I have configured a VHost with SSL in my Apache web server. When I try to access that VHost, I am getting the following error:
[Wed May 20 22:29:46 2009] [error] [client 192.168.0.1] Invalid method in request \x16\x03\x01
We will get this error when we are trying to connect to a host through https, which the host doesn’t support.
I have added www.c.com and s.c.com to the /etc/hosts file. Then I have created two Vhosts with the below configuration:
HTTPD Named VHosts configuration:
NameVirtualHost www.c.com:443
NameVirtualHost s.c.com:443
VHost configuration for www.c.com
<VirtualHost www.c.com:443>
ErrorLog "/opt/apache/logs/error_log"
TransferLog "/opt/apache/logs/access_log"
ServerName www.c.com
ServerAlias c.com
DocumentRoot /opt/apache/htdocs
SSLEngine on
SSLOptions +StrictRequire +ExportCertData +StdEnvVars
<Directory />
AllowOverride All
Order allow,deny
Allow from all
Options Indexes FollowSymLinks
</Directory>
SSLProtocol -all +TLSv1 +SSLv3
#SSLCipherSuite HIGH:MEDIUM:!LOW:!aNULL:+SHA1:+HIGH:+MEDIUM
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /opt/certificates/server.crt
SSLCertificateKeyFile /opt/certificates/server.key
# require a client certificate which has to be directly
# signed by our CA certificate in ca.crt
SSLVerifyClient optional
SSLVerifyDepth 1
SSLCACertificateFile /opt/certificates/ca.crt
SSLCertificateChainFile /opt/certificates/ca.crt
SSLProxyEngine off
<IfModule mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLOptions +StdEnvVars
SSLOptions +ExportCertData
</VirtualHost>
VHost configuration for s.c.com is:
<VirtualHost s.c.com:443>
ErrorLog "/opt/apache/logs/error_log"
TransferLog "/opt/apache/logs/access_log"
ServerName s.c.com
ServerAlias s.c.com
DocumentRoot "/opt/apache/htdocs/s.c"
SSLEngine on
SSLOptions +StrictRequire +ExportCertData
<Directory />
AllowOverride All
Order allow,deny
Allow from all
Options Indexes FollowSymLinks
</Directory>
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!LOW:!aNULL:+SHA1:+HIGH:+MEDIUM
SSLCertificateFile /opt/certificates/s.c-server.crt
SSLCertificateKeyFile /opt/certificates/s.c-server.key
# require a client certificate which has to be directly
# signed by our CA certificate in ca.crt
#SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /opt/certificates/s.c-ca.crt
SSLCertificateChainFile /opt/certificates/s.c-ca.crt
SSLProxyEngine off
<IfModule mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
#SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLOptions +StdEnvVars
SSLOptions +ExportCertData
</VirtualHost>
When I try
openssl s_client -connect www.c.com
, I am getting the error:
5491:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583:
So, I thought that either SSL is not configured in Apache or VHost is not properly configured.
apachectl -M gives:
Loaded Modules:
core_module (static)
authn_file_module (static)
authn_default_module (static)
authz_host_module (static)
authz_groupfile_module (static)
authz_user_module (static)
authz_default_module (static)
auth_basic_module (static)
auth_digest_module (static)
include_module (static)
filter_module (static)
log_config_module (static)
env_module (static)
headers_module (static)
mpm_prefork_module (static)
http_module (static)
status_module (static)
autoindex_module (static)
asis_module (static)
cgi_module (static)
negotiation_module (static)
dir_module (static)
actions_module (static)
userdir_module (static)
alias_module (static)
so_module (static)
deflate_module (shared)
setenvif_module (shared)
ssl_module (shared)
mime_module (shared)
rewrite_module (shared)
php5_module (shared)
Syntax OK
apachectl -S gives:
VirtualHost configuration:
192.168.0.1:80 192.168.0.1 (/opt/apache/conf/httpd.conf:465)
127.0.0.1:443 is a NameVirtualHost
default server www.c.com (/opt/apache/conf/httpd.conf:489)
port 443 namevhost www.c.com (/opt/apache/conf/httpd.conf:489)
port 443 namevhost s.c.com (/opt/apache/conf/httpd.conf:537)
wildcard NameVirtualHosts and default servers:
*:8080 192.168.0.1 (/opt/apache/conf/httpd.conf:598)
Syntax OK
So I assumed that both the VHosts are configured properly. And when I start/stop apache service, I am getting a warning:
[Fri May 22 09:12:45 2009] [warn] NameVirtualHost s.c.com:443 has no VirtualHosts
The same configuration(httpd.conf, certificates) is working on the other machine.