =) – Jacob Evans Dec 10 '16 at 04:47