httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John McIntyre <joh98....@gmail.com>
Subject [users@httpd] Can a certificate error bring down a server?
Date Wed, 16 Oct 2013 09:17:17 GMT
Hi,
So I have an apache 2.2.15 box running on CentOS 6.4.   It took me a while
to get it fine-tuned the way I want, but I eventually got there.  So I buy
a certificate, redirect from http to https, and it seems to be working
perfectly.  That was about six weeks ago.

This morning, I head into the office, and as usual, login to my horde
instance for e-mail and calendar.  At the same time, trying to get mailman
running, I decide to remove the mailman instance with yum remove mailman.
 Five minutes later, as I'm typing an e-mail, I suddenly get kicked off the
server, and when I try to reconnect, I get 'certificate not approved' in my
browser (chrome).

I have a look via ssh, but can't see anything untoward.

This is when I _did_ do something silly.  I looked in
/etc/httpd/conf.d/ssl.conf and saw the following line:

SSLCertificateFile /etc/pki/tls/private/localhost.key

That's not right, I thought.  So I change that and the other SSL file lines
to point to my certificates, which are in /etc/httpd/ssl.  Like an idiot, I
didn't back that file up beforehand.

I restart apache and this appears in the logs ..

[Wed Oct 16 09:52:34 2013] [error] Init: Unable to read server certificate
from file /etc/pki/tls/private/localhost.key
[Wed Oct 16 09:52:34 2013] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Oct 16 09:52:34 2013] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

And this is rather worrying, since at no time in the past fortnight, have I
fiddled with the httpd.conf file, so there's no reason why it should
suddenly stop pointing to the correct certificate.  And I don't think that
removing mailman would cause this - I only mentioned it to eliminate it as
a possible cause.

Any ideas?

Thanks.

Mime
View raw message