You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rex Brooks <re...@starbourne.com> on 2006/05/12 23:19:16 UTC
[users@httpd] Revisiting apache startup failure SSLCertificateFile erro
I added the last couple of messages in this
thread back into the last reply to which I am
responding.
I was busy all week with the OASIS Symposium 2006.
I want to be clear that I have Apache2.0
installed on RedHatEnterprise Linux using all the
included packages. The location of the
SSLCertificateFile and SSLCertificateKeyFile
match the locations in ssl.conf file in the
conf.d directory from which all .conf files are
loaded by httpd.conf.
The error message I get in the error log when
attempting to start httpd remains:
[Mon May 08 06:20:22 2006] [error] Server should
be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
So I am missing something because it seems to me
the I have the certificate configured correctly.
My intention to reintall apache was thwarted when
I unchecked the webserver from the Add or Remove
Packages list and clicked update, I got the
message: Package Not Found: php required by
<'php-pear', '4.3.9, '3.6').
This is an anomaly similar to the message I get
that DocumentRoot
/home/rexb/jakarta-tomcat-5.0.28 does not exist.
So, for now I can't even reinstall Apache and
then rebuild the portal and registry.
So, I am back to asking if I am missing something
in the configuration of the certificate or
pointing to it.
Please note that I tried several ways to build
and references Certificate-Key files.
Regards,
Rex
At 2:42 PM +0200 5/9/06, Axel-Stéphane SMORGRAV wrote:
> No need to reinstall Apache. This is only a configuration issue.
>
>You need to tell Apache where to find the
>- Server certificate
>- Private key associated with the server certificate
>- CA Certificate
>
>>>From your httpd.conf file, you probably include
>>a configuration file called ssl.conf. This
>>include directive may be enclosed within a
>>condition like <IfDefine SSL>. Chances are that
>>the SSL variable is not defined and therefore
>>the ssl.conf file is not loaded. You can remove
>>this condition altogether (and the associated
>></IfDefine>), or you can start Apache with the
>>command "apachectl startssl" rather than
>>"apachectl start".
>
>The module mod_info is very useful for
>determining exactly what configuation directives
>have been loaded into Apache by requesting
>http://myserver.mydomain.com/server-info which
>will give you a list of all loaded modules and
>all associated configuration directives.
>
>-ascs
>
>-----Original Message-----
>From: Rex Brooks [mailto:rexb@starbourne.com]
>Sent: Tuesday, May 09, 2006 2:10 PM
>To: Richard de Vries
>Cc: users@httpd.apache.org
>Subject: Re: [users@httpd] Correction &
>Question: SSLCertificateFile: RedHat (RHEL4)
>apache startup failure:
>ebxml-registry-repository on tomcat on port
>6480, with Mambo LAMP Portal on port 8080:
>Despite Self-Signed Cert: [error] Server should
>be SSL-aware but ha
>
>Here is the httpd error_log for that sequence:
>
>[Mon May 08 06:20:21 2006] [notice] core dump file size limit raised
>to 4294967295 bytes
>[Mon May 08 06:20:22 2006] [notice] suEXEC mechanism enabled
>(wrapper: /usr/sbin/suexec)
>[Mon May 08 06:20:22 2006] [error] Server should be SSL-aware but has
>no certificate configured [Hint: SSLCertificateFile]
>
>It's beginning to look like I will have to reinstall apache.
>
>Regards,
>Rex
>
Thanks Richard,
I appreciate that you took the time to answer. So
far you are the only one. This installation is on
RedHat Enterprise Linux4 and Apache2.0 and I have
tried the Key-Certificate generation instructions
detailed in the System Administration Guide Ch.
26.6-26.8,
I tried the freebsd instructions at the url you
advised, and what happened was that the
certificate signing request could not open the
key. I have also downloaded and tried with
openssl-0.9.8b. I was able to generate the
server.key and server.crt but httpd still does
not start.
The Admin Guide instructions also result in what
ought to be a valid server key in the ssl.key
directory and a server.crt in the ssl.crt
directory as specified in the ssl.conf file in
the /etc/httpd/conf directory, but httpd still
does not start
Here is the terminal output when attempting to start httpd:
[root@c-xxx-xxx-xxx-xxx ~]# service httpd start
Starting httpd: [Mon May 08 06:20:21 2006] [warn]
The Alias directive in /etc/httpd/conf/httpd.conf
at line 557 will probably never match because it
overlaps an earlier AliasMatch.
Warning: DocumentRoot [/home/xxx/jakarta-tomcat-5.0.28] does not exist
[FAILED]
[root@c-xxx-xxx-xxx-xxx ~]#
Here is the httpd error_log for that sequence:
[Mon May 08 06:20:21 2006] [notice] core dump
file size limit raised to 4294967295 bytes
[Mon May 08 06:20:22 2006] [notice] suEXEC
mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon May 08 06:20:22 2006] [error] Server should
be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
It's beginning to look like I will have to reinstall apache.
Regards,
Rex
>what error are you getting?
>
>Try following the instructions at this URL. They've
>always worked for me:
>
>http://www.corserv.com/freebsd/apache-ssl-howto.html
>
>--- Rex Brooks <re...@starbourne.com> wrote:
>
>> Please see my previous post for details.
>>
>> I said that mod_ssl was not installed, but a double
>> check showed that it is.
>>
>> My question is only about filenames for
>> SSLCertificateFile and/or
>> SSLCertificateKeyFile.
>>
>> ApacheSSL Documentation says at
>>
>http://www.apache-ssl.org/docs.html#SSLCertificateFile:
>>
>> This is your PEM-encoded server certificate
>> (strictly, it is what
>> SSLeay calls PEM, which isn't really).
>>
>> Example:
>>
>> SSLCertificateFile
>> /usr/local/apache/certs/my.server.pem
>>
>> What the process described in RedHat Sys. Admin.
>> Guide Ch. 26.6-26.8
>> produces in the file ssl.conf located in
>> /etc/httpd/conf.d/ used to
>> configure SSL support is:
>>
>> SSLCertificateFile
>> /etc/httpd/conf/ssl.crt/server.crt
>>
>> and
>>
>> SSLCertificateKeyFile
>> /etc/httpd/conf/ssl.key/server.key
>>
>> There is a file named server.crt in the specified
>> location, and an
>> server.key file in its corresponding location. Could
>> this lack of a
>> PEM-encoded server certificate, however it is
>> produced, the root
>> cause of httpd start failure?
>>
>> I have downloaded and installed openssl-0.9.8b and I
>> have also now
>> generated a privkey.pem and a cacert.pem and I have
>> put them in the
>> same directories as the ssl.conf file specified, and
>> edited that file
>> to reflect that, rebooted and httpd still fails to
>> start.
>>
>>
>> Regards,
> Rex Brooks
--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org