On 05 Jan 2010, Guy wrote:
I would test the certs on a apache web server and check that they work. There is plenty of logging and documentation to work with.
Well, any of them work fine elsewhere. The Apple cert supplied in the checkout itself is expired, but is valid otherwise, yet yields the same broken results. The snakeoil cert is an automatically generated, self-signed certificate which a Debian package has provided at some point. While not ideal, it's a valid certificate otherwise. And my preferred certificate is my actual GoDaddy certificate which is currently in use by my Apache server. It requires an intermediate bundle, but even with all of that defined correctly in my configuration file, I still get the same broken behavior. The question is, where is this logging and documentation? Specifically, what command line options or configuration file options would enable the right kind of debugging as to see what might be going wrong with the HTTPS side of things (since HTTP works fine)?
Also have you tried with a web browser to access port 8443. That might provide some debugging insight.
Yes, that's where I was seeing the connection reset and connection was interrupted messages.
Oh and also check DNS. You need to have A and PTR records set correctly for your server.
All of this is fine. Everything works via HTTP. And none of this would matter anyway with HTTPS. You would simply get warnings from the client (Firefox for example) if the host name didn't match what was in the certificate presented. But it's not even getting that far. -- Mark Nipper nipsy@bitgnome.net (XMPP) +1 979 575 3193 - Do daemons dream of electric sleep()?