Hi, I had ssl working fine on FC5 but decided to switch distros to gentoo and now this problem is driving me crazy again. I enabled ssl using apache2_opts = "-D SSL -D SSL_DEFAULT_HOST" Code (markup): I made sure that SSLengine on Code (markup): and I told it to listen to port 443 in the /etc/apache2/modules.d/40_mod_ssl.conf Listen 443 Code (markup): and set up a virtualhost in /etc/apache2/modules.d/41_mod_ssl-default-vhost.conf I also tried using the example conf files changing only the path to my certificate files SSLCertificateFile conf/ssl/server.crt Code (markup): where "conf" points to /etc/apache2 SSLCertificateKeyFile conf/ssl/server.pem Code (markup): This is a self-signed certificate. The same certificate combination works perfectly fine under lighttpd and I have no problem running ssl on port 443 using lighttpd. Lighttpd is disabled when i'm running apache2. The problem I end up getting is that when I visit my site (i.e. hxxps://localhost:443)[/url], I get an error saying that the connection was terminated unexpectedly. If I try visiting "hxxp://localhost:443" then I get a 404 Not Found error. I'm not sure what it can't find because the virtualhost points to the default apache htdocs directory. (Note: hxxp = http, just getting around this live link restriction.) I fired up openssl openssl s_client -connect localhost:443 -state -debug GET / HTTP/1.0 Code (markup): and I get the following error message CONNECTED(00000003) SSL_connect:before/connect initialization write to 00574C50 [00575640] (148 bytes => 148 (0x94)) 0000 - 80 92 01 03 01 00 69 00-00 00 20 00 00 39 00 00 ......i... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... 0030 - 00 80 00 00 66 00 00 05-00 00 04 01 00 80 08 00 ....f........... 0040 - 80 00 00 63 00 00 62 00-00 61 00 00 15 00 00 12 ...c..b..a...... 0050 - 00 00 09 06 00 40 00 00-65 00 00 64 00 00 60 00 .....@..e..d..`. 0060 - 00 14 00 00 11 00 00 08-00 00 06 04 00 80 00 00 ................ 0070 - 03 02 00 80 53 db e4 a3-01 eb cb b7 f9 6b ad cf ....S........k.. 0080 - 29 6b 8d 0b 21 91 c3 9e-57 49 41 03 e7 cb 99 7e )k..!...WIA....~ 0090 - ff a8 21 bc ..!. SSL_connect:SSLv2/v3 write client hello A read from 00574C50 [0057ABA0] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 <!DOCTY SSL_connect:error in SSLv2/v3 read server hello A 10049:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_cl nt.c:601: Code (markup): My config files are at hxxp://pacman99.zapto.org:777/conf0 if anyone wants to have a look. I'm not sure what's wrong. Any ideas?
you need to create a server key, don't use the pem. openssl: req -config openssl.cnf -new -out server.csr rsa -in privkey.pem -out server.key x509 -in server.csr -out server.crt -req -signkey server.key -days 365 x509 -in server.crt -out server.der.crt -outform DER use server.crt and server.key