Disabling SSL - Apache

**pcs800** · 09-29-2011, 10:11 AM

Our SSL certificate has expired, before it expired no such messages came up.
The reason they now come up is because SSL is still enabled but the certificate is expired.
The message says as follows.
Image000.jpg
As you can see, it warns that the certificate is expired.
Short of paying to keep the certificate valid, I am not sure what to do.
If I disable SSL completely, then forwarding https to http will not work. People will get a 404 when they try to access us via https. We are trying to avoid that since there are so many links across the net pointing to us via https.

**AciveLite2k** · 09-29-2011, 03:07 PM

Originally Posted by pcs800

Comment this entry in the httpd.conf file
# Include conf/extra/httpd-ssl.conf

When you comment this out, Apache should not be listing to port 443 anymore. Because of that, the rule RewriteCond %{SERVER_PORT} 443 should not work because apache has already said the service is unavailable. .HTACCESS works after apache accepts the connection and routes permissions to the correct directory where the .htaccess and .html files are...

**pcs800** · 09-29-2011, 03:53 PM

Yep I am aware of that now, I am trying to figure out a way to disable via # Include conf/extra/httpd-ssl.conf yet still forward https requests to http somehow so that links do not become completely dead.

**AciveLite2k** · 09-29-2011, 04:50 PM

May I ask why you want to disable port 443 if you are redirecting?

**pcs800** · 09-29-2011, 05:46 PM

Because we do not use an ssl certificate anymore. We used to have store.mysite dot com but now we use esellerate.
But traffic still goes to https and we don't want to lose them.

**AciveLite2k** · 09-29-2011, 05:53 PM

Ahh.. I was assuming you wanted to disable SSL for security reasons, IE to a data server... In your case, I would leave port 443 enabled and simply use the redirect method you are using. The SSL cert is used by the browser, but before the browser is able to verify or check SSL certs, it will have already executed the redirect instructions.

You should be fine and your goal would be accomplished.

**pcs800** · 09-29-2011, 05:57 PM

yeah that's what I planned to do before but people are getting that warning I posted above. My boss doesn't like it and i don't know what to do about it.
Seems like when SSL certs expire, there should be some kind of file to replace them that says "this site no longer supports https, you are being redirected to http" or something.

**deepsand** · 09-29-2011, 06:05 PM

Originally Posted by pcs800

Our SSL certificate has expired, before it expired no such messages came up.

That is wholly immaterial to the fact that browsers, not you, make the call as to what situations are important enough so as to warrant warning the user; and, that users control their browser settings in such regards.

What you seek to do is to subvert the intent of HTTPS by hacking the users' browsers so as to suppress such warnings.

**AciveLite2k** · 09-29-2011, 06:14 PM

Those errors are caused by the browser... When you put HTTPS, the browser is going to look for a certificate, however in theory, before it gets a chance - it should redirect... If your getting errors, have you looked into getting a "self-signed" certificate?

**deepsand** · 09-29-2011, 08:43 PM

Robust and fully configured browsers would then display a warning re. being redirected to an insecure page, asking the user whether or not to proceed.

You cannot bypass all possible browser warnings re. the transition from a secure to an insecure environment.

Thread: Disabling SSL - Apache

Thread Tools

Display

Tags for this Thread

Posting Permissions