I am trying to get SSL working with the SecurePages module on an Ubuntu 9.x server running Drupal 6.10 in a multisite configuration. I have purchased an SSL certificate from GoDaddy, and I have a self-signed certificate as well.

Using the self-signed certificate for a real site is not an option because of the warning messages presented by the browser. So, the GoDaddy certificate is the one I want to use. It is for a specific one of the several sites I have in my multisite installation. When I modify the default-ssl config file in the apache2/sites-available directory to point to the GoDaddy certificate, key, and intermediary certificate, I get the following error:

Connection Interrupted
The connection to the server was reset while the page was loading.

If I use the self-signed certificate with the SecurePages module enabled, upon logging into the site, I go to the SecurePages configuration page, but the Enable radio button is disabled, and if I click on the link that tells me to "go here", I get a 404 error for the https version of /admin/build/securepages.

I'm absolutely baffled by what is going on here. I have followed a tutorial / how-to for configuring ssl here that seemed pretty good. Apache tells me that mod_ssl is enabled, and I have enabled the default-ssl site.

Any help in getting SSL working will be enormously appreciated. Thanks.

Comments

I can't help with your first question regarding the GoDaddy cert, but I can offer some insite on the second part of your question. I discovered that with a self-signed certificate, I had to first disable clean urls before I could navigate to any "https://..." pages aside from the index page. Once clean urls were disabled, I could then also enable the radio button on the SecurePages module. Unfortunately, I could not re-enable clean urls afterwords! I am hoping there is some more configuration fu to do so I can have my cake and eat it... but as I am signing off this eve, I'm stuck with the choice of either SSL or Clean URLs...

i solved my problem by recognizing that I messed up by missing a configuration directive...
In the ssl conf file for my secure site, I had not changed the directory directive from "AllowOverride None" to "AllowOverride All"

You are exactly correct. Thanks.

HAJ

Hello

In the ssl conf file for my secure site, I had not changed the directory directive from "AllowOverride None" to "AllowOverride All"

I'm having a similar problem. Secure pages are enabled, but I cannot enable Clean URLs. Could you be more specific as to where I can find the ssl conf file so that I can check it out? Thanks !

It's your SSL config for Apache. Where it is depends on how your particular Apache distribution is set up. It will most likely be very close to where your Apache httpd.conf file is.

Doh!! Thanks. I've been tearing my hair out for like 2 hours trying to figure out why this wasn't working.