Invalid apache ssl Firefox error code

In: Linux

4 Jan 2007

If an ssl configuration of an apache2 web server is invalid you get error messages that say nothing. Today I for example I got the message “… received error code -12263″ from my Firefox when requesting a site over https. I checked the log files on the server but there was no entry. The apache2 server started without errors and when requesting the same page with the Internet Explorer it only said “Page can not displayed”.

I fixed the problem by generating a new server certificate and key file and configuring it in the apache2 ssl configuration file.

You get similar error when requesting a site that requires a client certificate that you don’t have. Is this intentionally for security reasons or weren’t the browser developers able to figure out a better way? Or is it an apache2 problem?

18 Responses to Invalid apache ssl Firefox error code

Avatar

M

January 11th, 2007 at 6:54 pm

I receive the same firefox error trying ssl but the logs do say ” Invalid method in request \x16\x03\x01″

Avatar

atari

January 11th, 2007 at 9:14 pm

It’s a apache2 error.

Edit your etc/apache2/sites-available/default-ssl

in this line:
SSLCertificateKeyFile /etc/apache2/ssl/XXXXXX

XXXXXX must match with the filename in /etc/apache2/ssl/
(not apache.pem the other one)

apache -k restart

good luck!

Good luck

Avatar

tompson

January 11th, 2007 at 11:04 pm

This is correct.

SSLCertificateKeyFile /etc/apache2/ssl/KEYFILENAME

and

SSLCertificateFile /etc/apache2/ssl/CERTFILENAME

must match correct certificate and keyfiles. My question was if the bad error messages comes from the apache2 implementation or the firefox code.

Avatar

syiay1

January 27th, 2007 at 1:25 pm

It’s a good effort, but would you advice how we solve same problem on Win XP pak2.

Best Regards

Avatar

tompson

January 28th, 2007 at 12:58 pm

You mean you have an apache2 server installed on a Win XP SP2?

Fix it in the same way, check the path to your SSLCertificateKeyFile and SSLCertificateFile and that the two files are valid.

Avatar

Creating server and client certificates with openssl « tOMPSON’s blog

February 10th, 2007 at 6:15 pm

[...] server and client certificates with openssl I got so much response on my post about the certificate problems with apache2 and Firefox that I decided to post a howto about [...]

Avatar

Invalid apache ssl Firefox error code « tOMPSON’s blog

April 25th, 2007 at 4:02 pm

[...] Invalid apache ssl Firefox error code this post was moved [...]

Avatar

david

July 8th, 2007 at 2:49 pm

When we connect to https://www.testserver.com, we get the 12263 error… now for giggles, try this: http://www.testserver.com:443. Notice that it is different: it is using HTTP protocol (not HTTPS) over port 443… look at what comes back: THE PAGE!

The problem seems to be that even through we activiated SSL and mod_ssl is present, that APACHE2 fell back to running just HTTP over that port.

That’s what’s causing the error in Firefox and ANY OTHER BROWSERS (I tested with Firefox, links, wget, and such…).

I can’t help but feel that when we turn on SSL that by default it should just work and encrypt the connection and only complain about a certificate mismatch. This is just too fiddly — and insecure.

Avatar

Joe

August 1st, 2007 at 10:20 am

David, I am receiving the same error and tested the :443 as well and received ‘the page’ however it gives the 12263 error as I proceed further…have you found any solutions? Thanks.

Avatar

Joe

August 3rd, 2007 at 6:04 am

All fixed and good to go…one thing I failed to change was a ‘deny’ to ‘allow’ line among some other stuff.

Avatar

Dan Sackinger

August 3rd, 2007 at 6:30 am

If you are using Apache2:

In the ports.conf file, make sure it looks like the following:
— clip —
Listen 80
Listen 443 https
— clip —
The https after the 443 tells Apache2 to use the SSL protocol on that port. It cleared my problem right up.

Avatar

tompson

August 3rd, 2007 at 8:48 am

The https in your second directive should no be needed, it is important to listen to both port 80 and 443 but the https does not mean anything else than 443 (defined in /etc/services)

see http://httpd.apache.org/docs/2.0/mod/mpm_common.html#listen

Avatar

Dan Sackinger

August 3rd, 2007 at 10:58 am

I’m using Apache 2.2. The https at the end of the line in Apache 2.2 indicates that the protocol used on that port should be https.

I’m listening on 443, so according to the documentation I shouldn’t have to specify https as the protocol. My installation didn’t function correctly until I specified https. Who knows… it could be because I am using an IPv6 address.

Here is the Listen info for 2.2:
http://httpd.apache.org/docs/2.2/mod/mpm_common.html#listen

Avatar

tompson

August 3rd, 2007 at 11:13 am

Sorry Dan, you are right, I did not use version 2.2 very much up to now

Avatar

Gallycyborg

August 7th, 2007 at 2:18 am

Hi everyone
My question is for Dan, if possible : I’ve got the same issue with my webserver at work, needed to listen on few ports (443,444,445…), but the apache is in version 2.0.52. How can I solve it with this release ?

Thanks

Avatar

stefan

August 8th, 2007 at 1:08 pm

hi, ich habe mich auch lange mit dem problem rumgeschlagen und will euch mal helfen: die datei /etc/apache2/vhosts.d/vhost-ssl.template einfach umbenennen in blablabla/vhost-ssl.conf
apache akzeptiert nämlich nur solche dateien, wenn sie auf “conf” ende. hat bei mir sofort funktioniert. ich hoffe ich konnte euch helfen

gruß stefan

Avatar

Kingsly John

August 23rd, 2007 at 11:00 pm

Thanks David for pointing out that apache is serving out non-ssl content.. helped me get to the solution.

The problem is caused because the non-ssl virtualhost entry for that IP address doesn’t specify a port.

ie VirtualHost x.y.z.a and not VirtualHost x.y.z.a:80

not specifying the :80 makes it apply for any port on that IP address.

Avatar

Peady

September 7th, 2007 at 2:13 am

I also just ran into this problem. Exact same error code only when attempting a SSL connection whereas a non-SSL connection to the same site created no error and this was consistent with different browsers although the error message differed. I found though that I had simply misconfigured my VirtualHost settings. I had one spelling error and one ‘illegal option’ associated with ‘SSLOptions’. Once I corrected these and made sure that the site was enabled (a2ensite) and restarted the server, it was no longer generating the error. So my lesson learned is always double-check your syntax.
[1] check your syntax
note you can check that the virtual host syntax is correct with the following command:
# sudo apache2ctl -t -D DUMP_VHOSTS
[2] make sure the site is enabled
# sudo a2ensite fileNameForYourVirtualHost
[3] restart the server after making changes
# sudo apache2ctl -k restart

Comment Form

Follow Me!

Photostream

    P1010008 (2)P1010026P1010028P1010021P1010009 (2)P1010033 (2)

Categories

Archives

  • tompson: Hi Roman, my main class is a groovy class [...]
  • Roman Gonzales: Hey quick question: your main class is a java class that calls the groovy classes or is your main [...]
  • Nathan Rodriguez: i am only using free virus scanners like avast and avira but they seem to be great tools though:;` [...]
  • sim4000: Yay, it works. Thank you! [...]
  • Ewan Matthews: there would be a great demand for mobile browsers in the coming years that is for sure.;'- [...]

RSStOMPSON's tweets

Copyright © 2007 - tOMPSON’s blog - is proudly powered by WordPress | Log in

Compositio Theme is created by: Design Disease brought to you by PremiumThemes.com