SSLCert Install but FF returns ssl_error_rx_record_too_long

Question

SSLCert Install but FF returns ssl_error_rx_record_too_long

development

forum:aewilliams 13 years, 9 months ago

I'm having trouble with apache after installing SSL cert #2 on my CentOS 5.5 server.

Here are my server specs:

CentOS 5.5

Virtualmin GPL (all modules up to date)

OpenSSL

Apache2.2

Here are my steps so far:

I got a third IP from linode.

Configured it on eth0:1 moved private IP to eth0:2

Purchased 5domain UCC cert from GoDaddy.

Configured it as I've done many times before. Godaddy confirms that it's installed correctly according to their testing tool.

Configured VirtualHost as follows:

NameVirtualHost XX.XX.XX.56:443
 <virtualhost xx.xx.xx.56:443="">SuexecUserGroup #501 #502
ServerName ifmasa.org
ServerAlias www.ifmasa.org
ServerAlias webmail.ifmasa.org
ServerAlias admin.ifmasa.org
DocumentRoot /home/williamswebsites.com/public_html
ErrorLog /var/log/virtualmin/ifmasa.org_error_log
CustomLog /var/log/virtualmin/ifmasa.org_access_log "combined"
ScriptAlias /cgi-bin/ /home/williamswebsites.com/domains/ifmasa.org/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
 <directory "="" home="" williamswebsites.com="" public_html"="">Options -Indexes +IncludesNOEXEC +FollowSymLinks
allow from all
AllowOverride All</directory> 
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.ifmasa.org
RewriteRule ^(.*) https://ifmasa.org:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.ifmasa.org
RewriteRule ^(.*) https://ifmasa.org:10000/ [R]
SSLEngine on
SSLCertificateFile /home/williamswebsites.com/domains/ifmasa.org/ssl.cert
SSLCertificateKeyFile /home/williamswebsites.com/domains/ifmasa.org/ssl.key
SSLCertificateChainFile /home/williamswebsites.com/domains/ifmasa.org/gd_bundle.crt
SSLCACertificateFile /home/williamswebsites.com/domains/ifmasa.org/ssl.ca</virtualhost>

Now if I go to https://www.ifmasa.org I get the following:
> Secure Connection Failed

An error occurred during a connection to www.ifmasa.org.

SSL received a record that exceeded the maximum permissible length.

(Error code: sslerrorrxrecordtoo_long)

However if I go to http://www.ifmasa.org:443 apache shows me the index. This leads me to believe that something is wrong with apache not the cert.

Any ideas? or questions for more info?

Thanks!

8 Replies

forum:otherbbs · Answer 1 · July 8, 2010, 8:44 p.m.

forum:otherbbs 13 years, 9 months ago

Have you taken a look at:

http://library.linode.com/web-servers/a … l-centos-5">http://library.linode.com/web-servers/apache/ssl-guides/using-ssl-centos-5

forum:aewilliams · Answer 2 · July 8, 2010, 8:53 p.m.

forum:aewilliams 13 years, 9 months ago

Yes. I've installed SSL certs before and I'm about 95% sure that it's not the cert. I think it's something in apache, maybe in the httpd.conf file that I haven't thought of.

Any more ideas?

Anyone ever seen that error message before?

Why would apache be serving that index on the 443 port? Also, what directory is it showing because there are no files there?

Is it possible that there is another conf file with VirtualHosts in it that I'm missing? If so, where should I look?

forum:hybinet · Answer 3 · July 8, 2010, 9:42 p.m.

forum:hybinet 13 years, 9 months ago

https://www.ifmasa.org/ is loading all right for me. Fixed?

By the way, that Firefox error means that your server was trying to serve plain HTTP on port 443.

forum:aewilliams · Answer 4 · July 8, 2010, 10:11 p.m.

forum:aewilliams 13 years, 9 months ago

Kinda fixed. It's weird. I changed it from to and it started working but I have another virtual server above it that uses the IP address instead of * and it works fine. Maybe I don't have my new IP address configured correctly on the server.

Is there anywhere else I need to configure it other than the eth0:1 file?

forum:kbrantley · Answer 5 · July 8, 2010, 10:32 p.m.

forum:kbrantley 13 years, 9 months ago

From what I recall, that error message is what happens when you have an HTTP response to an HTTPS request.

So yeah, fixing up your virtualhosts would absolutely have an effect. Nothing to do with your ethernet configuration.

forum:aewilliams · Answer 6 · July 8, 2010, 10:38 p.m.

forum:aewilliams 13 years, 9 months ago

Both of you are right. The HTTP response was coming from the "default" server despite the VirtualHost xx.xx.xx.xx:443 directive.

Only by using the wildcard could I superceed the defaul server. I still am not satisfied that this is the best answer but for now it works and I need to move on to other things. I'll keep an eye here though if anyone has anymore suggestions as to the root cause. Maybe I should post my entire httpd.conf file for you guys to look through?

forum:aewilliams · Answer 7 · July 8, 2010, 10:40 p.m.

forum:aewilliams 13 years, 9 months ago

Also, THANKS everyone for helping me think through this. Helpful fellow Linoders is one of the many things that makes Linode so great!

forum:kbrantley · Answer 8 · July 10, 2010, 11:40 p.m.

forum:kbrantley 13 years, 9 months ago

Whoops, missed that hybinet already told you why that was happening.

In any case, yes, posting your full httpd.conf would be invaluable.

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

SSLCert Install but FF returns ssl_error_rx_record_too_long

8 Replies

Reply

Tips: