Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Apache SSL ssl_error_rx_record_too_long

Status
Not open for further replies.
downplay

downplay

Programmer
Aug 31, 2011
2
0
0
CA
Hello everyone, I'm new here =)

SSL stopped working on my test setup I was getting this annoying error "ssl_error_rx_record_too_long"

wasted hours and hours port 443 wasn't working but it was open
and it would work some of the time but would seem to stop at random

my fix? one wildcard
<VirtualHost *:443>

my question is what should the wildcard be?
it was my domain name but it would stop working when I registered my remote IP :\
 
Sort by date Sort by votes
Welcome to tek-tips. That error is one that has caused a lot of grief trying to get SSL to work and indicates some form of certificate problem as you noticed. I wish I had a "do this" and it will be resolved but I haven't seen any one thing that causes and resolves that error message.

In your case, per the resolution it sounds like there is/was a problem with the Apache vhost versus common name of the certificate. Since you asked, what should the wild card be, do you have a wild card certificate perchance?

By setting it to *:443 you are telling Apache to use this vhost for all SSL connections. The standard SSL does not identify host name. This is changing per the SNI (server name indication) movement that has been taking place over the last few years. I am also wondering if you have a problem with your SSL/TLS libraries and SNI and that is causing the error.
 
Upvote 0 Downvote
that's what I was thinking vhost or the certificate.. vhost seem to be the problem so I'll scratch that and reconfigure =)

this warning keeps showing up in my logs "RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)"

correct me if I'm wrong but that's because I signed?
if I change the CA to a second domain (vhost) would that fix it?

thanks for your input
 
Upvote 0 Downvote
If you haven't already, have a look at this thread:
It lists a number of different items that have solved, i.e. caused, the problem for many.

As far as the "RSA server certificate is a CA certificate" error, it sounds like you may not have set up the CA (certificate authority) to sign your server certificate. The process is almost identical and you need to be careful about the common name used in both parts of the process (I think that they have to be different). In essence, you create a certificate / certificate authority, then you create another certificate and imprint it with the first one. You then give Apache pointers to both the certificate and the authority. The error sounds like you may have pointed the certificate authority at your certificate.

One other thing that comes to mind is to make sure that the certificates are in the proper format.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
126
AbidingDude
AbidingDude
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
100
daniel.warner
daniel.warner
Frank DBA
  • Locked
  • Question
Apache XForwardedFor Header
Replies
1
Views
58
RhythmAce
RhythmAce
johngiggs
  • Locked
  • Question
Apache RewriteRule or RewriteCond
Replies
4
Views
120
feherke
feherke
bhaberman
  • Locked
  • Question
SSL_ERROR_NO_CYPHER_OVERLAP
Replies
2
Views
70
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top