2

After installing an SSL certificate on a LAMP stack, the site doesn't seem to load for Internet Explorer, but has no issues in other browsers. I did include a redirect from an HTTP request to an HTTPS request in my Apache configuration that could be causing the problem:

<Directory /> Options FollowSymLinks AllowOverride None RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule (.*) https://www.example.com [R] </Directory>

I've double-checked IE's settings, including clearing the certificate slate, making sure SSL 2.0, 3.0 and TLS were enabled.I'm also not real sure if the above Apache configuration has anything to do with the error, but i can say that it's the only change I have made to Apache beyond adding the certificates to the web server. Any ideas?

Improve this question
7
  • That redirect doesn't end up on https://. How do the other browsers behave on non-SSL and how does curl behave? (curl is important because it doesn't cache or follow redirects by default.) Commented Feb 25, 2013 at 14:37
  • My mistake, the url in the config file is set to redirect to https. i missed the 's' on the link in the original post. So far, any browser going after it without SSL gets redirected to the SSL site. I'm still trying to track down the programmer who wrote the page to figure out what curl is doing. Commented Feb 25, 2013 at 14:45
  • Doesn't look like curl is being used anywhere in the php scripts for the site. Unless you were referring to a different place that curl might be getting used in, i'm not sure how to answer your question about curl's behavior. Commented Feb 25, 2013 at 15:46
  • Not php-libcurl. Just curl the command line client. You type it into the console on your desktop. Use the -I option. Commented Feb 25, 2013 at 16:16
  • I'm looking into that command line interface a little more to see what else it does, but running it now with that option and the URL is returning a "Can't connect to host" error. Commented Feb 25, 2013 at 16:30

2 Answers 2

Reset to default
0

You might have been looking in the wrong direction. I've experienced similar troubles until I've stumbled upon this part in the /etc/apache/sites-available/000-default-ssl virtualserver config: http://pastebin.com/wD5ccZTb

You'll need to add the last few uncommented lines OUTSIDE your directory specs, for your server/virtualserver config in apache.

They've written this workaround for braindead browsers like IE...

Improve this answer
0

One of the other programmers made a change to the apache ssl.conf file that seems to have fixed the issue. 

# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW #SSLCipherSuite -ALL:AES128-SHA SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

The SSLCipherSuite -ALL:AES128-SHA line was commented out in favor of the SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT Line.

It seems like there was a particular cipher that IE wanted, but the Apache configuration was not set up to use.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.