# Apache SSL Problems [Solved]

## Matrix905

Ok I've emereged Apache2 and everything added "-D SSL" to my conf.d,  However I'm not sure if SSL is working, I've created a user password with htpasswd and configured some VirutalHosts as seen below:

```

NameVirtualHost *:80

NameVirtualHost *:443

#Default Server

<VirtualHost *:80>

ServerName www.sincity.ath.cx

DocumentRoot /var/www/localhost/htdocs

</VirtualHost>

#Andrew Web

<VirtualHost *:80>

ServerName andrew.sincity.ath.cx

DocumentRoot /home/andrew/public_webpage

<Location />

Order allow,deny

Allow from all

Options All

</Location>

</VirtualHost>

#Andrew on SSL

<VirtualHost *:443>

Servername andrew.sincity.ath.cx

DocumentRoot /home/andrew

SSLEngine On

SSLCertificateFile /etc/apache2/conf/ssl/server.crt

SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key

<Location />

AuthType Basic

AuthName "Andrew's STuff>

AuthUserFile /etc/apache2/conf/andrew.pass

require valid-user

Options Indexes FollowSymLinks

Order Allow,Deny

</Location>

</VirtualHost>

```

My apache2.conf is :

```

ServerRoot /usr/lib/apache2

#ServerName localhost

#LockFile /etc/apache2/apache2.lock

PidFile /var/run/apache2.pid

ErrorLog logs/error_log

LogLevel warn

DocumentRoot /var/www/localhost/htdocs

DirectoryIndex index.html index.htm

#DavLockDB /etc/apache2/conf/dav/DavLock

### Dynamic Shared Object (DSO) Support

###

LoadModule access_module                 modules/mod_access.so

LoadModule auth_module                   modules/mod_auth.so

LoadModule auth_anon_module              modules/mod_auth_anon.so

LoadModule auth_dbm_module               modules/mod_auth_dbm.so

LoadModule auth_digest_module            modules/mod_auth_digest.so

LoadModule include_module                modules/mod_include.so

LoadModule log_config_module             modules/mod_log_config.so

LoadModule env_module                    modules/mod_env.so

LoadModule mime_magic_module             modules/mod_mime_magic.so

LoadModule cern_meta_module              modules/mod_cern_meta.so

LoadModule expires_module                modules/mod_expires.so

LoadModule headers_module                modules/mod_headers.so

LoadModule usertrack_module              modules/mod_usertrack.so

LoadModule unique_id_module              modules/mod_unique_id.so

LoadModule setenvif_module               modules/mod_setenvif.so

LoadModule proxy_module                  modules/mod_proxy.so

LoadModule proxy_connect_module          modules/mod_proxy_connect.so

LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so

LoadModule proxy_http_module             modules/mod_proxy_http.so

LoadModule mime_module                   modules/mod_mime.so

LoadModule status_module                 modules/mod_status.so

LoadModule autoindex_module              modules/mod_autoindex.so

LoadModule asis_module                   modules/mod_asis.so

LoadModule info_module                   modules/mod_info.so

LoadModule cgi_module                    modules/mod_cgi.so

LoadModule cgid_module                   modules/mod_cgid.so

LoadModule vhost_alias_module            modules/mod_vhost_alias.so

LoadModule negotiation_module            modules/mod_negotiation.so

LoadModule dir_module                    modules/mod_dir.so

LoadModule imap_module                   modules/mod_imap.so

LoadModule actions_module                modules/mod_actions.so

LoadModule speling_module                modules/mod_speling.so

LoadModule userdir_module                modules/mod_userdir.so

LoadModule alias_module                  modules/mod_alias.so

LoadModule rewrite_module                modules/mod_rewrite.so

###

### New Modules for 2.0 (some are experimental)

###

LoadModule file_cache_module             modules/mod_file_cache.so

LoadModule echo_module                   modules/mod_echo.so

LoadModule charset_lite_module           modules/mod_charset_lite.so

LoadModule cache_module                  modules/mod_cache.so

LoadModule disk_cache_module             modules/mod_disk_cache.so

LoadModule mem_cache_module              modules/mod_mem_cache.so

LoadModule ext_filter_module             modules/mod_ext_filter.so

LoadModule case_filter_module            modules/mod_case_filter.so

LoadModule case_filter_in_module         modules/mod_case_filter_in.so

LoadModule deflate_module                modules/mod_deflate.so

#LoadModule optional_hook_export_module   modules/mod_optional_hook_export.so

#LoadModule optional_hook_import_module   modules/mod_optional_hook_import.so

#LoadModule optional_fn_import_module     modules/mod_optional_fn_import.so

#LoadModule optional_fn_export_module     modules/mod_optional_fn_export.so

#LoadModule bucketeer_module              modules/mod_bucketeer.so

LoadModule logio_module                  modules/mod_logio.so

###

### Global Configuration

Include conf/modules.d/*.conf

Include conf/commonapache2.conf

###

### IP Address/Port

###

#BindAddress *

Listen 192.168.1.100:80

Listen 127.0.0.1:80

#Listen 192.168.1.100:443

#Listen 127.0.0.1:443

###

### Log configuration Section

###

<IfModule mod_log_config.c>

#Single logfile with access, agent and referer information

#This is the default, if vlogs are not defined for the main server

CustomLog logs/access_log combined env=!VLOG

#If VLOG is defined in conf/vhosts/vhosts.conf, we use this entry

#CustomLog "|/usr/sbin/apache2splitlogfile" vhost env=VLOG

</IfModule>

###

### Virtual Hosts

Include conf/vhosts/vhosts.conf

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 15

<IfModule prefork.c>

StartServers         5

MinSpareServers      5

MaxSpareServers     10

MaxClients         150

MaxRequestsPerChild  0

</IfModule>

<IfModule worker.c>

StartServers         2

MaxClients         150

MinSpareThreads     25

MaxSpareThreads     75

ThreadsPerChild     25

MaxRequestsPerChild  0

</IfModule>

<IfModule perchild.c>

NumServers           5

StartThreads         5

MinSpareThreads      5

MaxSpareThreads     10

MaxThreadsPerChild  20

MaxRequestsPerChild  0

</IfModule>

