I have a question that has come up somehow in different questions but I still can't find the solution, yet.
My problem is that I'm hosting a site on apache 2.4 on debian with SSL and Internet Explorer 7 on windows xp shows
Internet Explorer cannot display the webpage
I have only ONE virtual host that uses ssl, but DIFFERENT virtual hosts that use http. Here is my config for the site with SSL enabled (etc/sites-avaible/default-ssl is NOT linked)
<Virtualhost xx.yyy.86.193:443>
ServerName www.my-certified-domain.de
ServerAlias my-certified-domain.de
DocumentRoot "/var/local/www/my-certified-domain.de/current/www"
Alias /files "/var/local/www/my-certified-domain.de/current/files"
CustomLog /var/log/apache2/access.my-certified-domain.de.log combined
<Directory "/var/local/www/my-certified-domain.de/current/www">
AllowOverride All
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.my-certified-domain.de.crt
SSLCertificateKeyFile /etc/ssl/private/www.my-certified-domain.de.key
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLCertificateChainFile /etc/apache2/ssl.crt/www.my-certified-domain.de.ca
BrowserMatch "MSIE [2-8]" nokeepalive downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:80>
ServerName www.my-certified-domain.de
ServerAlias my-certified-domain.de
CustomLog /var/log/apache2/access.my-certified-domain.de.log combined
Redirect permanent / https://www.my-certified-domain.de/
</VirtualHost>
my ports.conf looks like this:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
the output from apache2ctl -S is like this:
xx.yyy.86.193:443 www.my-certified-domain.de (/etc/apache2/sites-enabled/020-my-certified-domain.de:1)
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server phpmyadmin.my-certified-domain.de (/etc/apache2/conf.d/phpmyadmin.conf:3)
port 80 namevhost phpmyadmin.my-certified-domain.de (/etc/apache2/conf.d/phpmyadmin.conf:3)
port 80 namevhost staging.my-certified-domain.de (/etc/apache2/sites-enabled/010-staging.my-certified-domain.de:1)
port 80 namevhost testing.my-certified-domain.de (/etc/apache2/sites-enabled/015-testing.my-certified-domain.de:1)
port 80 namevhost www.my-certified-domain.de (/etc/apache2/sites-enabled/020-my-certified-domain.de:31)
I included the solution for this question:
Internet explorer cannot display the page, other browsers can, possibly htaccess / server error
And I understand the answer from this question:
How to setup Apache NameVirtualHost on SSL?
In fakt: I only have one ssl certificate for the domain. And I only want to run ONE virtual host with ssl. So I just want to use the one ip for the ssl virtual host.
But still (after rebooting / restarting / testing) internet explorer will still not show the page.
When I intepret the apachectl -S as well, I already have only one SSL host and this should response to the initial SSH handshake, shouldn't it?
What is wrong in this setup?
Thank you so much
Philipp
Update:
Works in all other browsers.
I debugged with wireshark and the server sends an alert to notifiy that the connection is closed. But I can't see the problem in the logs
Best Answer
Does it work on other browsers, for example Firefox on WinXP, IE7 on Vista/7/8, IE8+, iOS, Android?
If yes, then suspecting that your cipher suite might be too restrictive/modern to allow IE7/XP. Either force your user base to upgrade their browser/OS or reconfigure your SSLCipherSuite:
See https://github.com/client9/sslassert/wiki/IE-Supported-Cipher-Suites
Also see this possible WinXP bug/KB hotfix: http://support.microsoft.com/kb/2541763/en-us
Maybe try:
(found the above on https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html)