httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From János Löbb <janos.l...@yale.edu>
Subject Re: [users@httpd] Apache Doesn't See My SSLCACertificateFile
Date Wed, 07 Apr 2010 15:32:15 GMT
Carlos,

Make sure you delete your old intermediate.crt and copy down from the  
verisign site the appropriate intermediate certificate.

I had to do this two days ago :-)

János
On Apr 7, 2010, at 10:47 AM, Carlos Mennens wrote:

> I have Apache running on my RHEL 5.4 web server and when someone goes
> to my website, they get a scary warning that tells them my secure site
> isn't safe because it can't be validated by a CA. I contacted my CA
> (Verisign) today and was told that my web server (Apache) isn't
> properly rendering my 'intermediate' certificate. I clearly show
> Apache is properly displaying my public certificate and can read my
> private SSL key so I don't know why it's missing the
> SSLCACertificateFile entry from my httpd.conf file: My entry looks as
> follows in 'httpd.conf':
>
> <VirtualHost *:443>
>        DocumentRoot /var/www/html/int/main
>        ServerName www.mydomain.tld:443
>        ServerAdmin webmaster@mydomain.tld
>        ErrorLog /var/log/httpd/www.mydomain.tld-int-error_log
>        TransferLog /var/log/httpd/www.mydomain.tld-int-access_log
>        #   SSL Engine Switch:
>        #   Enable/Disable SSL for this virtual host.
>        SSLEngine on
>        #SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>        SSLCertificateFile /etc/httpd/conf/ssl/www.crt
>        SSLCertificateKeyFile /etc/httpd/conf/ssl/www.key
>        SSLCACertificateFile /etc/httpd/conf/ssl/intermediate.crt
>
> Now I starting to look around and noticed I also have a
> /etc/httpd/conf.d/ssl.conf file and it too has a section to list SSL
> parameter/path. I am wondering if I need to also add my SSL www.crt,
> www.key, and intermediate.crt in the 'ssl.con' file also? Or could it
> be that simply that Apache doesn't have permissions to properly render
> the 'intermediate.crt' which makes no sense to me since it can see the
> www.crt & www.key fine and they all have the same permissions:
>
> [root@ideweb1 ssl]# ls -la
> total 24
> dr-------- 2 root root 4096 Mar 26 14:36 .
> drwxr-xr-x 3 root root 4096 Apr  7 10:46 ..
> -r-------- 1 root root 1659 Jul 21  2009 intermediate.crt
> -r-------- 1 root root 1936 Mar 26 14:36 www.crt
> -r-------- 1 root root  887 Feb 11  2009 www.key
> -r-------- 1 root root 1931 Mar 26 14:36 www.orig
>
> Please help me understand this...
>
> -Carlos
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server  
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message