Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-ssl]

The Apache Httpd interface to OpenSSL

mod_ssl is a module for the Apache HTTPD webserver which allows it to perform SSL and TLS encryption on connections. Documentation is provided by Apache covering installation and setup for httpd 2.0 and 2.2

This tag should be used for questions around compiling, building, configuring, extending, provisioning, debugging and using mod_ssl.

For questions around building Apache modules on top of mod_ssl, or working on the code, the mod-ssl tag on StackOverflow is likely to be a better place to ask.

272 questions
0
votes
1 answer

OpenSSL Handshake Failure (14094410) - Erroneous Client Certificate Check from Mobile Phone

I'm running a proxy server through Apache with modssl, which we're using to proxy POSTs from mobile devices to another internal server. This works successfully for most clients, but requests from a specific phone model (Nokia 2690) are showing a…
Clayton Sims
  • 103
  • 1
  • 4
0
votes
1 answer

How to include mod_ssl into httpd on rhel5.4

I'm trying to get apache running over https with mod_ssl on a rhel 5.4 x64 machine. I don't have mod_ssl.so in the modules directory, nor can i find any ssl type output from httpd -M or httpd -l. Yet if i run ldd against it i can see relevant shared…
Decado
  • 1,949
  • 11
  • 17
0
votes
2 answers

Why is apache with mod_ssl configured for one VirtualHost responding to requests to any domain?

I've just setup Apache 2.2.18 with mod_ssl enabled and its configured to listen to one IP address on port 443. There are many domains with A DNS record poiting to this IP address. But I want to configure Apache with "VirtualHost"s for specific…
Frodik
  • 273
  • 1
  • 3
  • 14
0
votes
1 answer

apache2: ssl_error_rx_record_too_long when visiting port 80?

I have an Ubuntu 10 x64 server edition machine. I got a second IP and configured /etc/network/interfaces like so (actual IPs and gateways removed): auto lo iface lo inet loopback #iface eth0 inet dhcp auto eth0 auto eth0:0 iface eth0 inet…
John
  • 21
  • 3
0
votes
3 answers

PCI scan findings and problems with week ciphers on ports 993, 443, 995, 465

From PCI scan results: Synops is : The remote service encrypts traffic using a protocol with known weaknesses . Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic…
Greg Alexander
  • 145
  • 1
  • 6
0
votes
1 answer

Are apache2 mod_ssl BIO dumps sensitive?

When apache2 is serving https using mod_ssl, and running with 'LogLevel debug', it frequently logs lines like this, followed by a hex dump: ssl_engine_io.c(1882): OpenSSL: read 518/518 bytes from BIO#81b3928 [mem: 81b93f5] (BIO dump follows) The…
dfranke
  • 379
  • 1
  • 7
0
votes
1 answer

Apache, SSL, UCC not working on CN but works on subjectAltName

I recently generated a UCC for domain1.com *.domain1.com domain2.com *.domain2.com now when i visit http://domain1.com in Firefox i get: domain1.com uses an invalid security certificate. The certificate is not trusted because the issuer…
Shoaibi
  • 809
  • 1
  • 10
  • 28
0
votes
1 answer

Apache, SSL, Self signed, Multidomain Certificates

Target: Generate a single SSL Certificate thats valid for domain1.com *.domain1.com domain2.com *.domain2.com Let it be self signed or a locally-generated CA signed. Scenario 1 # ssl.conf [ req ] default_bits = 1024 default_keyfile =…
Shoaibi
  • 809
  • 1
  • 10
  • 28
0
votes
1 answer

Is there a way to restart apache ignoring ssl certificate errors?

My server has lots of virtualhosts, many client's domains come and go pretty frequently, and sometimes it's difficult to act quickly, finding the culprit (usually a dismissed domain) and restart apache without errors. For example last night apache…
user1967184
  • 1
0
votes
1 answer

Red Hat 8: Is 'mod_ssl' missing in official repositories?

I currently configure a Webserver with SSL certificate on a Red Hat 8 machine. I could not run properly apachectl configtest returning Invalid command 'SSLCertificateFile', perhaps misspelled or defined by a module not included in the server…
Yann
  • 25
  • 7
0
votes
0 answers

Apache SSL not working - server took too long to respond

I am trying to get Apache (2.4.41, Ubuntu) to work with SSL and am not having luck. Whenever I visit the site in my browser, I get the error "This site can't be reached: my-domain took too long to respond." I have a valid certificate and key, though…
Jeff
  • 135
  • 3
0
votes
0 answers

RPMBUILD Apache with mod_ssl - Not seeing/using new version of openssl

I am having issues attempting to get Apache with mod_ssl to see/use the new version of openssl which is 3.1.0. In my httpd.spec file I have specified --with-ssl=/opt/openssl/openssl3.1.0. rpmbuild -ba httpd.spec completes without error and builds…
Hosting wiz
  • 13
  • 2
0
votes
1 answer

Apache reverse proxy mTLS only between client and proxy, regular TLS between proxy and backends

am trying to create an apache reverse proxy (for webservices) where i need Imutual authentication (mTLS) between clients and the proxy itself, but i don't need mTLS between the proxy & the backends (multiple backends runnings multiple webservices on…
olivierg
  • 524
  • 2
  • 8
  • 27
0
votes
0 answers

How to use "X509v3 Extended Key Usage" for Control Access in Apache?

I use SSL_Client_I_DN and SSL_Client_S_DN_CN for control Access in Apache: how can I add the verification of "X509v3 Extended Key Usage" value in the client certificate?
sebelk
  • 682
  • 4
  • 13
  • 32
0
votes
1 answer

Decrypting a Header in Apache

I am working on an application which accepts API Token. To be more secure, i want to ask the client (User or Another Application) to encrypt the API Token using their private key so that i can decrypt the same at Apache Reverse Proxy using the…
Phoenix
  • 11
  • 1
1 2 3
18 19