Have a question or solution? Post it at the SSL.com IT Security Q&A community site. All visitors welcome and it's FREE!

SSL Installation Support

Knowledge base and troubleshooting guides for ssl installation issues

Knowledgebase
Browser Error: 'ssl_error_rx_record_too_long' or 'Internet Explorer cannot display the webpage' on Linux
Posted by Mike Harvey on 12 January 2012 08:31 PM

It seems obvious you’ve come across the following error while trying to setup SSL certificates on apache.

    Error code: 'ssl_error_rx_record_too_long' (Firefox) or 'Internet Explorer cannot display the webpage' (IE)

Well more often than not, you have something mis-configured! (Likely the listening port: 443). What you might want to do is check that your firewall or iptables allows incoming connections on 443.

Ubuntu:

    #sudo ufw allow 443

Ok, wonderful – that probably didn’t fix your problem. But now try going to the following address

    http://www.domain.tld:443

If you’ve successfully seen something at the above page, it means your sites are listening on that port for non-ssl. I’ll assume that your apache virtual host file has something along the lines of:

    NameVirtualHost *

    <VirtualHost *>

What you’re going to want to do is force your vhosts to listen specifically on the proper ports. Changing to the following:

    NameVirtualHost *:80

    <VirtualHost *:80>

If you’re using ubuntu your ports.conf file should likely have 443 enabled on the listening port, and you may also have default-ssl listed in your /etc/apache2/sites-available/ folder. In which case you may want to enable that.

    #sudo a2ensite /etc/apache2/sites-available/default-ssl

Basically that file has the following inside of it

    <IfModule mod_ssl.c>
    <VirtualHost _default_:443>
    …… your server name / document root …..
    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key</VirtualHost>
    </IfModule>

While you can use a single “shared” SSL certificate for multiple hosts, if each host needs it’s own SSL, they will need static ip addresses.

Other recommendations:

- Ensure that port 443 is open and enabled on your server. This is the standard port for https communications.

- If SSL is using a non-standard port then FireFox 3 can sometimes give this error. Ensure SSL is running on port 443.

- If using Apache2 check that you are using port 443 for SSL. This can be done by setting the ports.conf file as follows

— clip —
Listen 80
Listen 443 https
— clip —

- Make sure you do not have more than one SSL certificate sharing the same IP. Please ensure that all SSL certificates utilise their own dedicated IP.

- If using Apache2 check your vhost config. Some users have reported changing <VirtualHost> to _default_ resolved the error.

see - http://info.ssl.com/article.aspx?id=12150&cNode=0S3P7I

(7 votes)
This article was helpful
This article was not helpful

Comments (0)
Post a new comment 
 
Full Name:
Email:
Comments:
©2013 SSL CORP ALL RIGHTS RESERVED.