httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Pasher <just...@newmediagateway.com>
Subject Re: [users@httpd] Refreshing renewed SSL certificate
Date Wed, 09 Sep 2009 15:50:37 GMT
Andy Hawkins wrote:
> Hi,
>
> I renewed an SSL certificate today, and replaced the server's .crt file (the
> one pointed to by the 'SSLCertificateFile' parameter in the server's
> config). However, when I restarted the server (apachectl restart, server is
> v1.3.34) requests to the server still seemed to return the original
> certificate.
>
> I got around this by rebooting the server, but this seems a little drastic!
>
> Can anyone tell me what I need to do to get new certificates recognised?
>   

FWIW, in my experience, installing or changing an SSL cert on an Apache 
1 server requires a stop and start (restart/reload won't work).  Now 
this is using apache-ssl (as opposed to mod_ssl), but it sounds the same 
for your situation.

Perhaps it has to due with apache no longer having root permissions 
after it has started (I believe a restart just sends a SIGHUP to the 
process), and it wants to reload both the cert and private key (private 
keys SHOULD only be readable by root, if secured properly). This is all 
speculation on my part though.


-- 
Justin Pasher

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message