[NCLUG] Apache/mod_ssl question

Rich Young rich at experienceplus.com
Mon Mar 15 09:30:36 MST 2004 

Anyone have any experience with web server certs?  We recently updated
our firewall, and doing so seems to have broken our web server's secure
cert.  The IP of the server didn't change, nor did the location of any
of the cert or key files, nor the server conf.  AFAIK, the only change
was that the HTTPS traffic was being forwarded to the web server by a
different device from what we'd been using before.  HTTPS connections
reach the server, but are aborted (I think) during the handshake; they
terminate with errors like this:

Lynx says "Alert!: Unable to make secure connection to remote host."
then exits with signal 11.
Netscape 7 just doesn't load the page, but displays no error message.
Opera 7 says "Transmission Failure"
IE 6 says "Page cannot be displayed <blah blah> Cannot find server or
DNS Error"
Mozilla says "The connection to ... has terminated unexpectedly.  Some
data may have been transferred."

I reissued the cert in an attempt to fix the problem, but we're still
getting the same errors in the httpd error_log:
[root at www conf]# tail /var/log/httpd/error_log
[Mon Mar 15 09:31:01 2004] [error] [client 192.168.0.116] Invalid method
in request !L!!
[Mon Mar 15 09:31:46 2004] [error] [client 192.168.0.116] Invalid method
in request !F!!!
[Mon Mar 15 09:31:46 2004] [error] [client 192.168.0.116] Invalid method
in request !F!!
[Mon Mar 15 09:31:46 2004] [error] [client 192.168.0.116] Invalid method
in request !F!!
[Mon Mar 15 09:32:09 2004] [error] [client 192.168.0.116] Invalid method
in request !F!!
[Mon Mar 15 09:32:44 2004] [error] [client 192.168.0.116] Invalid method
in request !F!!!
[Mon Mar 15 09:37:45 2004] [error] [client 64.62.240.2] Invalid method
in request !|!!!
[Mon Mar 15 09:37:48 2004] [error] [client 64.62.240.2] Invalid method
in request !|!!!
[Mon Mar 15 09:51:06 2004] [error] [client 64.62.240.2] Invalid method
in request !!!!!
[Mon Mar 15 10:03:13 2004] [error] [client 163.150.15.183] Invalid
method in request !L!!

Perhaps tellingly, /var/log/httpd/ssl_error_log shows no record of these
transactions, nor does /var/log/httpd/ssl_access_log.

I've tried using openssl diagnostics from a remote site, but I don't
really know what to do with the output.  If anyone has ideas about what
to do, please let me in on the secret.  Thanks,

--Rich

More information about the NCLUG mailing list