Mailing List Archive: SSL not working - Serving plain HTTP on port 443?

SSL not working - Serving plain HTTP on port 443?

Oct 6, 2011, 5:42 AM

Post #1 of 7 (2393 views)

Hi everyone,
I'm trying to configure Cherokee to host a site over SSL. However, for some reason, Cherokee is serving plain HTTP over port 443, and not HTTPS. In other words, https://springfield.youareaninja.com/ doesn't work, but http://springfield.youareaninja.com:443/ works.

My configuration:
- Cherokee 1.2.99 from the unstable Debian repository (installed on Debian Testing)
- SSL/TLS back-end set to OpenSSL/libssl
- Port 443 added as a port, and "TLS/SSL port" ticked
- Certificate and certificate key specified in vserver Security tab

This server only has one virtual host, the default host. I initially tried with a StartSSL certificate, but I tried "Tasks -> SSL/TLS testing" in rule management and it has the same issue. At the moment, it's set to use the self-signed certificate.

Any suggestions or ideas?

Thanks!
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: SSL not working - Serving plain HTTP on port 443? [ In reply to ]

Oct 6, 2011, 5:46 AM

Post #2 of 7 (2344 views)

cat ssl.crt sub.class1.server.ca.pem > ssl_chained.crt

You need to use ssl_chained.crt as a cert file :)

Greetings,
JÄ™drzej Nowak

On Thu, Oct 6, 2011 at 2:42 PM, Daniel Lo Nigro <dan15@ymail.com> wrote:
> Hi everyone,
> I'm trying to configure Cherokee to host a site over SSL. However, for some reason, Cherokee is serving plain HTTP over port 443, and not HTTPS. In other words, https://springfield.youareaninja.com/ doesn't work, but http://springfield.youareaninja.com:443/ works.
>
> My configuration:
> Â -Â Cherokee 1.2.99 from the unstable Debian repository (installed on Debian Testing)
> Â -Â SSL/TLS back-end set to OpenSSL/libssl
> Â - Port 443 added as a port, and "TLS/SSL port" ticked
> Â - Certificate and certificate key specified in vserver Security tab
>
> This server only has one virtual host, the default host. I initially tried with a StartSSL certificate, but I tried "Tasks -> SSL/TLS testing" in rule management and it has the same issue. At the moment, it's set to use the self-signed certificate.
>
> Any suggestions or ideas?
>
> Thanks!
> _______________________________________________
> Cherokee mailing list
> Cherokee@lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: SSL not working - Serving plain HTTP on port 443? [ In reply to ]

Oct 6, 2011, 3:49 PM

Post #3 of 7 (2337 views)

Already did that as it's mentioned in the documentation (and I had to do something similar when using Lighttpd). It still doesn't work. As I mentioned, even the self-signed certificate isn't working. :(

----- Original Message -----
From: JÄ™drzej Nowak <me@pigmej.eu>
To: Daniel Lo Nigro <dan15@ymail.com>
Cc: "cherokee@lists.octality.com" <cherokee@lists.octality.com>
Sent: Thursday, 6 October 2011 11:46 PM
Subject: Re: [Cherokee] SSL not working - Serving plain HTTP on port 443?

cat ssl.crt sub.class1.server.ca.pem > ssl_chained.crt

You need to use ssl_chained.crt as a cert file :)

Greetings,
JÄ™drzej Nowak

On Thu, Oct 6, 2011 at 2:42 PM, Daniel Lo Nigro <dan15@ymail.com> wrote:
> Hi everyone,
> I'm trying to configure Cherokee to host a site over SSL. However, for some reason, Cherokee is serving plain HTTP over port 443, and not HTTPS. In other words, https://springfield.youareaninja.com/ doesn't work, but http://springfield.youareaninja.com:443/ works.
>
> My configuration:
> Â -Â Cherokee 1.2.99 from the unstable Debian repository (installed on Debian Testing)
> Â -Â SSL/TLS back-end set to OpenSSL/libssl
> Â - Port 443 added as a port, and "TLS/SSL port" ticked
> Â - Certificate and certificate key specified in vserver Security tab
>
> This server only has one virtual host, the default host. I initially tried with a StartSSL certificate, but I tried "Tasks -> SSL/TLS testing" in rule management and it has the same issue. At the moment, it's set to use the self-signed certificate.
>
> Any suggestions or ideas?
>
> Thanks!
> _______________________________________________
> Cherokee mailing list
> Cherokee@lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>

_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: SSL not working - Serving plain HTTP on port 443? [ In reply to ]

jimpisaacs at gmail

Oct 6, 2011, 3:57 PM

Post #4 of 7 (2337 views)

I just got this working the other day on a Fedora system, same cherokee version.
So it could be with the debian package, the certificate or key, or maybe proxy?

