Apache SSL for Dummies...

Alles, was den Apache betrifft, kann hier besprochen werden.

Apache SSL for Dummies...

Postby friede » 22. November 2015 12:23

Hello world,
I am struggeling with Apache for a week now...
My Owncloud-Server is a virtual Debian 8 running inside VirtualBox on a physical Debian 7 (Openmediavault). Port forwarding and DynDNS are working great but I struggle with the SSL setup. So far I created a pair of private key and CSR, copied that CSR to Godaddy and downloaded the new certificate with the according cert_bundle. I enabled SSL and added the certificate and key paths to the default-ssl.conf in /sites-availabe. Until this point the apache default site was available on port 80. After reloading apache it fails to start and everything is broken. I tried this several times thanks to the snapshot I created before messing with the SSL settings. Could you please help me? I think there is the one thing that I'm missing but can't figure out what it is.

One more info: I downloaded the two crt-files to my windows machine and just copied the texts from notepad++ to nano (same file names). Was that a bad idea?
Please tell me which further information you need and I will answer immediately.

Thank you so much
- friede

sites-enabled folder:
Code: Select all
root@Owncloud-Server:/etc/apache2/sites-enabled# ls
000-default.conf  default-ssl.conf


default-ssl.conf:
Code: Select all
<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/ssl/certs/1efc5505ee0e9b3.crt
                SSLCertificateKeyFile /etc/ssl/private/XXXXXX.ddnss.de.key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
                SSLCACertificateFile /etc/ssl/certs/gd_bundle-g2-g1.crt
                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

                #   Certificate Revocation Lists (CRL):
                #   Set the CA revocation path where to find CA CRLs for client
                #   authentication or alternatively one huge file containing all
                #   of them (file must be PEM encoded)
                #   Note: Inside SSLCARevocationPath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCARevocationPath /etc/apache2/ssl.crl/
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

...



Apache error.log
Code: Select all
[Sun Nov 22 09:40:07.604521 2015] [ssl:emerg] [pid 14986] AH01895: Unable to configure verify locations for client authentication
[Sun Nov 22 09:40:07.604641 2015] [ssl:emerg] [pid 14986] SSL Library Error: error:0906D066:PEM routines:PEM_read_bio:bad end line
[Sun Nov 22 09:40:07.604665 2015] [ssl:emerg] [pid 14986] SSL Library Error: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
[Sun Nov 22 09:40:07.604678 2015] [ssl:emerg] [pid 14986] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
friede
 
Posts: 2
Joined: 22. November 2015 12:18
Operating System: Debian 8

Re: Apache SSL for Dummies...

Postby Nobbie » 22. November 2015 13:01

friede wrote:One more info: I downloaded the two crt-files to my windows machine and just copied the texts from notepad++ to nano (same file names). Was that a bad idea?


Yes. You MUST NOT edit CRT files.
Nobbie
 
Posts: 8772
Joined: 09. March 2008 13:04

Re: Apache SSL for Dummies...

Postby friede » 22. November 2015 13:05

:lol:

so i downloaded them directly and voila, evrything works fine. So easy :roll:

Thank you very much!
friede
 
Posts: 2
Joined: 22. November 2015 12:18
Operating System: Debian 8


Return to Apache

Who is online

Users browsing this forum: No registered users and 3 guests