Ping a Specific Port

Question

timw07

Asked: 2013-07-08 10:27:33 +0800 CST2013-07-08 10:27:33 +0800 CST 2013-07-08 10:27:33 +0800 CST

Installing SSL on Amazon ec2

772

I'm moving my hosting from justhost.com (horrible) to the amazon cloud as it's cheaper, faster, and far more flexible.

My conundrum is that I will need SSL installed in the Amazon cloud. Note - I already purchased an SSL cert from justhost.com (actually through geocerts.com) and have the private key, domain cert and trust cert in my hand.

I have 3 files all downloaded from geocerts.

1) domain.crt :the cert for the domain

2) private.key : my private key

3) issuer.crt : the issuer certificate

Below is my httpd.conf snippet

NameVirtualHost *:443
<VirtualHost _default_:443>
ServerName www.casinobitco.in
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/private.key
SSLCertificateChainFile /etc/httpd/ssl/issuer.crt
</VirtualHost>

Now, in testing - the cert doesn't seem proper? It basically looks self-signed, fake, etc. https://ec2-54-232-212-186.sa-east-1.compute.amazonaws.com

2 Answers

Voted

Deer Hunter · Answer 1 · 2013-07-08T11:10:19+08:00

Seems like the certificate was issued for the wrong domain name (CNAME). Instead of www.casinobitco.in it works only for ip-172-31-16-43. In addition, it is indeed self-signed.

Qualys gives the following test results:

Try these other domain names (extracted from the certificates): ip-172-31-16-43

What does this mean?

This web site does not have a properly configured SSL server. We were able to retrieve more than one certificate, but the domain names listed in them do not match the domain name you requested us to inspect (ec2-54-232-212-186.sa-east-1.compute.amazonaws.com). It's possible that:

The web site does not use SSL, but shares an IP address with some other site that does.

The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.

The web site uses a content delivery network (CDN) that does not support SSL.

The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.

timw07 · Answer 2 · 2013-07-09T12:02:09+08:00

Best Answer

timw07

2013-07-09T12:02:09+08:002013-07-09T12:02:09+08:00

OK, Turns out, based on my install, mod_ssl was separate from apache so it was running externally.

What's this mean? I needed to make the virtual host edits in /etc/httpd/conf.d/ssl.conf and NOT httpd.conf.

Hopefully someone will see this thread and it will help them out!

0

Installing SSL on Amazon ec2

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?