Hello I guess I was a bit remiss in posting a conclusion to the thread I started. Sorry about that.
In any case, Joel S (jsing@) and I corresponded about this issue, and I did get a resolution. Here is a copy of the final message: --- From: Joel Sing Sent: Sunday, March 29, 2015 5:13 AM Subject: Re: httpd tls - what am i missing? Okay, I've at least tracked down the source of the problem - your server.pem file contains the text version of the certificate followed by the PEM encoded version. The combined size seems to be triggering an issue in httpd - removing the text version and starting with the BEGIN CERTIFICATE line makes the certificate/key work... now to find out what is actually happening! --- And, that's exactly what I did. I can't speak intelligently on this, but it seems that (at least, in my case) the size of the certificate (text included) was too large, and led to some sort of problem within httpd. By removing the text parts of the certificate file, and leaving only the actual certificate in the file, lets httpd start up with https enabled; and it works just fine. For me, this is totally fine. Coupled with the simple block/return option and the $REQUEST_URI variable, I can pretty seamlessly redirect all http connections to https. Ted -----Original Message----- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Henrik Friedrichsen Sent: Monday, May 11, 2015 8:30 AM To: misc@openbsd.org Subject: Re: httpd tls - what am i missing? I've got the same problem OP has with a freshly generated key and signed cert from wosign.com on OpenBSD 5.7-stable. The cert/key work fine with nginx, but with httpd the client simply times out when trying to open a session with the server. OpenSSL s_client stops right after connecting to the server: % openssl s_client -connect $host:443 CONNECTED(00000003) Anything else we can give you for debugging? Thanks Henrik [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
