ToDo :

USAGE

1/ verify domain : https://www.cacert.org/account.php?id=7

2/ generate key

domain="$user.homelinux.org"
time openssl genrsa -out key.pem 4096
time openssl req -new -key key.pem  -out cert.csr -subj "/CN=$domain" -nodes

3/ request :

cat  cert.csr
https://www.cacert.org/account.php?id=10

4/ copy to cert.pem

5/ setup apache :

SSLEngine on
SSLCertificateFile /etc/local/$domain/cert.pem
SSLCertificateKeyFile /etc/local/$domain/key.pem

Misc / UpDate :

grep 'BEGIN CERTIFICATE'  /etc/apache2/ssl/$domain.*
grep 'BEGIN CERTIFICATE'  /etc/apache2/ssl/$domain.crt
openssl req -days 365 -new -newkey rsa:2048 -keyout key.pem -out request.pem -subj "/CN=$domain" -nodes
openssl req -new -newkey rsa -keyout key.pem -out request.pem -subj "/CN=$domain" -nodes
#/etc/apache2/sites-available/default-ssl

HTTPS

openssl

openssl s_client -connect localhost:443

CONNECTED(00000003)
1074246864:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---

http://www.astaro.org/beta-versions/utm-9-public-beta/41572-8-900-open-clientless-sslvpn-ssl-certificate-fetch-doesnt-work.html

@TaG: ApachE HttP

Apache : Error Code: -12263

wget -O- -np  https://localhost:8022 
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

* https://localhost

aptitude reinstall apache2.2-common apache2-utils apache2
konqueror: An error occurred while loading https://localhost:443/
lynx -dump -head https://localhost
# Looking up localhost
# Making HTTPS connection to localhost
# Retrying connection without TLS.
# Looking up localhost
# Making HTTPS connection to localhost
# Alert!: Unable to make secure connection to remote host.
# lynx: Can't access startfile https://localhost/

* http://mario.espaciolinux.com/apache2_ssl.html * https://joloridi.net/wikini/wakka.php?wiki=DebianCertificatSSL

apache2-ssl-certificate : http://bugs.debian.org/395823

ERRORS

error : sec_error_expired_certificate

ChecK cacert …

error : ssl_error_rx_record_too_long

error : firefox

... uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is not valid for any server names.
(Error code: sec_error_untrusted_issuer)
This personal certificate can't be installed because you do not own the corresponding private key which was created when the certificate was requested.

http://wiki.cacert.org/FAQ/MissingPrivateKey

  locate \.p12
  locate \.pkcs12
  locate \.pfx

Untrusted :

error : webkit

Error 207 net:ERR_CERT_INVALID
The site's security certificate is not trusted!

SSLEngine

Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

a2enmod ssl

proxy

I had my ajaxterm broken, then I investigated for apache errors like “Error Code: -12263” and I finally figured out that apache2 requieres this module as well :

a2enmod proxy_http

misc

"Short write() to server"
* http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_2_1_RTM/src/nss-3.2.1/mozilla/security/nss/cmd/ssltap/ssltap.c

bitlbee:

@root | jabber - Couldn't log in: Short write() to server                                                            │    

laposte

      
Connection Interrupted

The connection to the server was reset while the page was loading.

The network link was interrupted while negotiating a connection. Please try again.

MESSAGE

SSLCertificateKeyFile: file '/etc/apache2/ssl/apache.pem' does not exist or is empty

CLIENTS

[Dovecot] Major CPU spike for SSL parameters?
root     26250 77.6  0.5   5052   652 ?        RN   10:53   7:58 dovecot/ssl-params

MISC

MORE

ssl.txt · Last modified: 2018/05/03 11:21 by rzr
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki