httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rex Brooks <r...@starbourne.com>
Subject [users@httpd] SSL Problem Still not Solved in Apache2-RHEL4
Date Mon, 15 May 2006 16:49:54 GMT
I'm still stuck with httpd not starting while mod_ssl included in 
Apache2.0 in RHEL4.

httpd will start without mod_ssl.

However, connection is then refused at both of the Virtual Hosts I'm 
using together:
Default=mysqld-php portal;
Other=Derby-tomcat-jsp ebxmlrr registry;
so I returned to turned mod_ssl back on.

error_log:
[date-time] [notice] core dump file size limit raised to 4294967295 bytes
[date-time] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[date-time] [error] Server should be SSL-aware but has no certificate 
configured [Hint: SSLCertificateFile]

Note: 'SSLEngine on' is specified in both the httpd.conf and the 
ssl.conf files. I found one question in my research where this 
duplication was a problem in conjunction with duplicated ssl 
variables/settings. Unfortunately the version of apache and OS were 
not specified, but removing 'SSLEngine on' from httpd.conf caused no 
change in the condition, so I returned to initial conditions again.

Vitals:

ssl.conf:
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd.conf/sslkey/server.key


permissions:
[root@XXXX ssl.crt]# ls -al
total 40
drwx------  2 root root 4096 May 13 08:06 .
drwxr-xr-x  7 root root 4096 May 13 08:23 ..
-rw-r--r--  1 root root 1773 May  8 17:22 cacert.pem
-rw-r--r--  1 root root 1522 Feb 28  2005 Makefile.crt
-rw-------  1 root root 1497 May  8 21:27 server.crt
[root@XXX ssl.crt]# cd ..
[root@@XXX conf]# cd ssl.key
[root@XXX ssl.key]# ls -al
total 48
drwx------  2 root root 4096 Feb 28  2005 .
drwxr-xr-x  7 root root 4096 May 13 08:23 ..
-rw-r--r--  1 root root 1751 May  8 17:18 privkey.pem
-rw-------  1 root root  963 May  8 21:23 server.key

As you can see, the server.crt and server.key files are not publicly 
readable, but I do not have specific lines in ssl.conf for cacert.pem 
or privkey.pem. The documentaton for apache-ssl specfically mentions 
pem-encoding as does the Apache Model mod_ssl documentation. Could 
this be a problem?

The SSLCACertificatePath is commented in ssl.conf. Could this be a problem?

I haven't changed or questioned all of the variables, including 
DocumentRoot and ServerName which are also commented.

I have to find a solution to this. It's one of those things that just 
isn't optional for me. Sorry to be a pain.

Rex
-- 
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message