Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache2 with SSL cert, but browsing is not fully secure |
|
| Author |
|
JayJay
Joined: 27 Aug 2015
Posts: 2
Location: Netherlands, Amsterdam
|
 Posted: Thu 27 Aug '15 19:09 Post subject: Apache2 with SSL cert, but browsing is not fully secure |
 |
|
The goal is to have a secure connection in a browser to an SSL supported website using Apache2 on Ubuntu 14.04.
=================== S T E P 1 ===================
A pfx file, previously used on IIS/Windows, was converted to be used on Apache with these 3 commands:
openssl pkcs12 -in domain.pfx -nocerts -out domain.key
openssl rsa -in domain.key -out domain.decrypted.key
openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.certificate.crt
=================== S T E P 2 ===================
The domain.decrypted.key file was copied to /etc/ssl/private folder
The domain.certificate.crt file was copied to /etc/ssl/certs folder
=================== S T E P 3 ===================
Then , on Ubunto 14.04 server, in /etc/apache2/sites-avaiable , a new config file called domain.conf was created with this content....
IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.certificate.crt
SSLCertificateKeyFile /etc/ssl/private/domain.decrypted.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
=================== S T E P 4 ===================
2 commands were run on the server
#sudo a2ensite domain.conf
#sudo service apache2 reload
=================== S T E P 5 ===================
Result in browser like chrome and firefox is that both state an issue that browsing is not completley secure.
Chrome is showing a yellow triangle on the padlock.
Firefox is showing a grey triangle with exclamation mark and the text: "the website does not supply identity information" when the triangle is hovered over.
The apache2 error log has no event logged for this.[/img] |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Fri 28 Aug '15 14:48 Post subject: |
|
|
| Quote: | | Result in browser like chrome and firefox is that both state an issue that browsing is not completley secure. |
I assume that there are some src="http://..." in the HTML |
|
| Back to top |
|
JayJay
Joined: 27 Aug 2015
Posts: 2
Location: Netherlands, Amsterdam
|
| Posted: Sat 29 Aug '15 16:05 Post subject: |
|
|
It was solved by removing unsecure (http) links in the content.
Green padlock in chrome and grey padlock (without exclamation mark) in Firefox. |
|
| Back to top |
|
|
|
|
|
|
