httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Oppermann <ben....@eml.cc>
Subject Re: [users@httpd] "corrupted content" error, httpd can't access SSL key file [wd-vc]
Date Tue, 30 Sep 2014 11:22:03 GMT
I am sorry, I had it switched off for a few hours (it's a home
pc), but will keep it on now. Would you mind trying again?

Thanks!





Am Di, 30. Sep 2014, um 03:49, schrieb Edgar Pettijohn:

I tried to go to your site, but apparently the server is down.



On 09/29/2014 07:16 PM, Benjamin Oppermann wrote:

Actually, this one is a self-signed certificate, but I tried
with a new one using your command, just to be safe.

My Vhost is configured in
/etc/apache2/sites-enabled/000-default.conf, so that's where I
adjusted the path to test.pem

The page is still not available.

I was probably wrong though giving the apachectl -S error as
cause of the problem (or was I?). I should have run it with
sudo, in which case it would have looked like this:



~$ sudo apachectl -SAH00558: apache2: Could not reliably
determine the server's fully qualified domain name, using
127.0.1.1. Set the 'ServerName' directive globally to suppress
this message

VirtualHost configuration:

*:80                   127.0.1.1
(/etc/apache2/sites-enabled/000-default-mythbuntu.conf:1)

*:443                  127.0.1.1
(/etc/apache2/sites-enabled/000-default.conf:11)

ServerRoot: "/etc/apache2"

Main DocumentRoot: "/var/www"

Main ErrorLog: "/var/log/apache2/error.log"

Mutex ssl-stapling: using_defaults

Mutex ssl-cache: using_defaults

Mutex default: dir="/var/lock/apache2" mechanism=fcntl

Mutex mpm-accept: using_defaults

Mutex watchdog-callback: using_defaults

Mutex rewrite-map: using_defaults

PidFile: "/var/run/apache2/apache2.pid"

Define: DUMP_VHOSTS

Define: DUMP_RUN_CFG

User: name="www-data" id=33

Group: name="www-data" id=33



Could it be that Apache does not run as root when trying to
access the key file?

If that is not the problem, then I am at a loss.

I forgot to say that not all browsers show the problem as
"corrupted content" error. In others, There is a warning that
the site is not to be trusted (which is normal because of the
certificate being self-signed), but the option to ignore the
warning and create an exception is disabled / not working.

I you want to try what your browser says, the URL is
[1]https://oc.benopp.org/owncloud



Am Di, 30. Sep 2014, um 01:35, schrieb Edgar Pettijohn:

Have you tried with a self signed certificate just to see what
happens?



# openssl req -new -x509 -days 3650 -nodes -newkey
rsa:4096 -out /etc/ssl/certs/test.pem -keyout
/etc/ssl/private/test.pem



# chmod go= /etc/ssl/private/test.pem



httpd.conf



SSLCertificateFile    /etc/ssl/certs/test.pem

SSLCertificateKeyFile /etc/ssl/private/test.pem

References

1. https://oc.benopp.org/owncloud

Mime
View raw message