Hello,
i have a SSL site problem. i want to say the problem from your mail because, i hesitate the problem is general or special.
I bought a SSL certificate for mt site www.mydomain.com and install it on the server. But i do not reach the site some browsers.(For example i can open site with IE 6, Firefox 3 , but i can not IE 7 and Firefox 1.5). (400 Bad Request Error) When i ask this problem about certificate company they said that is an Apache configuration problem. But when i search the Apache configuration i do not find any error or i do not understant what is the wrong.
Apache version 2.0.53
IP adress is dedicated for mydomain.com.
So i want to sent the Apache configuration for this virtual server;
<VirtualHost ...:80> ServerName mydomain.com ServerAlias www.mydomain.com ServerAlias lists.mydomain.com DocumentRoot /home/mydomain/public_html ErrorLog /home/mydomain/logs/error_log CustomLog /home/mydomain/logs/access_log combined ScriptAlias /cgi-bin/ /home/mydomain/cgi-bin/ ScriptAlias /awstats /home/mydomain/cgi-bin DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/mydomain/public_html> Options Indexes IncludesNOEXEC FollowSymLinks allow from all AllowOverride All </Directory> <Directory /home/mydomain/cgi-bin> allow from all </Directory> Alias /dav /home/mydomain/public_html <Location /dav> DAV On AuthType Basic AuthName mydomain.com AuthUserFile /home/mydomain/etc/dav.digest.passwd Require valid-user ForceType text/plain </Location> RedirectMatch /cgi-bin/mailman/([^/])(.) https://mydomain.com:/virtualmin-mailman/unauthenticated/$1.cgi$2 RedirectMatch /mailman/([^/])(.) https://mydomain.com:/virtualmin-mailman/unauthenticated/$1.cgi$2
SSLEngine on SSLCertificateFile /home/mydomain/ssl.cert SSLCertificateKeyFile /home/mydomain/ssl.key</VirtualHost>
<VirtualHost ...:443> ServerName www.mydomain.com
ServerAlias www.mydomain.comServerAlias lists.www.mydomain.com DocumentRoot /home/mydomain/public_html ErrorLog /home/mydomain/logs/error_log CustomLog /home/mydomain/logs/access_log combined ScriptAlias /cgi-bin/ /home/mydomain/cgi-bin/ ScriptAlias /awstats /home/mydomain/cgi-bin DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/mydomain/public_html> Options Indexes IncludesNOEXEC FollowSymLinks allow from all AllowOverride All </Directory> <Directory /home/mydomain/cgi-bin> allow from all </Directory> Alias /dav /home/mydomain/public_html <Location /dav> DAV On AuthType Basic AuthName mydomain.com AuthUserFile /home/mydomain/etc/dav.digest.passwd Require valid-user ForceType text/plain </Location>
RedirectMatch /cgi-bin/mailman/([^/])(.) https://mydomain.com:***/virtualmin-mailman/unauthenticated/$1.cgi$2 RedirectMatch /mailman/([^/])(.) https://mydomain.com:***/virtualmin-mailman/unauthenticated/$1.cgi$2SSLEngine on SSLCertificateFile /home/mydomain/ssl.cert SSLCertificateKeyFile /home/mydomain/ssl.key SSLCACertificateFile /etc/httpd/conf/ssl.crt/AlphaSSLroot.crt SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown </VirtualHost>
Like this there are two VirtualHost information.
And Load Modules in Apache conf file;
LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule auth_anon_module modules/mod_auth_anon.so LoadModule auth_dbm_module modules/mod_auth_dbm.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule expires_module modules/mod_expires.so LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule asis_module modules/mod_asis.so LoadModule info_module modules/mod_info.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule imap_module modules/mod_imap.so LoadModule actions_module modules/mod_actions.so LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule file_cache_module modules/mod_file_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule cgi_module modules/mod_cgi.so
There is no line like LoadModule ssl_module modules/ApacheModuleSSL.so
Is it necessary to load ssl module for this? But why some of the browser open site?
I read http://www.virtualmin.com/bugs/index.php?do=details&task_id=4160 but i can not understand this is related my problem or not.
Thank you for your help.
What company did you get the SSL cert from?
And is "AlphaSSLroot.crt" a certificate file provided by that company?
-Eric
The issue you've linked to is not related. It's a very special case involving a server <i>in front of</i> Apache, and SSL connections. Unless you're also using a proxy (like Pound), this won't apply to you.
It may be that you also need a chaining certificate, in addition to the key and certificate. If it is a low cost certificate (i.e. one costing less than $100/year) it is almost certainly such a certificate. GoDaddy offers them, as do several other providers. There's nothing wrong with using them--we use one here at Virtualmin.com--but they do require one additional piece of configuration and one more certificate file.
--
Check out the forum guidelines!