SSL Certificate giving me Error 102

11 posts / 0 new
Last post
#1 Thu, 06/13/2013 - 09:25
geek0001

SSL Certificate giving me Error 102

Hi all,

I have just installed virtualmin on a fresh Centos 6 installation. I am setting up the SSL part for my website. I installed the certificate and it looks ok, I think. I got one of those cheap PositiveSSL certificate for around $5 a year. Anyway, when I try to access my website using https, Chrome is saying Error 102, connection refused. I scoured the web for answers and searched the forum for previous posts but didn't find anything useful. Anyway, I am hoping one of you "gurus" might be able to give me some ideas.

Thanks.

Thu, 06/13/2013 - 10:10
andreychek

Howdy,

I hadn't heard of anyone running into that before... I did some Googling, and saw that some people run into that when Chrome is configured to use a proxy server.

You can use the steps here to determine if your OS is configured to use a proxy server:

https://support.google.com/chrome/answer/96815?hl=en

If so, and you don't need one, you may want to disable that.

-Eric

Thu, 06/13/2013 - 20:39 (Reply to #2)
geek0001

Hi Eric, I am not using a proxy server to access the internet. If it was a proxy server issue, then I shouldn't be able to access virtualmin admin interface as well, which is secured by a self signed certificate.

The website also gives me an error irrespective of which browser I use, Firefox, Internet Explorer, etc.

Thu, 06/13/2013 - 22:57
andreychek

If you run this command on your server, what output do you get:

netstat -an | grep :443

Also, are you running a firewall of any sort? You can determine if one is running on your server with the command "iptables -L -n".

-Eric

Thu, 06/13/2013 - 23:06
geek0001

Hi Eric,

netstat output:
tcp        0      0 :::443                      :::*                        LISTEN

iptables output:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:20
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:21
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:20000
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:10000
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:20
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I think that looks right. I am more of a web developer, not much of a server admin, that's why I thought virtualmin might make it easy for me to setup websites.

Fri, 06/14/2013 - 09:06
andreychek

Howdy,

Yeah, that all looks normal...

Is there any chance you could post your domain name or SSL IP address here? You can always remove it after we get things working.

Having that would allow me to run some tests, and we can figure out more details about where the problem is.

-Eric

Fri, 06/14/2013 - 09:25 (Reply to #6)
geek0001

Hi Eric, I have been on this for the entire day now. I finally got some clues what to look for, I think the issue has to do with the certificate.

In the ssh terminal, I ran: openssl s_client -connect [my ip address]:443 (substitute [my ip address for the vps address])

in the output: I am getting: "unable to get local issuer certificate" error.

Any idea what I need to do to fix this certificate error? I read on the internet that I need to install a CA certificate or something.

Fri, 06/14/2013 - 09:07
Locutus

You might try other web browsers (Firefox/Opera), if only to get a different perspective (maybe error messages with more information) on the matter.

Fri, 06/14/2013 - 09:34
Locutus

Yeah, in case of some "cheap-ass" SSL authorities, you need to provide a "chained/intermediate certificate", if yours don't depend directly on a root CA. Check out "Server Configuration / Manage SSL Certificate", tab "CA Certificate" and upload the intermediate cert of your SSL provider there.

"If your virtual server's SSL certificate is from a certificate authority that is not directly known to major browsers, you may need to upload the CA's certificate using this form. The selected file can contain multiple CA certificates in PEM format, one after the other."

Sat, 06/15/2013 - 00:09 (Reply to #9)
geek0001

Thanks guys.. I think I got this sorted. I got 2 CA certificates file from Comodo when I bought the SSL cert. I just appended the other cert at the bottom of the PositiveSSLCA cert and uploaded it like you said.

To be honest, I never had to do that with other SSL certs that I have installed previously. In this case, you are right, I did buy a "cheap-ass" cert, cost me $5 a year because I didn't need top-notch security in this case. The website I am working on is just serving images.

In hindsight, I probably should have gone with a more expensive option, given that I just lost a day troubleshooting this problem. :)

Sat, 06/15/2013 - 01:43
Locutus

Yes, that's the thing with hindsight. ;) On the other hand, you can also argue that you made new experiences and learned something this way!

Topic locked