Apache SSL redirection is not working

In opennms.properties I have uncommented
opennms.web.base-url = https://%x%c/

and then configured apache as below. I still received ERR_SSL_PROTOCOL_ERROR when trying to access OpenNMS. I don’t have an error message in logs to debug. Can someone help me out, please?

<VirtualHost *:443>
    ServerName 10.101.96.173

    # temporary, remove when tests done
    LogLevel debug
    CustomLog "logs/443_access.log" combined
    Errorlog "logs/443_error.log"

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/10.101.xx.xxx.cert.pem
    SSLCertificateKeyFile /etc/httpd/ssl/10.101.xxx.xxx.key.pem

    # For your redirection to 8980
#    ProxyPass           /opennms    "http://10.101.xx.xxx:8980/"
#    ProxyPassReverse    /opennms    "http://10.101.xx.xxx:8980/"

     <Location /opennms>
         ProxyPass http://127.0.0.1:8980/opennms
         ProxyPassReverse http://127.0.0.1:8980/opennms
     </Location>
    DocumentRoot "/opt/opennms/jetty-webapps/opennms"
    <Directory "/opt/opennms/jetty-webapps/opennms">
    Require all granted
</Directory>
</VirtualHost>
                                                                                                                               21,1          88%

What’s in the Apache error log?

What are the details on the cert? I’m assuming that’s self-signed, or from an internal CA. Is it trusted by your browser?

[Sat Jul 16 15:52:43.447623 2022] [ssl:debug] [pid 956115:tid 139840927283520] ssl_util_ssl.c(444): AH02412: [10.xxxx] Cert matches for name '10.101.xx.xx' [subject: emailAddress=xx,CN=10.101.xx.xx,O=xx Public Services,L=Hemel Hempstead,ST=England,C=GB / issuer: CN=e,OU=CT,O=Northgate Public Services,ST=England,C=GB / serial: 10E9 / notbefore: Jul 15 05:36:58 2022 GMT 
/ notafter: Jul 15 05:36:58 2023 GMT]
[Sat Jul 16 15:52:43.447632 2022] [ssl:info] [pid 956115:tid 139840927283520] AH02568: Certificate and private key 10.101xxx:443:0 configured from /etc/httpd/ssl/10.101.xxx.cert.pem and /etc/httpd/ssl/10.101.xxx.key.pem
[Sat Jul 16 15:52:43.454620 2022] [proxy:debug] [pid 956120:tid 139840927283520] proxy_util.c(1939): AH00925: initializing worker http://127.0.0.1:8980/opennms shared
[Sat Jul 16 15:52:43.454656 2022] [proxy:debug] [pid 956120:tid 139840927283520] proxy_util.c(1999): AH00927: initializing worker http://127.0.0.1:8980/opennms local
[Sat Jul 16 15:52:43.454665 2022] [proxy:debug] [pid 956120:tid 139840927283520] proxy_util.c(2034): AH00930: initialized pool in child 956120 for (127.0.0.1) min=0 max=61 smax=61
[Sat Jul 16 15:52:43.455045 2022] [proxy:debug] [pid 956121:tid 139840927283520] proxy_util.c(1939): AH00925: initializing worker http://127.0.0.1:8980/opennms shared
[Sat Jul 16 15:52:43.455064 2022] [proxy:debug] [pid 956121:tid 139840927283520] proxy_util.c(1999): AH00927: initializing worker http://127.0.0.1:8980/opennms local
[Sat Jul 16 15:52:43.455073 2022] [proxy:debug] [pid 956121:tid 139840927283520] proxy_util.c(2034): AH00930: initialized pool in child 956121 for (127.0.0.1) min=0 max=61 smax=61
[Sat Jul 16 15:52:43.459924 2022] [proxy:debug] [pid 956119:tid 139840927283520] proxy_util.c(1939): AH00925: initializing worker http://127.0.0.1:8980/opennms shared
[Sat Jul 16 15:52:43.459956 2022] [proxy:debug] [pid 956119:tid 139840927283520] proxy_util.c(1999): AH00927: initializing worker http://127.0.0.1:8980/opennms local
[Sat Jul 16 15:52:43.459966 2022] [proxy:debug] [pid 956119:tid 139840927283520] proxy_util.c(2034): AH00930: initialized pool in child 956119 for (127.0.0.1) min=0 max=61 smax=61

It’s a self signed cert, yes I have imported them to chrome.

Yeah, not really enough info to tell what the problem could be. What’s the exact error from chrome?

Maybe you need something like:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

… to disable protocols Chrome doesn’t like?

The issue was with my organization’s Web AV policy blocking the self-signed cert. This is now resolved with the same SSL config as above. Thanks for all the help

1 Like