Shalom Craimer's questions

I'm trying to set up HTTPS on Apache, using a self-signed certificate. But instead of displaying the page, I get a bunch of weird errors. An a different error from each browser!

From Chrome:

Error 2 (net::ERR_FAILED): Unknown error.

From Firefox:

SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

I followed the steps detailed on http://slacksite.com/apache/certificate.php, as well as about 4 other guides. They are all about the same, but all give the same result. So I must be doing something wrong.

Briefly, here's what I did:

• Generate the server key:

  openssl genrsa -des3 -out server.key 1024

• Generate CSR:

  openssl req -new -key server.key -out server.csr

[while generating the request, I was careful to enter my actual hostname as the "Common Name (eg, your name or your server's hostname)"]

• remove password from key:

  cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

• Self-sign the certificate:

  openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

• Configured apache to point at those files, and use those certificates.

Any ideas?

UPDATE: Here's my virtual host configuration:

LoadModule ssl_module modules/mod_ssl.so
Listen 443
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

## Virtual host to redirect to HTTPS
<VirtualHost *:80>
    ServerName mail.craimer.org
    Redirect permanent / https://mail.craimer.org:443
</VirtualHost>

##
## SSL Virtual Host Context
##

<VirtualHost mail.craimer.org:443>
    ServerName mail.craimer.org
    DocumentRoot "/usr/share/roundcubemail/trunk/roundcubemail/"

         ErrorLog logs/ssl_error_log
         TransferLog logs/ssl_access_log
         LogLevel warn

         SSLEngine on

         SSLProtocol all -SSLv2

         SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

         SSLCertificateFile /etc/httpd/conf/ssl/server.crt
         SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key

         <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                                SSLOptions +StdEnvVars
         </Files>
         <Directory "/var/www/cgi-bin">
                                SSLOptions +StdEnvVars
         </Directory>

    # Deal with broken MSIE
         SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

A very long time ago, I had to build a LAN for a bunch of laptops, in a couple of tents. We ended up bringing a bunch of generators, stringing about 2 miles of networking and power cables, and generally having very little fun - mostly trying to keep alive a wireless radio link to the Internet.

Fast forward to now.

I'm worried that I'll be forced to set up another LAN in the woods. But I was thinking that perhaps since laptops have longer lives, and what with WiFi - I might be able to dispense with most of the cabling, maybe just set up one generator, which would mainly serve to power the router I'll have hooked up to a cellular link.

Has anyone else done something like this? Ideas? Advice?

I'd like to get rid of the generator entirely (since it's the most expensive item I'll need to rent), but I don't think I can. Is there a way?