Apache error after renewing SSL certificate - apache

A couple of days ago I tried to renew my ssl certificate. From my provider I got the usual private key, intermediate and public key. So I went ahead and exchanged the files on my server. But ever since I did that the website hasn't been working anymore. In Chrome I always get the error "ERR_CONNECTION_CLOSED".
So I enabled ssl debugging for apache in my vhost config. I found the following error in the logs but couldn't figure out how to solve this:
AH00566: request failed: malformed request line
Has anyone seen that error before? I already googled but couldn't find any helpful information.
Any advice and suggestions will be greatly appreciated.
Thanks,
Andreas

Related

Configuring Proton for SSL / TLS throwing openssl wrong version number and gRPC client error

I'm kinda at a loss here.
Trying to set up proton with SSL / TLS access, but after creating the certificates with the (modified) shell scripts
supplied by the AppDev-Pack and linking the keyring and everything in notes.ini, I always seem to get
the error "Handshake failed with fatal error SSL_ERROR_SSL: error: 100000f7:SSL routines:OPENSSL_internal:
WRONG_VERSION_NUMBER".
Tried both a windows and linux server, as well as using the accessing node.js app with and without
certificates - but with no success.
Also tried the troubleshoot section of https://doc.cwpcollaboration.com/appdevpack/docs/en/proton-admin.html and it connected just fine,
but won't if i connect with node.js.
Looks like the error is thrown before a certificate is even checked?
In this example the error is thrown after trying to get a document by UNID.
notes.ini (proton parts)
gRPC Client Error
If someone has an idea how to fix that issue or where to start - that would really help me.
Thanks in advance.
It appears that the client side does not have the secure flag set. At least I get a similar stack when I try to connect without TLS when the server expects TLS.
See the secure attribute when calling useServer() function, and you'll also need to provide the credentials attributes.

Lets encrypt, "Your connection is not secure"

I´ve tried to add a SSL-Certificate to my webpage with Lets Encrypt as verifier. After I followed the steps described at https://certbot.eff.org/lets-encrypt/ubuntutrusty-apache I got an
Your connection is not secure
error. I´ve tested the SSL Connection with https://www.ssllabs.com/ssltest/analyze.html and got an "DNS CAA" warning. After I found out that I have to add the verifier to my DNS (xyz.com 3600 0 issue "letsencrypt.org") the warning disappeared, but I still get the error.
I´ve checked the page with https://www.whynopadlock.com as well, and the only warning I get is
You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.
but the warning states that this should not break my padlock.
I thought that smth. might be cached at the DNS (if this is even possible), but I dont know for certainty. I´ve tested the page on multiple devices and all of them get the error.
I´ve found the problem.
The "www" is somehow missing when I browse the page, so the cert. is registered the the page with "www" in front of it. I´ve created another cert with the missing "www" and now it works

SAP SSL handshake failed

I'm trying to retrieve data from an open data api. I have downloaded the certificate from the site and imported it into STRUST (SSL Client Anonymous).
Then I created a HTTP connection to external server in SM59. In the beginning it worked fine, until last week when the api changed its URL and so its DNS.
Of course it could no longer be reached by the current host. So I did above steps again for the new URL (changed everything accordingly like hostname etc. in SM59), but this time I receive following error:
SSL handshake with 'hostname:port' failed: SSSLERR_CONN_CLOSED (-10)#Remote
Peer has closed the network connection##SapSSLSessionStartNB()==SSSLERR_CONN_CLOSED##
Anyone has an idea on how to solve this?
On another forum someone helped me solve the problem. He pointed me out that the problem lies with SNI see: https://security.stackexchange.com/questions/101965/ssl3-error-when-requesting-connection-using-tls-1-2/102018#102018
https://en.wikipedia.org/wiki/Server_Name_Indication
To solve this problem you need to add following parameter: icm/HTTPS/client_sni_enabled and set it to TRUE on the DEFAULT profile. Afterwards you need to restart the application server in order to activate the effects of the parameter.
Link to the full question on SCN: https://answers.sap.com/questions/473015/sap-ssl-handshake-failed.html
EDIT:
I came across this error again later on, but this time it seemed that the error was caused because we used a certificate with TLS 1.2 which was not supported by our system. You can check this link: https://launchpad.support.sap.com/#/notes/510007 we implemented number 7 to fix this.

Browser returns SSL error : Your connection is not private

I did my project in MEAN stack. I have installed GeoTrust Wildcard SSL certificate. It worked very well till yesterday. From today morning onward, it returns an error : "Your connection is private".
I don't know why this error occurs suddenly in any browser while run an application. It required to adding manually in exception lists to visit site. Right now I am not able to keep going my site. Certificate having 1 year validity and it was renewed in last month.
Please review attached images.
Give me guideline to solve this issue.
The certificate installed has expired. Looks like you have not installed or assigned the new certificate to your website.

ColdFusion 10 HTTP SSL

I'm running a site and several sub domains on ColdFuson 10 Standard, we have just upgraded from ColdFusion 9 where everything was working fine.
The sites have a wildcard ssl certificate installed so all the sub domains are secured. I'm making http calls between the sites but getting the I/O Exception: peer not authenticated error.
Charset [empty string]
ErrorDetail I/O Exception: peer not authenticated
Filecontent Connection Failure
Header [empty string]
Mimetype Unable to determine MIME type of file.
Responseheader struct [empty]
Statuscode Connection Failure. Status code unavailable.
Text YES
I've installed the certificate in the correct key store and verified it's there using keytool -listand restarted, but still get the authentication error.
I know this is a common problem and is usually fixed by installing the certificate and there are workarounds for ColdFusion Enterprise but I'm struggling to get this working on Standard. Any suggestions?
After many days of investigation I came across this blog post which leads to bug report #3598342.
It turns out to be an issue on Windows 2012 servers running IIS 8. There is an option on the site binding to 'Require Server Name Indication' or 'SNI'. Turning this option off allows cfhttp to connect via https.
It turns out this is an issue with the HttpClient library and has been fixed in builds 288845, 288846 and 290605. Which doesn't really help as the last update 13 only gives me build 287689.
This could be an issue I have run across where I had to import the secure server certificate into coldfusion before it would allow me to connect.
http://helpx.adobe.com/coldfusion/kb/import-certificates-certificate-stores-coldfusion.html
Import Certificate for ColdFusion10
Hope that helps. I know it helped me!