```

Now the problem is this when I try to Listen 192.168.1.100:443 then I get the error  "could not bind to address 0.0.0.0:443" and if I try to figure out what is wrong with netstat I get :

```

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State

tcp        0      0 192.168.1.100:80        0.0.0.0:*               LISTEN

tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN

tcp        0     52 192.168.1.100:22        192.168.1.1:1263        ESTABLISHED

tcp        0      0 192.168.1.100:22        192.168.1.1:1033        ESTABLISHED

Active UNIX domain sockets (servers and established)

Proto RefCnt Flags       Type       State         I-Node Path

unix  2      [ ACC ]     STREAM     LISTENING     11572  /dev/log

unix  2      [ ]         DGRAM                    1019   @udevd

unix  2      [ ACC ]     STREAM     LISTENING     13789  /var/run/cgisock

unix  3      [ ]         STREAM     CONNECTED     12858

unix  3      [ ]         STREAM     CONNECTED     12857

unix  3      [ ]         STREAM     CONNECTED     12372

unix  3      [ ]         STREAM     CONNECTED     12371

```

andI can see that there's definetly a 0.0.0.0:443 listening somehwere but I can't figure out what to turn off to get apache to listen to :443

Anyhow thanks for anyone's help sorry for the long post, I've been reading the forums for the last few hours but no to avail... hopefully someone will be able to help me with the info I've provided I can provide any other .conf files if needed. Oh.. and as a side note in 40_mod_ssl.conf "Listen 443" is enabled as I've been reading in the other posts that it should be. 

Anyhow thanks again,

- M -Last edited by Matrix905 on Fri Sep 23, 2005 5:47 pm; edited 1 time in total

----------

## commonloon

I've run into this before where I'm including a file that has a 2nd listen directive in it. I say take out from 40_mod_ssl.conf the "Listen 443," i.e., comment it out. I think you find that it is still listening on 443. Obviously, netstat can confirm.

----------

## Matrix905

ok, thanks for that that solves 1 problem!! it was indeed that Listen 443 that I needed to comment out to get it to listen correctly. However, now I'v run into the problem where I can download my certificate off of the website however, I can't authenticate.  I also get a 403 / forbidden error when trying to access the page using https

thanks for your help!  :Very Happy: 

- M -

----------

## Spiffster

 *Matrix905 wrote:*   

> ok, thanks for that that solves 1 problem!! it was indeed that Listen 443 that I needed to comment out to get it to listen correctly. However, now I'v run into the problem where I can download my certificate off of the website however, I can't authenticate.  I also get a 403 / forbidden error when trying to access the page using https

 

Perhaps due to a typing mistake?

```
AuthName "Andrew's STuff> 
```

----------

## Matrix905

Hey,

I've fixed the typo but it still doesn't let me authenticate... I'm not sure what else to do  :Razz:  but if anyone has some ideas I'd be glad to try them!!

Thanks,

- M -

----------

## JC99

Install webmin, then from there choose the ssl module in your apache section

Servers --> Apache Webserver --> Re-Configure Known Modules --> mod_ssl

You may have to configure the apache module

Servers --> Module Config --> path to http.conf (/etc/apache2/conf/apache2.conf)

----------

## commonloon

403's can happen for a number of reasons. Does it give you a 403 when you access it via regular http? Is your index.html readable by the apache user/group? Do you have an index.html? Do you have a 'Indexes' inside of the directory directive (commonapache2.conf) for what you are trying to access? What does your apache log say? tail /var/log/apache/{ssl-error_log,error_log} on gentoo generally.

----------

## Matrix905

Ok Thanks everyone!!! I've sloved the SSL issue!!!! I had to create a Certificate Authority, Sign the certificate and move the proper certificate and keys into the proper directories.

Also I do have a couple of quick questions, I've been reading about the Apache <Location /> and <Directory /> tags that you can use in vhost.conf. Now I was testing around with them and I've noticed that <Location /somedir> puts shows a webaddress of  http://myurl/somedir however I have no idea where it's pointing to on my machine. I'd assume it points to the DocumentRoot /some/path However that doesn't seem to be the case... but if I change <Location /somedir> to <Directory /somedir> as long as /somedir exists under my DocumentRoot /some/path/somedir then everything works like it should?

I'm just a little confused even after trying to figure it out through a bunch of tests.

lol sorry if that's kind of unclear but hopefully you all can gimme a hand,

But thanks everyone for helping me solve the initial SSL Problem!!!!

- M -

----------

