Apache 2.4.20 and SSL
Posted: Wed Apr 27, 2016 8:03 pm
Finally got Apache 2.4.20 to compile with all the other rerequisites (apr, apr-iconv, apr-util, pcre, php).
I also managed to get the https to work.
In /usr/local/apache2/conf/extra/httpd-ssl.conf, I can add vhost section like below:
I had to force SSLProtocol to use TLSV1.2, TLSv1.1 and TLSv1 and then chrome and IE would work.
However, the problematic Firefox keeps giving error/warning:
If other browsers have no problem with self-signed certificates, why would Firefox care?
I also managed to get the https to work.
In /usr/local/apache2/conf/extra/httpd-ssl.conf, I can add vhost section like below:
Code: Select all
<VirtualHost *:443>
ServerAdmin shop@hsiao.net
DocumentRoot /export/home/www/html/cah/shop
ServerName shop.hsiao.net
ErrorLog /export/home/cah/logs/error_log_sho_sslp
CustomLog /export/home/cah/logs/access_log_shop_ssl combined
HostnameLookups on
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/shop.hsiao.net-20160427192908.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/shop.hsiao.net-20160427192908.key
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
SSLProxyProtocol +TLSv1.2 +TLSv1.1 +TLSv1
</VirtualHost>
However, the problematic Firefox keeps giving error/warning:
Code: Select all
Secure Connection Failed
An error occurred during a connection to shop.hsiao.net. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. Error code: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
* The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
* Please contact the website owners to inform them of this problem.