Stack Overflow
Stack Overflow

Questions tagged [mod-ssl]

The Apache Httpd interface to OpenSSL

mod_ssl is a module for the Apache HTTPD webserver which allows it to perform SSL and TLS encryption on connections. Documentation is provided by Apache covering installation and setup for httpd 2.0 and 2.2

This tag should be used for questions around using mod_ssl in your application, extending it, controlling the state from your application, writing other Apache modules that talk to it and similar.

For questions around setting it up, and advanced configuration, the mod-ssl tag on ServerFault is likely to be a better place to ask.

118 questions
285
votes
15 answers

ssl_error_rx_record_too_long and Apache SSL

I've got a customer trying to access one of my sites, and they keep getting this error > ssl_error_rx_record_too_long They're getting this error on all browsers, all platforms. I can't reproduce the problem at all. My server and myself are located…
Subimage
  • 4,393
  • 3
  • 24
  • 18
33
votes
4 answers

Apache - Invalid command 'SSLMutex'

I am in the process of upgrading Apache version from 2.0 to 2.4. After 2.4 installed, I have faced below issue. Invalid command 'SSLMutex', perhaps misspelled or defined by a module not included in the server configuration AH00526: Syntax error on…
Thileepan
  • 331
  • 1
  • 3
  • 5
25
votes
1 answer

Is it possible to ignore an Apache proxy'd certificate

For background information: (Question at bottom) I'm trying to connect to a client, who has 8 servers, all of which have unique IP addresses. The client uses the same SSL certificate on all the servers (for this example, cert name ==…
Gwynnie
  • 404
  • 1
  • 5
  • 12
13
votes
1 answer

Apache-ssl vs mod_ssl

I just purchased an SSL certificate and am considering options for its implementation on my Amazon Elastic Load Balancer, which will leverage Apache2. From what I understand I have two options for implementing an SSL certificate in Apache 2 ---…
Archie1986
  • 1,027
  • 10
  • 16
12
votes
2 answers

How do I create 256 bit self-signed certificate key with OpenSSL?

Take a look at PayPal (https://www.paypal.com/) security certificate. It says: Connection Encrypted: High-grade Encryption (TLS_RSA_WITH_AES_256_CBC_SHA, 256 bit keys). Now, how can I create my self signed certificate to have the same encryption,…
user3284653
  • 191
  • 1
  • 1
  • 5
11
votes
7 answers

DOD Common Access Card (CAC) Authentication

I have figured out all the necessary steps to get DOD CAC card based client certificate authentication working in Apache, but am now struggling to pull a good GUID for the user from the certificate I am receiving. Is there a GUID available on the…
Jim
11
votes
2 answers

SSLCertificateChainFile is obsolete

I'm on Apache 2.4.12, so SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file. I cannot figure out how to do this, however--any combination of certificates other than…
vaindil
  • 7,536
  • 21
  • 68
  • 127
9
votes
4 answers

How to force Apache 2.2 to send the full certificate chain?

We are using Apache 2.2.25 with mod_ssl in the reverse proxy mode using mod_proxy. It has a server certificate we use for testing purposes, issued by GoDaddy. There are 3 certificates in the chain, server cert -> GoDaddy intermediate CA -> GoDaddy…
davka
  • 13,974
  • 11
  • 61
  • 86
8
votes
2 answers

Apache ProxyPass HTTPS and remote server with SNI

I'm wanting to front an AWS APIGateway URL with a reverse proxy in Apache. The reason is due to a process requiring a static IP to provision a service behind a strict firewall and that the current infrastructure has mod_proxy already in place. The…
gaf
  • 191
  • 1
  • 1
  • 8
8
votes
2 answers

Per-directory CA in httpd 2.4 (mod_ssl)

was support for per-directory CA files removed in httpd 2.4? Require valid-user SSLVerifyClient require SSLVerifyDepth 5 SSLCACertificateFile /path/to/ca.crt This snippet works under httpd 2.2.29, but isn't valid…
DarkKnightCZ
  • 123
  • 2
  • 7
7
votes
1 answer

Apache loads mod_ssl but ignored in my vhosts

I'm trying to secure my server's vhosts. I installed LE/Certbot fine, and had no issues. I installed/upgraded any dependencies to get certbot to work, again they ran fine. mod_ssl is installed and loaded. I ran phpinfo(), and in the LoadedModules…
Kingsley
  • 977
  • 2
  • 11
  • 27
6
votes
2 answers

mod_ssl vs mod24_ssl AWS

Going through the motions to get TLS up and running for my website. I read under the AWS documentation to sudo yum install -y mod24_ssl but was getting a conflict on some dependencies. I ended up reading a blog where someone mentioned sudo yum…
zedjay72
  • 177
  • 2
  • 10
5
votes
1 answer

"this version of mod_ssl was compiled against a newer library" after compiling Apache with custom OpenSSL

I've compiled and installed a newer version of OpenSSL, then performed a clean install of Apache, but it fails to start with the following messages in log: [Mon Mar 30 15:20:13.302086 2020] [ssl:warn] [pid 25350:tid 139644483991296] AH01882: Init:…
Dziki_Jam
  • 170
  • 2
  • 10
5
votes
1 answer

Disable Apache SSL engine for default 443 Virtual Host

I have two domains, example1.com and example2.com, running on the same IP, 12.345.678.90. Now I want to completely dissable https access via 12.345.678.90. I tried to do this (compact code without fancy stuff) SSLEngine…
weiglt
  • 1,059
  • 8
  • 15
5
votes
1 answer

Make SSL faster on Linux CentOS with Apache 2.4 OpenSSL 1.0

colleagues! Well, I am with a huge problem with the speed of SSL Authentication. Since I move my website to SSL, the GoogleBot reduce the indexing of my website, because the SSL Negotiation is with below value I got with WebPageTest.org: URL:…
Andre Luis de Andrade
  • 55
  • 1
  • 5
1
2 3 4 5 6 7 8