We have Apache 2.16 web servers where authentication is made via X509 client certificates (they come from chips cards). Here is the Directory configuration : <Directory /directory> SSLVerifyClient optional SSLVerifyDepth 5 SSLRequireSSL SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate </Directory> The authentication run fine, but from times to times, when the user try to upload a file the upload fail, and we find this in the apache error log : [Thu Dec 06 09:14:25 2012] [error] [client 80.82.235.94] [...]

I have installed an SSL certificate on my Ubuntu EC2 instance and I need one of the websites hosted on this instance to be accessible via https. I have several websites hosted all on the same IP through Virtual Hosts. However, I only need one website to be accessible via https. I am sure about the following: SSL certificate is properly installed Port 443 is open on EC2 I am sure about these because when [...]

I have a master running at my vps, and it has a simple helloworld manifest which works fine with any ubuntu machine I have. It connects, exchanges keys and creates test file allright, so I’m sure it’s not server issue. The agent which is running at a virtual machine with openSUSE says: err: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed. This is often because the time is [...]

I’m importing a SSL certificate to use in Tomcat in my keystore using keytool and it fails with “Public keys in reply and keystore don’t match” Problem might be declared by the fact that I created a new keystore after I accidentaly removed the old keystore file which I used from my CSR. Now I received a .crt file and a .ca file. What’s the best way to make SSL work under tomcat in my [...]

I am trying to enable ssl on a server using a certificate from 123-reg but I keep getting this error: nginx: [emerg] SSL_CTX_use_certificate_chain_file(“/opt/nginx/conf/cleantechlms.crt”) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib) This is my nginx config: server { listen 443; server_name a-fake-url.com; root /file/path/public; passenger_enabled on; ssl on; ssl_certificate /opt/nginx/conf/cleantechlms.crt; ssl_certificate_key /opt/nginx/conf/cleantechlms.key; } I have tried setting my crt and key to full file permissions but there is no difference. My crt file is [...]

I recently swapped my sites SSL certificate over to a new Thawte 2048 bit cert. Ubuntu/libcurl doesn’t seem to be able to verify it. Web browsers and OSX is fine. I had to manually update the cert bundle on the OS from here: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1374 Any ideas why Ubuntu doesn’t have these? Thank you Mark Asked by markba Instead of explicitly trusting the intermediate certificates, you should have your web server send the full certificate chain [...]

I am running a Apache2 server with three subdomains defined in separate files in /etc/apache2/sites-available I need ONE of those subdomains to be SSL-secured on port 80 for an application to work. Port 80 is required due to circumstances out of my control. The other subdomains are also on port 80. Now, when all subdomains are enabled in Apache the SSL-subdomain is NOT running SSL. If I disable the other subdomains SSL on the SSL-subdomain [...]

Good morning folks Could you give me a bit of help with the following problem ? I have a dns load balancing mechanism and an alias (hostAlias) which may point to host01, or host02 I want to configure apache and shibboleth to work with that alias. What happens is … User types : https://hostAlias (it points to host01) apache host01 : redirect to shibboleth shibboleth host01 : redirect to **https://hostAlias.cern.ch/Shibboleth.sso/ADFS** Now, there are two cases. [...]

In case I have both the httpd and JBoss in secure LAN, is it possible to terminate SSL requests at httpd, and pass the request to available JBoss via mod_cluster? Any idea what configuration involved? Asked by SyRenity By default, mod_cluster will terminate your SSL connection and pass information to the backend un-encrypted. See http://docs.jboss.org/mod_cluster/1.0.0/html/UsingSSL.html for instructions. Note section 12.2 which shows the extra configuration required to use SSL between the proxy and the backend [...]

I tried installing mod_ssl,I used this command apt-get install mod_ssl to install but I got an error saying unable to locate package mod_ssl. After executing the above command, I got below output Reading package list.. Done Build dependency tree Reading state information done.. E:unable to locate package mod_ssl How do I resolve it ? Asked by user1263374 Run the command dpkg -S mod_ssl.so. Chances are that it will display something like: apache2.2-common: /usr/lib/apache2/modules/mod_ssl.so It means [...]