Estou tentando configurar o SSL em um antigo servidor opensuse:
openSUSE 11.4 (x86_64)
VERSION = 11.4
CODENAME = Celadon
Eu ativei o módulo SSL do apache:
apache2ctl -M
Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
actions_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_file_module (shared)
authz_host_module (shared)
authz_groupfile_module (shared)
authz_default_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
dir_module (shared)
env_module (shared)
expires_module (shared)
include_module (shared)
log_config_module (shared)
mime_module (shared)
negotiation_module (shared)
setenvif_module (shared)
ssl_module (shared)
userdir_module (shared)
php5_module (shared)
reqtimeout_module (shared)
deflate_module (shared)
headers_module (shared)
rewrite_module (shared)
Syntax OK
E configurei o host virtual fornecendo os certificados SSL (copiando e editando o vhost-ssl.template e renomeando-o https.xxxxxxxx.conf) e reiniciei o apache.
Quando tento conectar, recebo este erro:
openssl s_client -connect localhost:443
connect: Connection refused
connect:errno=111
Esta é a versão do openssl instalada:
OpenSSL 1.0.1p 9 Jul 2015 (Library: OpenSSL 1.0.0c 2 Dec 2010)
Se puder ajudar esta é a minha configuração do iptables:
iptables -L -vn
Chain INPUT (policy ACCEPT 4641 packets, 815K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1691 packets, 4745K bytes)
pkts bytes target prot opt in out source destination
Você pode me ajudar a entender por que não consigo me conectar no localhost à porta 443?
EDITAR:
Acredito que seja um problema com o apache e com o arquivo adicional https.xxxxxxx.conf:
httpd2 -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.conf:3)
port 80 namevhost xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:3)
port 80 namevhost XXX.XXX.XXX.XXX (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:9)
No meu listen.conf, parece que se o módulo SSL estiver habilitado, deve-se ouvir 443:
Listen 80
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen 443
</IfModule>
</IfDefine>
</IfDefine>
Esta é a saída do netstat:
netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 8105/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1847/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2179/master
tcp 0 0 :::80 :::* LISTEN 13330/httpd2-prefor
tcp 0 0 :::21 :::* LISTEN 1930/vsftpd
tcp 0 0 :::22 :::* LISTEN 1847/sshd
tcp 0 0 ::1:25 :::* LISTEN 2179/master
Eu modifiquei o arquivo / etc / sysconfig / apache2 para ativar o módulo SSL
APACHE_SERVER_FLAGS="SSL"
Agora parece responder corretamente bot localmente e remotamente:
openssl s_client -connect localhost:443
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
Ainda tenho problemas desde que recebo do navegador:
This site can’t be reached
xxxxxxxx.it unexpectedly closed the connection.
Try:
Checking the connection
Checking the proxy and the firewall
Running Network Diagnostics
ERR_CONNECTION_CLOSED
No entanto, acredito que o problema não esteja relacionado