Thursday, December 08, 2005

SSL on RHEL - SSL Certificate on working - Domain not resolving

Recently after migrating data from an older hard drive, I needed to transfer SSL configuration for a domain. The domain was not working with the SSL. Pinging the domain was returning the following error message

ping: unknown host

So here we had two main issues. One is that domain isn't resolving to the server and other one being that SSL isn't working. After running some grep operations, I found that ssl.conf was missing the virtual host configuration for the domain.

DocumentRoot /var/www/html/hosts/
ErrorLog /etc/httpd/logs/ssl_error_log
TransferLog /etc/httpd/logs/ssl_access_log
SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl.crt/
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/

After I put the above code and restarted httpd, it complained about missing .crt and .key files, which I restored from the old drive.

Now that the httpd started properly, time to troubleshoot the domain not resolving. As this domain was recently transferred from another name server, I wasn't sure what exactly was causing the domain not to come up. I tried to ping the domain from the server on which it was hosted as well as from my box, but to no avail.

I found that the DNS zone wasn't yet added to the new DNS by the client. To do that I used a custom script, however you will probably need to use the method which works with your DNS provider.

[root@ensim:~]$ sh /designerz/dns/

Continue? (Ctrl-c to exit)

$TTL 3600 ; 1 hour IN SOA (
2005110203 ; serial
3600 ; refresh (1 hour)
600 ; retry (10 minutes)
7200 ; expire (2 hours)
3600 ; minimum (1 hour)
$TTL 86400 ; 1 day
* A

zone "" IN {
type master;
file "/var/named/";
allow-update { key "wp_default_key."; };
allow-transfer { localhost; };

looking for in /etc/bind/bind.conf.wp
Not Found
include "/etc/bind/";

After adding the zone, I restarted BIND

service named restart

If everything went fine, pinging the domain should now work.

ping statistics ---
2 packets transmitted, 2 received, 0% loss, time 1012ms
rtt min/avg/max/mdev = 0.558/0.591/0.624/0.033 ms

Next step I did was to turn off firewall (just for a sec) and test SSL connectivity again. As I had thought, the connection was successful.

So I opened up APF configuration file (conf.apf) and found that 443 (SSL port) was missing in the following defition.


Once I added it and restarted APF, Voila! the site started resolving using SSL.

If you are having issues, post a comment.


Post a Comment

Links to this post:

Create a Link

<< Home