2Answers
  • 10
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Use virtual host certificate

I'm trying to enable SSL in name-based virtual hosts. From docs I understand that SNI does not need to be enabled explicitly, it happens automatically if both server and client comply with minimum requirements, with I think they do:

  • Apache/2.4.25 (Win32)
  • OpenSSL/1.0.2k
  • Firefox/51.0.1 (x64)

I've stripped configuration to the bare minimum:

Listen 80

LoadModule ssl_module modules/mod_ssl.so


<VirtualHost *:80>
    ServerName localhost
    DocumentRoot "D:/Servidores/Apache/htdocs"
</VirtualHost>


Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCacheTimeout 300

<VirtualHost _default_:443>
    ServerName localhost
    DocumentRoot "D:/Servidores/Apache/htdocs"
    SSLEngine on
    SSLCertificateFile "D:/DOS/Apache24/conf/server.crt"
    SSLCertificateKeyFile "D:/DOS/Apache24/conf/server.key"
</VirtualHost>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


<VirtualHost *:80>
    ServerName tmp
    DocumentRoot "D:/tmp"
</VirtualHost>
<VirtualHost *:443>
    ServerName tmp
    DocumentRoot "D:/tmp"
    SSLCertificateFile "D:/Servidores/Apache/certificados/tmp.crt"
    SSLCertificateKeyFile "D:/Servidores/Apache/certificados/tmp.key"
</VirtualHost>
C:\>httpd -f conf/prueba-test.conf

Yet when I attempt to load https://tmp/ I always get the certificate from <VirtualHost _default_:443> (for host localhost) rather than the certificate for ServerName tmp (for host tmp).

This is what gets logged:

[Fri Mar 03 14:11:57.360237 2017] [ssl:warn] [pid 11684:tid 668] AH01906: tmp:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 03 14:11:57.361240 2017] [ssl:warn] [pid 11684:tid 668] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 03 14:11:57.433220 2017] [ssl:warn] [pid 11684:tid 668] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Mar 03 14:11:57.433220 2017] [ssl:warn] [pid 11684:tid 668] AH01906: tmp:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 03 14:11:57.434223 2017] [ssl:warn] [pid 11684:tid 668] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 03 14:11:57.436228 2017] [mpm_winnt:notice] [pid 11684:tid 668] AH00455: Apache/2.4.25 (Win32) OpenSSL/1.0.2k configured -- resuming normal operations
[Fri Mar 03 14:11:57.436228 2017] [mpm_winnt:notice] [pid 11684:tid 668] AH00456: Apache Lounge VC14 Server built: Dec 17 2016 10:42:52
[Fri Mar 03 14:11:57.436228 2017] [core:notice] [pid 11684:tid 668] AH00094: Command line: 'httpd -d D:/DOS/Apache24 -f conf/prueba-ssl.conf'
[Fri Mar 03 14:11:57.444250 2017] [mpm_winnt:notice] [pid 11684:tid 668] AH00418: Parent: Created child process 15380
[Fri Mar 03 14:11:57.910024 2017] [ssl:warn] [pid 15380:tid 648] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 03 14:11:57.988164 2017] [ssl:warn] [pid 15380:tid 648] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Mar 03 14:11:57.988164 2017] [ssl:warn] [pid 15380:tid 648] AH01906: localhost:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 03 14:11:57.988164 2017] [mpm_winnt:notice] [pid 15380:tid 648] AH00354: Child: Starting 64 worker threads.

What can the problem be?

It may have to do with the order in which they are configured. Try moving the <VirtualHost _default_:443> configuration to the bottom of the file and reload/restart apache.

  • 0
Reply Report
      • 2
    • That should prevent localhost from being the default host any more, shouldn't it? However, it makes some difference: now I get SSL_ERROR_RX_RECORD_TOO_LONG, as if it's finally reading my tmp configuration (and finds it isn't correct). I'm researching on that error right now.
    • I think SSL_ERROR_RX_RECORD_TOO_LONG means that it isn't using SSL at all. If I load http://tmp:443/ site loads (kinda, because it triggers AH00025: configuration error: couldn't check user: /).

In the end, it was nothing but a silly mistake. I was missing this in my secondary virtual host:

SSLEngine on

Since this is the directive that enables SSL, I didn't have SSL at all (neither SNI, nor regular) in such host.

(The directive has been there for years in all my IP-based virtual hosts but when I started playing with SNI I someone managed to remove it in the host I was testing.)

  • 0
Reply Report

Trending Tags