2011/10/6 Daniel Lo Nigro <dan15@ymail.com>:
> Already did that as it's mentioned in the documentation (and I had to do something similar when using Lighttpd). It still doesn't work. As I mentioned, even the self-signed certificate isn't working. :(
>
>
> ----- Original Message -----
> From: JÄ™drzej Nowak <me@pigmej.eu>
> To: Daniel Lo Nigro <dan15@ymail.com>
> Cc: "cherokee@lists.octality.com" <cherokee@lists.octality.com>
> Sent: Thursday, 6 October 2011 11:46 PM
> Subject: Re: [Cherokee] SSL not working - Serving plain HTTP on port 443?
>
> cat ssl.crt sub.class1.server.ca.pem > ssl_chained.crt
>
> You need to use ssl_chained.crt as a cert file :)
>
> Greetings,
> JÄ™drzej Nowak
>
>
>
> On Thu, Oct 6, 2011 at 2:42 PM, Daniel Lo Nigro <dan15@ymail.com> wrote:
>> Hi everyone,
>> I'm trying to configure Cherokee to host a site over SSL. However, for some reason, Cherokee is serving plain HTTP over port 443, and not HTTPS. In other words, https://springfield.youareaninja.com/ doesn't work, but http://springfield.youareaninja.com:443/ works.
>>
>> My configuration:
>> Â -Â Cherokee 1.2.99 from the unstable Debian repository (installed on Debian Testing)
>> Â -Â SSL/TLS back-end set to OpenSSL/libssl
>> Â - Port 443 added as a port, and "TLS/SSL port" ticked
>> Â - Certificate and certificate key specified in vserver Security tab
>>
>> This server only has one virtual host, the default host. I initially tried with a StartSSL certificate, but I tried "Tasks -> SSL/TLS testing" in rule management and it has the same issue. At the moment, it's set to use the self-signed certificate.
>>
>> Any suggestions or ideas?
>>
>> Thanks!
>> _______________________________________________
>> Cherokee mailing list
>> Cherokee@lists.octality.com
>> http://lists.octality.com/listinfo/cherokee
>>
>
> _______________________________________________
> Cherokee mailing list
> Cherokee@lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: SSL not working - Serving plain HTTP on port 443? [ In reply to ]

stefan at konink

Oct 6, 2011, 4:18 PM

Post #5 of 7 (2353 views)

Is everyone in this thread absolutely sure that:

General Settings > Ports to listen looks like:
<http://www.cherokee-project.com/doc/media/images/admin_general_ports.png>

TLS/SSL port is ticked?

Stefan

On Thu, 6 Oct 2011, Jim Isaacs wrote:

> I just got this working the other day on a Fedora system, same cherokee version.
> So it could be with the debian package, the certificate or key, or maybe proxy?
>
>
> 2011/10/6 Daniel Lo Nigro <dan15@ymail.com>:
>> Already did that as it's mentioned in the documentation (and I had to do something similar when using Lighttpd). It still doesn't work. As I mentioned, even the self-signed certificate isn't working. :(
>>
>>
>> ----- Original Message -----
>> From: JÄ™drzej Nowak <me@pigmej.eu>
>> To: Daniel Lo Nigro <dan15@ymail.com>
>> Cc: "cherokee@lists.octality.com" <cherokee@lists.octality.com>
>> Sent: Thursday, 6 October 2011 11:46 PM
>> Subject: Re: [Cherokee] SSL not working - Serving plain HTTP on port 443?
>>
>> cat ssl.crt sub.class1.server.ca.pem > ssl_chained.crt
>>
>> You need to use ssl_chained.crt as a cert file :)
>>
>> Greetings,
>> JÄ™drzej Nowak
>>
>>
>>
>> On Thu, Oct 6, 2011 at 2:42 PM, Daniel Lo Nigro <dan15@ymail.com> wrote:
>>> Hi everyone,
>>> I'm trying to configure Cherokee to host a site over SSL. However, for some reason, Cherokee is serving plain HTTP over port 443, and not HTTPS. In other words, https://springfield.youareaninja.com/ doesn't work, but http://springfield.youareaninja.com:443/ works.
>>>
>>> My configuration:
>>> Â -Â Cherokee 1.2.99 from the unstable Debian repository (installed on Debian Testing)
>>> Â -Â SSL/TLS back-end set to OpenSSL/libssl
>>> Â - Port 443 added as a port, and "TLS/SSL port" ticked
>>> Â - Certificate and certificate key specified in vserver Security tab
>>>
>>> This server only has one virtual host, the default host. I initially tried with a StartSSL certificate, but I tried "Tasks -> SSL/TLS testing" in rule management and it has the same issue. At the moment, it's set to use the self-signed certificate.
>>>
>>> Any suggestions or ideas?
>>>
>>> Thanks!
>>> _______________________________________________
>>> Cherokee mailing list
>>> Cherokee@lists.octality.com
>>> http://lists.octality.com/listinfo/cherokee
>>>
>>
>> _______________________________________________
>> Cherokee mailing list
>> Cherokee@lists.octality.com
>> http://lists.octality.com/listinfo/cherokee
>>
> _______________________________________________
> Cherokee mailing list
> Cherokee@lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>
> !DSPAM:1,4e8e3277275301408113083!
>
>

Re: SSL not working - Serving plain HTTP on port 443? [ In reply to ]

Oct 7, 2011, 3:39 AM

Post #6 of 7 (2336 views)

Hmmm, this is interesting. I played around with the settings a bit, and it seems to work once I disable IPv6 support! Very weird, perhaps a bug of some sort?

----- Original Message -----
From: Stefan de Konink <stefan@konink.de>
To: Jim Isaacs <jimpisaacs@gmail.com>
Cc: Daniel Lo Nigro <dan15@ymail.com>; "cherokee@lists.octality.com" <cherokee@lists.octality.com>
Sent: Friday, 7 October 2011 10:18 AM
Subject: Re: [Cherokee] SSL not working - Serving plain HTTP on port 443?

Is everyone in this thread absolutely sure that:

General Settings > Ports to listen looks like:
<http://www.cherokee-project.com/doc/media/images/admin_general_ports.png>

TLS/SSL port is ticked?

Stefan

On Thu, 6 Oct 2011, Jim Isaacs wrote:

> I just got this working the other day on a Fedora system, same cherokee version.
> So it could be with the debian package, the certificate or key, or maybe proxy?
>
>
> 2011/10/6 Daniel Lo Nigro <dan15@ymail.com>:
>> Already did that as it's mentioned in the documentation (and I had to do something similar when using Lighttpd). It still doesn't work. As I mentioned, even the self-signed certificate isn't working. :(
>>
>>
>> ----- Original Message -----
>> From: JÄ™drzej Nowak <me@pigmej.eu>
>> To: Daniel Lo Nigro <dan15@ymail.com>
>> Cc: "cherokee@lists.octality.com" <cherokee@lists.octality.com>
>> Sent: Thursday, 6 October 2011 11:46 PM
>> Subject: Re: [Cherokee] SSL not working - Serving plain HTTP on port 443?
>>
>> cat ssl.crt sub.class1.server.ca.pem > ssl_chained.crt
>>
>> You need to use ssl_chained.crt as a cert file :)
>>
>> Greetings,
>> JÄ™drzej Nowak
>>
>>
>>
>> On Thu, Oct 6, 2011 at 2:42 PM, Daniel Lo Nigro <dan15@ymail.com> wrote:
>>> Hi everyone,
>>> I'm trying to configure Cherokee to host a site over SSL. However, for some reason, Cherokee is serving plain HTTP over port 443, and not HTTPS. In other words, https://springfield.youareaninja.com/ doesn't work, but http://springfield.youareaninja.com:443/ works.
>>>
>>> My configuration:
>>> Â -Â Cherokee 1.2.99 from the unstable Debian repository (installed on Debian Testing)
>>> Â -Â SSL/TLS back-end set to OpenSSL/libssl
>>> Â - Port 443 added as a port, and "TLS/SSL port" ticked
>>> Â - Certificate and certificate key specified in vserver Security tab
>>>
>>> This server only has one virtual host, the default host. I initially tried with a StartSSL certificate, but I tried "Tasks -> SSL/TLS testing" in rule management and it has the same issue. At the moment, it's set to use the self-signed certificate.
>>>
>>> Any suggestions or ideas?
>>>
>>> Thanks!
>>> _______________________________________________
>>> Cherokee mailing list
>>> Cherokee@lists.octality.com
>>> http://lists.octality.com/listinfo/cherokee
>>>
>>
>> _______________________________________________
>> Cherokee mailing list
>> Cherokee@lists.octality.com
>> http://lists.octality.com/listinfo/cherokee
>>
> _______________________________________________
> Cherokee mailing list
> Cherokee@lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>
> !DSPAM:1,4e8e3277275301408113083!
>
>
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: SSL not working - Serving plain HTTP on port 443? [ In reply to ]

jimpisaacs at gmail

Oct 7, 2011, 9:43 AM

Post #7 of 7 (2343 views)

I also already had IPv6 support turned off before every trying. Sorry,
forgot about that.

On Fri, Oct 7, 2011 at 3:39 AM, Daniel Lo Nigro <dan15@ymail.com> wrote:
> Hmmm, this is interesting. I played around with the settings a bit, and it seems to work once I disable IPv6 support! Very weird, perhaps a bug of some sort?
>
>
> ----- Original Message -----
> From: Stefan de Konink <stefan@konink.de>
> To: Jim Isaacs <jimpisaacs@gmail.com>
> Cc: Daniel Lo Nigro <dan15@ymail.com>; "cherokee@lists.octality.com" <cherokee@lists.octality.com>
> Sent: Friday, 7 October 2011 10:18 AM
> Subject: Re: [Cherokee] SSL not working - Serving plain HTTP on port 443?
>
> Is everyone in this thread absolutely sure that:
>
> General Settings > Ports to listen looks like:
> <http://www.cherokee-project.com/doc/media/images/admin_general_ports.png>
>
> TLS/SSL port is ticked?
>
> Stefan
>
> On Thu, 6 Oct 2011, Jim Isaacs wrote:
>
>> I just got this working the other day on a Fedora system, same cherokee version.
>> So it could be with the debian package, the certificate or key, or maybe proxy?
>>
>>
>> 2011/10/6 Daniel Lo Nigro <dan15@ymail.com>:
>>> Already did that as it's mentioned in the documentation (and I had to do something similar when using Lighttpd). It still doesn't work. As I mentioned, even the self-signed certificate isn't working. :(
>>>
>>>
>>> ----- Original Message -----
>>> From: JÄ™drzej Nowak <me@pigmej.eu>
>>> To: Daniel Lo Nigro <dan15@ymail.com>
>>> Cc: "cherokee@lists.octality.com" <cherokee@lists.octality.com>
>>> Sent: Thursday, 6 October 2011 11:46 PM
>>> Subject: Re: [Cherokee] SSL not working - Serving plain HTTP on port 443?
>>>
>>> cat ssl.crt sub.class1.server.ca.pem > ssl_chained.crt
>>>
>>> You need to use ssl_chained.crt as a cert file :)
>>>
>>> Greetings,
>>> JÄ™drzej Nowak
>>>
>>>
>>>
>>> On Thu, Oct 6, 2011 at 2:42 PM, Daniel Lo Nigro <dan15@ymail.com> wrote:
>>>> Hi everyone,
>>>> I'm trying to configure Cherokee to host a site over SSL. However, for some reason, Cherokee is serving plain HTTP over port 443, and not HTTPS. In other words, https://springfield.youareaninja.com/ doesn't work, but http://springfield.youareaninja.com:443/ works.
>>>>
>>>> My configuration:
>>>> Â -Â Cherokee 1.2.99 from the unstable Debian repository (installed on Debian Testing)
>>>> Â -Â SSL/TLS back-end set to OpenSSL/libssl
>>>> Â - Port 443 added as a port, and "TLS/SSL port" ticked
>>>> Â - Certificate and certificate key specified in vserver Security tab
>>>>
>>>> This server only has one virtual host, the default host. I initially tried with a StartSSL certificate, but I tried "Tasks -> SSL/TLS testing" in rule management and it has the same issue. At the moment, it's set to use the self-signed certificate.
>>>>
>>>> Any suggestions or ideas?
>>>>
>>>> Thanks!
>>>> _______________________________________________
>>>> Cherokee mailing list
>>>> Cherokee@lists.octality.com
>>>> http://lists.octality.com/listinfo/cherokee
>>>>
>>>
>>> _______________________________________________
>>> Cherokee mailing list
>>> Cherokee@lists.octality.com
>>> http://lists.octality.com/listinfo/cherokee
>>>
>> _______________________________________________
>> Cherokee mailing list
>> Cherokee@lists.octality.com
>> http://lists.octality.com/listinfo/cherokee
>>
>> !DSPAM:1,4e8e3277275301408113083!
>>
>>
>
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee