These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for SSL Certificate giving me Error 102 on the new forum.
Hi all,
I have just installed virtualmin on a fresh Centos 6 installation. I am setting up the SSL part for my website. I installed the certificate and it looks ok, I think. I got one of those cheap PositiveSSL certificate for around $5 a year. Anyway, when I try to access my website using https, Chrome is saying Error 102, connection refused. I scoured the web for answers and searched the forum for previous posts but didn't find anything useful. Anyway, I am hoping one of you "gurus" might be able to give me some ideas.
Thanks.
Howdy,
I hadn't heard of anyone running into that before... I did some Googling, and saw that some people run into that when Chrome is configured to use a proxy server.
You can use the steps here to determine if your OS is configured to use a proxy server:
https://support.google.com/chrome/answer/96815?hl=en
If so, and you don't need one, you may want to disable that.
-Eric
Hi Eric, I am not using a proxy server to access the internet. If it was a proxy server issue, then I shouldn't be able to access virtualmin admin interface as well, which is secured by a self signed certificate.
The website also gives me an error irrespective of which browser I use, Firefox, Internet Explorer, etc.
If you run this command on your server, what output do you get:
netstat -an | grep :443
Also, are you running a firewall of any sort? You can determine if one is running on your server with the command "iptables -L -n".
-Eric
Hi Eric,
netstat output:
tcp 0 0 :::443 :::* LISTEN
iptables output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:20
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:21
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I think that looks right. I am more of a web developer, not much of a server admin, that's why I thought virtualmin might make it easy for me to setup websites.
Howdy,
Yeah, that all looks normal...
Is there any chance you could post your domain name or SSL IP address here? You can always remove it after we get things working.
Having that would allow me to run some tests, and we can figure out more details about where the problem is.
-Eric
Hi Eric, I have been on this for the entire day now. I finally got some clues what to look for, I think the issue has to do with the certificate.
In the ssh terminal, I ran: openssl s_client -connect [my ip address]:443 (substitute [my ip address for the vps address])
in the output: I am getting: "unable to get local issuer certificate" error.
Any idea what I need to do to fix this certificate error? I read on the internet that I need to install a CA certificate or something.
You might try other web browsers (Firefox/Opera), if only to get a different perspective (maybe error messages with more information) on the matter.
Yeah, in case of some "cheap-ass" SSL authorities, you need to provide a "chained/intermediate certificate", if yours don't depend directly on a root CA. Check out "Server Configuration / Manage SSL Certificate", tab "CA Certificate" and upload the intermediate cert of your SSL provider there.
"If your virtual server's SSL certificate is from a certificate authority that is not directly known to major browsers, you may need to upload the CA's certificate using this form. The selected file can contain multiple CA certificates in PEM format, one after the other."
Thanks guys.. I think I got this sorted. I got 2 CA certificates file from Comodo when I bought the SSL cert. I just appended the other cert at the bottom of the PositiveSSLCA cert and uploaded it like you said.
To be honest, I never had to do that with other SSL certs that I have installed previously. In this case, you are right, I did buy a "cheap-ass" cert, cost me $5 a year because I didn't need top-notch security in this case. The website I am working on is just serving images.
In hindsight, I probably should have gone with a more expensive option, given that I just lost a day troubleshooting this problem. :)
Yes, that's the thing with hindsight. ;) On the other hand, you can also argue that you made new experiences and learned something this way!