Need help with my SSL config please
When I submitted the CSR to RapidSSL, it told me to go back and get a 2048 request. I figured out how to do that and resubmitted the request and got my private cert (I chose sha-2).
Here is my ports.conf:
[color]# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost *:80
Listen 80
<ifmodule mod_ssl.c=""># If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <virtualhost *:443=""># Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost 198.74.54.233:443
Listen 443</virtualhost></ifmodule>
<ifmodule mod_gnutls.c="">Listen 443</ifmodule> [/color]
–--------------
My virtual host file
[color] <virtualhost *:80=""># Admin email, Server Name (domain name), and any aliases
ServerAdmin rick@flyingdingo.com
ServerName k9hq.org
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /home/rick/public/k9hq.org/public
# Log file locations
LogLevel warn
ErrorLog /home/rick/public/k9hq.org/log/error.log
CustomLog /home/rick/public/k9hq.org/log/access.log combined</virtualhost>
<virtualhost 198.74.54.233:443="">SSLEngine On
SSLProtocol all
SSLCertificateFile /etc/apache2/ssl/k9hq.org.crt
SSLCertificateKeyFile /etc/apache2/ssl/k9hq.org.key
SSLCACertificateFile /etc/apache2/ssl/intermediate.cer
ServerAdmin hello@k9hq.org
ServerName k9hq.org
DocumentRoot /home/rick/public/k9hq.org/public
ErrorLog /home/rick/public/k9hq.org/log/error.log
CustomLog /home/rick/public/k9hq.org/log/access.log combined</virtualhost> [/color]
Apache does not throw errors when I reload the service, yet I am unable to make a secure connection with a browser. Do you think I need to add something to Apache because of the 2048 cert or the SHA-2 hash? I am at a dead end.
7 Replies
![](
Gives good idea of what your SSL and config look like.
Using an SSL without www is a bit confusing for some. Normally if you get the www with the domain you can use both with the same cert. You can then redirect access from
Using 2048 bit RSA is fine, but SHA-2 is a little unusual and may pose a problem with really old browsers. But that's probably not the issue here, if it's not even working for you in Chrome.