ToDo :


1/ verify domain :

2/ generate key

time openssl genrsa -out key.pem 4096
time openssl req -new -key key.pem  -out cert.csr -subj "/CN=$domain" -nodes

3/ request :

cat  cert.csr

4/ copy to cert.pem

5/ setup apache :

SSLEngine on
SSLCertificateFile /etc/local/$domain/cert.pem
SSLCertificateKeyFile /etc/local/$domain/key.pem

Misc / UpDate :

grep 'BEGIN CERTIFICATE'  /etc/apache2/ssl/$domain.*
grep 'BEGIN CERTIFICATE'  /etc/apache2/ssl/$domain.crt
openssl req -days 365 -new -newkey rsa:2048 -keyout key.pem -out request.pem -subj "/CN=$domain" -nodes
openssl req -new -newkey rsa -keyout key.pem -out request.pem -subj "/CN=$domain" -nodes



openssl s_client -connect localhost:443

1074246864:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 5 bytes and written 7 bytes

@TaG: ApachE HttP

Apache : Error Code: -12263

wget -O- -np  https://localhost:8022 
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

* https://localhost

aptitude reinstall apache2.2-common apache2-utils apache2
konqueror: An error occurred while loading https://localhost:443/
lynx -dump -head https://localhost
# Looking up localhost
# Making HTTPS connection to localhost
# Retrying connection without TLS.
# Looking up localhost
# Making HTTPS connection to localhost
# Alert!: Unable to make secure connection to remote host.
# lynx: Can't access startfile https://localhost/

* *

apache2-ssl-certificate :


error : sec_error_expired_certificate

ChecK cacert …

error : ssl_error_rx_record_too_long

error : firefox

... uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is not valid for any server names.
(Error code: sec_error_untrusted_issuer)
This personal certificate can't be installed because you do not own the corresponding private key which was created when the certificate was requested.

  locate \.p12
  locate \.pkcs12
  locate \.pfx

Untrusted :

error : webkit

Error 207 net:ERR_CERT_INVALID
The site's security certificate is not trusted!


Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

a2enmod ssl


I had my ajaxterm broken, then I investigated for apache errors like “Error Code: -12263” and I finally figured out that apache2 requieres this module as well :

a2enmod proxy_http


"Short write() to server"


@root | jabber - Couldn't log in: Short write() to server                                                            │    


Connection Interrupted

The connection to the server was reset while the page was loading.

The network link was interrupted while negotiating a connection. Please try again.


SSLCertificateKeyFile: file '/etc/apache2/ssl/apache.pem' does not exist or is empty


[Dovecot] Major CPU spike for SSL parameters?
root     26250 77.6  0.5   5052   652 ?        RN   10:53   7:58 dovecot/ssl-params



ssl.txt · Last modified: 2020/09/08 20:49 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki