Unable to establish SSL connection, how do I fix my SSL cert?

后端 未结 9 989
醉话见心
醉话见心 2020-11-27 14:17

I\'m trying to wget to my own box, and it can\'t be an internal address in the wget (so says another developer).

When I wget, I get this:



        
相关标签:
9条回答
  • 2020-11-27 15:09

    In my case I had not enabled the site 'default-ssl'. Only '000-default' was listed in the /etc/apache2/sites-enabled folder.

    Enable SSL site on Ubuntu 14 LTS, Apache 2.4.7:

    a2ensite default-ssl
    service apache2 reload
    
    0 讨论(0)
  • 2020-11-27 15:12

    I meet this same question. The port 443 wasn't open in Centos.

    Check the 443 port with the following command:

    sudo lsof -i tcp:443

    In the first line of /etc/httpd/conf.d/ssl.conf add this two lines:

    LoadModule ssl_module modules/mod_ssl.so
    Listen 443
    
    0 讨论(0)
  • 2020-11-27 15:15

    There are a few possibilities:

    1. Your workstation doesn't have the root CA cert used to sign your server's cert. How exactly you fix that depends on what OS you're running and what release, etc. (I suspect this is not related)
    2. Your cert isn't installed properly. If your SSL cert requires an intermediate cert to be presented and you didn't set that up, you can get these warnings.
    3. Are you sure you've enabled SSL on port 443?

    For starters, to eliminate (3), what happens if you telnet to that port?

    Assuming it's not (3), then depending on your needs you may be fine with ignoring these errors and just passing --no-certificate-check. You probably want to use a regular browser (which generally will bundle the root certs directly) and see if things are happy.

    If you want to manually verify the cert, post more details from the openssl s_client output. Or use openssl x509 -text -in /path/to/cert to print it out to your terminal.

    0 讨论(0)
提交回复
热议问题