I’ve never set up an SSL on Linux before, but have a general idea of how it works. Server specs below if it helps:
Server: CentOS Linux 6
Workstation: Windows 7
So, I have 4 domains all of which share a single Magento installation and IP address. Assume one of my domains is “mywebsite1.com” I am trying to enable SSL just for this one domain for now, but I am running into errors. What am I doing wrong? Here’s my work flow:
I purchased an SSL from Godaddy then generated the csr and key with the command given by them:
openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite1.key -out mywebsite1.csr
I copy both the files to /etc/pki/tls/private
I open mywebsite1.crs then copy and paste the code to Godaddy.
I generate the crt files and download them from Godaddy, upload to my server, and then move them to /etc/pki/tls/certs
a. 1st try, I opened /etc/httpd/conf.d/ssl.conf and updated the
default VirtualHost block’s SSLCertificate File, KeyFile, and ChainFile values to point to the correct locations.
b. 2nd try, following
http://dev.antoinesolutions.com/apache-server/mod_ssl I modified
ssl.conf and added this directive:
c. Then I removed the entire default VirtualHost block (which was
Last attempt, I added the following to the modified ssl.conf from
SSLEngine on SSLCertificateFile /etc/pki/tls/certs/mywebsite1.com.crt SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt DocumentRoot /var/www/html ServerName mywebsite1.com </VirtualHost>
6.. I restart Apache
7.. I then go to https://mywebsite1.com only to find errors that prevent me from viewing the site in various browsers.
SSL received a record with an unknown content type. (Error code: ssl_error_rx_unknown_record_type)
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
Browser: IE …takes me to Google…
NameVirtualHost 12.34.567.89 <VirtualHost 12.34.567.89> DocumentRoot /var/www/html ServerName website1.com </VirtualHost> <VirtualHost 12.34.567.89> DocumentRoot /var/www/html ServerName website2.com </VirtualHost> <VirtualHost 12.34.567.89> DocumentRoot /var/www/html ServerName website3.com </VirtualHost> <VirtualHost 12.34.567.90:80> DocumentRoot /var/www/html ServerName website4.com </VirtualHost>
- I’ve read that you must enable ssl with a command called “a2enmod ssl” but that command does not exist for my server.
- There are no ssl error logs in /etc/httpd/logs.
- As per Godaddy, I was instructed to name the key “mywebsite1” without the extension. However, they give me a crt with the extension, which is odd.
- This is only development phase and this change will need to be quickly reproduced with a new SSL and different domains once we launch the production server.
I’ve tried all of the steps 3 times (see 5a-5c), but still no luck in getting the SSL to work for 1 of my domains. How can I get SSL to work?
UPDATE: apachectl -S
12.34.567.90:80 mywebsite4.com (/etc/httpd/conf/httpd.conf:1021) 12.34.567.89:* is a NameVirtualHost default server mywebsite3.com (/etc/httpd/conf/httpd.conf:1016) port * namevhost mywebsite3.com (/etc/httpd/conf/httpd.conf:1016) port * namevhost mywebsite1.com (/etc/httpd/conf/httpd.conf:1026) port * namevhost mywebsite2.com (/etc/httpd/conf/httpd.conf:1031) port * namevhost mywebsite5.com (/etc/httpd/conf/httpd.conf:1036) wildcard NameVirtualHosts and _default_ servers: *:443 is a NameVirtualHost default server mywebsite1.com (/etc/httpd/conf.d/ssl.conf:77) port 443 namevhost mywebsite1.com (/etc/httpd/conf.d/ssl.conf:77) Syntax OK
UPDATE: Got it working..but..
I managed to get the SSL running by changing the vhost to just point to mywebsite1 instead of *:443
<VirtualHost mywebsite1.com> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/mywebsite1.com.crt SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key #SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt DocumentRoot /var/www/html ServerName mywebsite1.com ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn </VirtualHost>
This pulls up the SSL, however… the HTTP protocol returns a “Bad Request”
This change seems to be affecting the non-ssl viewing of the site. I can’t specify the port because restarting apache will give me an error that ports and non-ports can’t be mixed.
Fixed with the suggestion by Michael Hampton. Thanks guys.
You have a bunch of
<VirtualHost> entries that don’t have a port number defined. Thus, as your
apachectl -S output showed, the definition is being applied to all listening ports. Define a port number for each of those
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.