I have an OES Linux SP1 server. Apache, GW-Webaccess, PHPMyAdmin, MySQL all
work.
Anything with SSL does not. I cannot even access my website on the local
machine through SSL.

I found the /etc/apache2/vhosts.d/vhost-ssl.conf file was all messed up.
I'm guessing one of the previous installs did something to it. The
indentation and spacing was all over the place, the opening and closing tags
did not match up with my working server.(especially /virtualhost) I've
pasted it to the end of this message. I think I got it cleaned up by
comparing line by line with a working server, but SSL still does not work.

Here is a snip from /etc/logs/apache2/error_log
[Tue Aug 15 10:16:05 2006] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]
[Tue Aug 15 10:16:05 2006] [warn] RSA server certificate CommonName (CN)
`FVLWeb.fvlhs.org' does NOT match server name!?
[Tue Aug 15 10:16:05 2006] [warn] RSA server certificate CommonName (CN)
`FVLWeb.fvlhs.org' does NOT match server name!?
[Tue Aug 15 10:16:06 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Tue Aug 15 10:16:06 2006] [notice] LDAP: SSL support available
[Tue Aug 15 10:16:06 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Tue Aug 15 10:16:06 2006] [notice] LDAP: SSL support available
[Tue Aug 15 10:16:06 2006] [notice] Apache/2.0.49 (Linux/SuSE) configured --
resuming normal operations


My broswer gives this goofy error message when I try to go to my website
through https

Status : 504 Gateway Time-Out
Description : Unable to connect to origin Web server.
<font face=


Any idea how to troubleshoot SSL on Apache and Tomcat. TID 10100945 was a
big help, but didn't quite solve it. This is stopping iManager and
Netstorage from running!

Thanks

Matt



---------------------------------
contents of /etc/apache2/vhosts.d/vhost-ssl.conf
....
<IfDefine SSL>
<IfDefine !NOSSL>

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "/srv/www/htdocs"
#ServerName
www.example.com:443
#ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP:+eNULL

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /etc/ssl/servercerts/servercert.pem
#SSLCertificateFile
/etc/apache2/ssl.crt/server-dsa.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/ssl/servercerts/serverkey.pem
</VirtualHost>
#
#
#<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
#
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait
for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e.
no
# SSL close notify alert is send or allowed to received. This
violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach
where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e.
a
# SSL close notify alert is send and mod_ssl waits for the close
notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers.
Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for
this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/apache2/ssl_request_log ssl_combined

Include /etc/opt/novell/httpd/sslconf.d/*.conf
</IfDefine>
</IfDefine>