Wednesday, September 29, 2010

Error SSL -- SSL_ERROR_RX_RECORD_TOO_LONG

Bener kata orang, kalo mau pinter, banyak trial and errornya.

Udah 3 hari ini, gue ganti sertifikat SSL untuk server yang gue pelihara. Ganti SSL karena server gue ganti IP. Jadi sertifikat yang lama ga bisa dipakai.

Sertifikatnya beli di Trustico. Jenisnya yang RapidSSL. Cukup murah. Dan sekarang belinya sudah difasilitasi dengan pembuatan Private Key (PK) oleh dia. Sehingga, user ga usah pusing bikin Certificate Signing Request (CSR) dan PK lagi.

PK akan disimpan oleh dia selama 14 hari. Jadi, pastikan untuk selalu BACKUP!
Kehilangan PK membuat user harus membeli lagi.


OK, balik lagi. Sebagian pake bahasa Inggris, supaya siapa tahu bisa membantu seseorang diluar sana.

The problem that I faced was I couldn't use my new SSL certificate. I got error :
SSL_ERROR_RX_RECORD_TOO_LONG


I got first error like this :
[error] Unable to configure RSA server private key

[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

The solution was to ask RapidSSL for Private Key. This Private Key should be placed /etc/ssl/private.

Second Error from /var/log/apache2/error.log was :
Invalid method in request \x16\x03\x01
This link -- Apache2 Invalid method in request \x16\x03\x01 -- was gave me some knowledge. This block really help me :
Almost certainly the problem is that your server is using this default or the server is not matching your virtual host's IP at all. For SSL to work you must match the virtual host by IP address not name. [Apache2_mod_vhost_alias_ssl|Named virtual host won't work with SSL].
But still not solve my problem. I changed into . The SSL works. Why using FQDN can't work? My last configuration using FQDN at VirtualHost directive and works!

After 2 days search on Google, I found the answer. It caused by /etc/hosts.

On my case, it was I forgot to change /etc/hosts file.
202.x.x.x domain_FQDN server_hostname
The IP Address there, was the old IP Address. That's why the new SSL Cert didn't work because it use the different IP Address. (I changed my server IP Address).
Hope this help someone :D


Ah,... akhirnya sekarang sudah bisa berjalan baik si server.
Post a Comment