0

I have been struggling to setup ssl on my amazon ec2 server from 2 days. I have gone to aws docs for setting it up.

I have generated private key and csr and got ssl certificate from www.ssl.com.

I have configured my security groups and load balancer to listen to port 443.

My virtual host config is here:

<VirtualHost *:80>
    ServerName my.domain.in
    # !!! Be sure to point DocumentRoot to 'public'!
    DocumentRoot /var/www/html/project/public

   Redirect permanent / https://my.domain.in

   RailsEnv development
   # DevelopmentLog /var/www/html/project/log/development.log
    ErrorLog /var/www/html/project/log/error.log
    CustomLog /var/www/html/project/log/access.log combined
    <Directory /var/www/html/project/public>
        # This relaxes Apache security settings.
        AllowOverride All
        # MultiViews must be turned off.
        Options -MultiViews
        # Uncomment this if you're on Apache >= 2.4:
        #Require all granted
   </Directory>
   RewriteEngine On
   RewriteCond %{SERVER_PORT} 80
   RewriteRule ^(.*) https://my.domain.in [R=301,L]
</VirtualHost>
NameVirtualHost *:443

<VirtualHost *:443>
   ServerName my.domain.in
    # !!! Be sure to point DocumentRoot to 'public'!
    DocumentRoot /var/www/html/dashboard/public
    RailsEnv development
    <Directory /var/www/html/project/public>
        # This relaxes Apache security settings.
        AllowOverride all
        # MultiViews must be turned off.
      Options -MultiViews
        # Uncomment this if you're on Apache >= 2.4:
        #Require all granted
   </Directory>
   SSLEngine on
   SSLCertificateFile /home/ec2-user/certs/my.domain.in.crt
   SSLCertificateKeyFile /home/ec2-user/certs/my.domain.in.key
   SSLCertificateChainFile /home/ec2-user/certs/ca-chain-amazon.crt

</VirtualHost>

I have my domain name attached to aws elastic IP is some other hosting site.

When I browse it in browser I get SSL connection error. Please tell me what am I missing out here. Thank you.

EDIT: 

curl -kv https://127.0.0.1/

output:

*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.
Raghunandan J
  • 111
  • 3
  • Also, here's a related post which might help: http://stackoverflow.com/q/119336/4072843 – Castaglia Feb 28 '16 at 19:07
  • Could you post the result of executing: openssl s_client -connect yourdomain.com:443 – Jofre Feb 28 '16 at 19:26
  • @Jofre Here's the output -> CONNECTED(00000003) 140486372009632:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- – Raghunandan J Feb 29 '16 at 03:33

0 Answers0