Timeout error after https configuration on CentOS 7

by Fokwa Best   Last Updated January 10, 2018 12:00 PM

I have an app that has been running for 2 years now via http. Now we want to move to https for better security. Our OS is CentOS Linux 7. We have a virtual host config in /etc/httpd/sites-available with the content below:

<VirtualHost *:443>

    ServerName www.trade.xxx.com
    ServerAlias trade.xxx.com
    DocumentRoot /ims/www/trade.xxx.com/public_html/public
    SSLEngine on
    SSLCertificateFile /home/divo/ssl_cert/wildcard_eneo_cm.crt
    SSLCertificateKeyFile /home/divo/ssl_cert/wildcard_eneo_cm.key
    SSLCertificateChainFile /home/divo/ssl_cert/DigiCertCA.crt
    ErrorLog /ims/www/trade.xxx.com/error.log
    CustomLog /ims/www/trade.xxx.com/requests.log combined
    <Directory "/ims/www/trade.xxx.com/public_html/public">
        AllowOverride All
    </Directory>
</VirtualHost>

How ever when I visit https://trade.xxx.com, the browser just keeps loading and after some duration give ERR_CONNECTION_TIMED_OUT error.

What can be the issue?

Researching, I did the following:

Command 1

openssl x509 -in wildcard_xxx_com.crt -noout -subject

Output

subject= /CN=*.xxx.com

Command 2

Checking whether httpd is listening to port 443 and below is the result

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      881/dnsmasq         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      880/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1013/master         
tcp6       0      0 :::3306                 :::*                    LISTEN      905/mysqld          
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::80                   :::*                    LISTEN      10409/httpd         
tcp6       0      0 :::53                   :::*                    LISTEN      881/dnsmasq         
tcp6       0      0 :::22                   :::*                    LISTEN      880/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      1013/master         
tcp6       0      0 :::443                  :::*                    LISTEN      10409/httpd  

Command 3

Check if fire wall is enabled

systemctl status firewalld

From the result below, firewall is not enable so is not a firewall issue

‚óŹ firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Command 4

Check if ssl is enabled in ssl.conf and below can clearly show is on

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

From the above, everything seems okay but I don't understand why doesn't work. Where am I having blind spot. What config is missing?

Tags : https linux


Related Questions


How to disable SSLv3 on R-Shiny-server 1.4

Updated October 22, 2015 14:00 PM


Redirect All URL to SSL, Except for X

Updated March 04, 2016 01:00 AM

.htccess redirect from non-www https to www-https

Updated March 31, 2016 09:00 AM