Strange SSL problem

Kilian

Kilian

Verified User
Joined
Aug 22, 2005
Messages
38
Location
Rillaar, Belgium
I've got DA setup to use SSL (SSL=1).
I've also used my Thawte Certificate for that.
I can login to DA on https://secure.vermaelen.be:2222
And also https://secure.vermaelen.be is using the same Cert.
Works fine.

However. If I link from a page on port 2222 to another page on my normale secure site, things go wrong.

If I click WEBMAIL on my DA panel, my browser goes to https://secure.vermaelen.be/squirrelmail and I get the error PAGE NOT FOUND.

If I open a new browser and go to the same url it works fine.
Even stranger. If I hit refresh from the error page, it works fine !!

I made a custom login page: https://secure.vermaelen.be/nl/login.html
Works fine. But if I log out or I enter a wrong password trying to login, things go wrong. Again PAGE NOT FOUND

In the custom login page I link to https://secure.vermaelen.be/nl/loginerror.html if there's an error and to https://secure.vermaelen.be/nl/logout.html as logout page.

Hitting refresh won't work now, instead I get the defauld error page or default logout page from DA. If I open a new browser and enter those url's manually. They work fine.

I'm puzzled. :confused:
Any idees ??
 
It appears that DA isn't using the same URL that you are.

What URL appears in the browser when you try the link from DA that causes the error?

Jeff
 
jlasman said:
What URL appears in the browser when you try the link from DA that causes the error?
Click to expand...

What do you mean?

When I'm loged into DA this is the url on my browser:
https://secure.vermaelen.be:2222/

Then I click on WEBMAIL and a new window opens with the url:
https://secure.vermaelen.be/squirrelmail
But I get the error "De pagina kan niet worden weergegeven.".
Translated into English: "The page cannot be displayed."
In that same window I hit REFRESH and bingo, Squirrelmail appears.

Even stranger: I close that window and hit WEBMAIL again.
Squirrelmail opens in a new window as it should.
I close that window and goto another page in DA, and then hit WEBMAIL. Result: The Page cannot be displayed. Refresh and Squirrelmail is there again.

I think it might be a DNS problem as there are no error messages in the apache error logs. I'm currently migrating from my old server to my new DA server and DNS is still running on the old server. Maybe that's the problem.

Someone told me, if you open 2 websites on a different port with the same certificate that always gives trouble. Any experience with that??
 
Secure Certificates work by IP# and by port#, and compare the name you used to find the IP# and compare it with the name in the Certificate to see if they should issue a name mismatch error.

For your cert to work on port 2222 and for squirrelmail (which runs on the standard httpd secure port, 443), it would have to be installed twice. We do that when we install shared server certs.

I don't know why the first time doesn't work and a refresh does. If you got the Ceritificate from us please contact us by email and we'll investigate. Otherwise you might want to ask your Certificate provider to look for you.

Jeff
 
For your cert to work on port 2222 and for squirrelmail (which runs on the standard httpd secure port, 443), it would have to be installed twice.
Click to expand...
I installed my Thawte Certificate as you explaned here:
http://www.directadmin.com/forum/showthread.php?threadid=3816

Is there something wrong with that way of installation?
Do I have to copy the Certificate and install it in 2 different directories?
 
The information in that thread should probably work.

I have no idea why it's not working in your browser.

:(

Is it working for other people using Squirrelmail on your server?

Jeff
 
Kilian said:
Then I click on WEBMAIL and a new window opens with the url:
https://secure.vermaelen.be/squirrelmail
But I get the error "De pagina kan niet worden weergegeven.".
Translated into English: "The page cannot be displayed."
In that same window I hit REFRESH and bingo, Squirrelmail appears.

...

I think it might be a DNS problem as there are no error messages in the apache error logs. I'm currently migrating from my old server to my new DA server and DNS is still running on the old server. Maybe that's the problem.
Click to expand...

I think it's not DNS problem but rather trailing slash problem :)
Try this link: https://secure.vermaelen.be/squirrelmail/
If you need it working without the trailing slash, use Alias Apache directive.
 
I have exactly the same problem when using ssl.

when i log in en hit the webmail button, i get a page not found error. When i hit F5 i does show the webmail login page.

Same for the button Files.

I didn't find the solution so temporarily i changed the urls to of
those two button to http://

I know this is not very secure so i hope someone finds the solution.
 
IE vs. FireFox & Opera

Hey,
I stumbled onto a big difference between IE and FireFox or Opera.

The problem with SSL as we were discussing above, seems to be limited to Internet Explorer. I tried it in FireFox and no problem there. Everything works fine. I also tried it in Opera and no problem at all !!

Damn Bill Gates !! :mad:
 
Last edited:
Hi there!

I have exactly the same problem on serveral servers. I also discovered that firefox has no problemens with it and IE does.

But since the majority is using IE(not me!) I do need an answer.

I want to upload files with https and the problem than get bigger, repreducable.

Anyone ?
 
Found the problem in IE.

When you switch off SSL 3.0 in the IE settings the 'page not found' error is gone.

Next thing is to discover how to solve ths on the server side.
 
I installed the newest OPENSSL but that did not help.

Since I need to continue with my other work I made a work-around in the httpd.conf, in the mod_ssl section.

Just add the folowing and restart the httpd service, close all you're browser and you will see that SSL2.0 is used instead of 3.0. And this works for me now!!!!

SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
 
Edit httpd.conf

Hi,

Great sollution, but I keep reading warnings left and right not to edit httpd.conf manually.
DA is likely to overwrite those custom lines at the next update.

I tried adding those lines in the custom httpd section under extra features in DA, but that did not work.

Anyone any ideas on how to implement the above workaround in such a way it wont be overwritten? :confused:
 
Re: Edit httpd.conf

Kilian said:

I tried adding those lines in the custom httpd section under extra features in DA, but that did not work.
Click to expand...

Could you be more specific?

First, what exactly did you do (step by step)?
Second, how did you find out it didn't work?
Third, did you check user config files to make sure custom template changes were applied?
And lastly, did you restart Apache after checking user config files?
 
Hello,

The mod_ssl section is in the /etc/httpd/conf/httpd.conf.
This file is safe to edit as you need, will not lose your changes. Find the following line:
Code: 
<VirtualHost _default_:443>
and add the additions shortly after it (that's the mod_ssl section).

John
 
Hi John,

I thought I tested that(not sure anymore I tested so much ;-)) but it didn't work on that position in the httpd.conf.

So I put it in the httpd.conf in the <IfModule mod_ssl.c> section right after SSLLogLevel error.

Greetings,
Michel.
 
Where to put it ??

nieuwhier said:
So I put it in the httpd.conf in the <IfModule mod_ssl.c> section right after SSLLogLevel error.
Click to expand...
So, I did placed it right there.
Closed al IE windows.
Restarted httpd service.
and ...

NOTHING HAPPENED !!! :confused:

Anymore ideas ?? Anyone ??
 
/etc/httpd/conf/httpd.conf is the only place where I put the changes.

Are you sure you closed all you're IE screens, perhaps clearing the cache would help also.

As you probably now ;-) Checking which SSL is used can be done by right-clicking the page and choose properties.
 
You must log in or register to reply here.
Back
Top