Unable to use https with seafile httpserver

[Julien Barnier]

Hi,

I'm trying tried to enable https with a self hosted seafile installation, as explained in the wiki. Everything works fine for seahub via Apache, but I can't get https to work with seafile httpserver (which runs on port 8082).

I tried several times, with different browsers, with my Apache certificate, with a generated self-signed certificate, but I can't make it to work. If I try to connect directly to the server with Chrome, I get an Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH). If I try via command line, I get :

$ openssl s_client -connect server:8082

CONNECTED(00000003)

140612961511080:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 7 bytes and written 320 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

---

Did anyone already faced this problem ?

Thanks in advance,

Julien

[JiaQiang Xu]

Hi,

Is your private key for apache encrypted with a passphrase?

2013/1/22 Julien Barnier <jul...@nozav.org>:

> --
> You received this message because you are subscribed to the Google Groups
> "seafile" group.
> To post to this group, send email to sea...@googlegroups.com.
> To unsubscribe from this group, send email to
> seafile+u...@googlegroups.com.
> Visit this group at http://groups.google.com/group/seafile?hl=en.
>
>

[Julien Barnier]

Hi,

Is your private key for apache encrypted with a passphrase?

No, both certificates I tried had unencrypted private keys...

Julien

 

[JiaQiang Xu]

Did you generate the certificate and private key separately or in one file?
If they're in one file, you should use it in both places.
Can you send me your self-signed certificate (of course not the one in
production use)?

2013/1/22 Julien Barnier <jul...@nozav.org>:

[Julien Barnier]

Hi,

Did you generate the certificate and private key separately or in one file?
If they're in one file, you should use it in both places.
Can you send me your self-signed certificate (of course not the one in
production use)?

They are in two different files. I generated them with the instructions given in the wiki.

I'll send you the certificate files by private mail. They are not use in production.

Thanks a lot for your quick support !

Julien 

[Julien Barnier]

Hi, 

They are in two different files. I generated them with the instructions given in the wiki.

I'll send you the certificate files by private mail. They are not use in production

Ok, thanks to your help, I finally fixed this one. It was a combination of two errors : when I used self-signed certificates, the file paths were wrong, and when I used my webserver certificates the private key was not readable by the user under which seafile runs. Sorry not to have spotted these ones before.

Thanks for your help,

Julien 

[JiaQiang Xu]

Glad to know you fix it.

2013/1/24 Julien Barnier <jul...@nozav.org>:

[JiaQiang Xu]

Here we should have print some error messages. But libevhtp doesn't
check the return value after loading the certificate. We'll try to
improve it next time.

2013/1/24 JiaQiang Xu <xjqki...@gmail.com>: