So…installed my cert, tried to get it, got:
SSL received a record that exceeded the maximum permissible length. from firefox
and
C:\web_downloads>\cygwin\bin\wget https://www.thomasknoell.com
–2009-05-21 13:14:25– https://www.thomasknoell.com/
Resolving www.thomasknoell.com… 66.246.138.39
Connecting to www.thomasknoell.com|66.246.138.39|:443… connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
from wget.
Both of which actually meant “you are accessing apache through port 443, but to a part of it that wasn’t specified as SSLEngine on”
discovered this (somewhat) by looking in /var/log/apache2/* and the requests were coming in as “port 80″ even though they were actually on port 443.
ex:
www.thomasknoell.com:80 216.49.181.128 – - [21/May/2009:19:04:59 +0000] “\x16\x03\x01″ 500 60 “-” “-”
(I had put the key setups in /etc/apache2/sites-available/default-ssl
instead of within the virtualhost that was my mod_rails instance. Oops.)
Here’s the setup that worked finally. mod_rails even shared the rails ruby instances correctly between them! whoa!
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
SSLCertificateKeyFile /root/www.thomasknoell.com.key
SSLCertificateFile /etc/apache2/ssl/www.thomasknoell.com.crt
ServerName www.thomasknoell.com
DocumentRoot /home/rdp/dev/bridal/public
</VirtualHost>
NameVirtualHost *:80
<VirtualHost *:80>
ServerName thomasknoell.com
ServerAlias *.thomasknoell.com
DocumentRoot /home/rdp/dev/bridal/public
</VirtualHost>