0

I'm hosting a webpage on my localhost on a raspberryPi running apache2. Because I use the InstagramAPI I need to make the access of localhost via https possible. I read multiple tutorials on how to make a self signed SSL-certificate and I did everything. I created the RSA Key and the certificate with Common Name: localhost. I also tried 127.0.0.1 and localhost/instagram (where instagram is a subfolder including my index file). Neither of those worked. I did all the adjustments to the config-files as follows: Created ssl-params.conf in /etc/apache2/conf-available and pasted this:

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
# Disable preloading HSTS for now.  You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

Inside the default-ssl.conf I added the serverName 127.0.0.1, later localhost and localhost/localhost. None of those worked. Then I opened both Port 80 and 443 in my iptables Firewall. Still no progress. I also enabled ssl, headers, default-ssl and ssl-params for apache. sudo apache2ctl configtest resulted in no problems everything was fine. After restarting Apache and trying to access https://localhost/instagram with all the different possibilities (127.0.0.1, localhost, localhost/instagram) I tried and nothing worked. I still can't access the page. It throws following message: This site can't provide a secure connection localhost sent an invalid response ERR_SSL_PROTOCOL_ERROR

Maybe somebody can tell me something I might be missing out here. I'm getting really desperate here

Hendrik Niemax
  • 59
  • 7

1 Answers1

0

I dont see "SSLEngine on" in your configuration, Try adding it. If you connect to a plain http using https you'll get ERR_SSL_PROTOCOL_ERROR .

you must also add :

SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
Midokate
  • 95
  • 3
  • 11
  • I added these lines to the ssl-params.conf. My files names are showroom.crt/.key and storet in ssl/private(/certs). Didnt work. But I added these exact lines before into default-ssl.conf inside apache2/sites-enabled. Do you know something else? Am I right assuming the only reason for this error is caused by something regarding the certificate? – Hendrik Niemax Jul 31 '20 at 09:19
  • i added both into the file. apache2 completely refused to acces any index files even via localhost directly – Hendrik Niemax Jul 31 '20 at 09:28
  • what's the error you are getting , can you share your comlete configuration ? Can you share the outoup of these commands : "curl -Lkv https://127.0.0.1/" , "curl -Lkv https://127.0.0.1/" , "nc -v 127.0.0.1 443" nc -v 127.0.0.1 80 " – Midokate Jul 31 '20 at 09:53
  • curl -Lkv 127.0.0.1: HTTP/1.1 403 Forbidden, nc -v 127.0.0.1 443: Connection to ... [tcp/https] succeded!, nc -v 127.0.0.1 80: same as Port 443 – Hendrik Niemax Jul 31 '20 at 10:14
  • do you want mor details? – Hendrik Niemax Jul 31 '20 at 10:17
  • Sorry my commands have not been formated as they shoud these are the commands: `curl -Lkv https://127.0.0.1` , `curl -Lkv http://127.0.0.1` , `nc -v 127.0.0.1 443` `nc -v 127.0.0.1 80 ` – Midokate Jul 31 '20 at 10:28
  • sorry i didnt use the right path. ill use 127.0.0.1/instagram for the commands because thats where the index.php is: – Hendrik Niemax Jul 31 '20 at 11:03
  • curl -Lkv http result: works totally fine. No errors displays my index files html. – Hendrik Niemax Jul 31 '20 at 11:04
  • curl -Lkv https result: connected to port 443 (#0) Cipher Selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:STRENGTH successfully set certificate verify locations: CAfile: /etc/ssl/certs/ca-certificate.crt TLSv1.2 (OUT), TLS header, Certificate Status (22): TLSv1.2 (OUT), TLS handshaker, Client hello (1): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Curl_http_done: called premature == 0 stopped the pause stream closing connection – Hendrik Niemax Jul 31 '20 at 11:09
  • the nc commands both work with success. hower not with /instagram behind 127.0.0.1 – Hendrik Niemax Jul 31 '20 at 11:10
  • so i searched the error message and found out i should change in default-ssl.conf _default_:443 to 127.0.0.1:443 now it finds my selfsigned certificate: SSL certificate verify result: self signed certificate (18), continuing anyway. then again: HTTP/1.1 404 not found. the requested URL /instagram was not found on this server Apache/2.4.25 (Raspbian) Server at 127.0.0.1 Port 443 – Hendrik Niemax Jul 31 '20 at 12:05