You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andy Hawkins <an...@gently.org.uk> on 2009/09/09 16:54:23 UTC
[users@httpd] Refreshing renewed SSL certificate
Hi,
I renewed an SSL certificate today, and replaced the server's .crt file (the
one pointed to by the 'SSLCertificateFile' parameter in the server's
config). However, when I restarted the server (apachectl restart, server is
v1.3.34) requests to the server still seemed to return the original
certificate.
I got around this by rebooting the server, but this seems a little drastic!
Can anyone tell me what I need to do to get new certificates recognised?
Thanks
Andy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Refreshing renewed SSL certificate
Posted by Andy Hawkins <an...@gently.org.uk>.
Hi,
In article <4A...@newmediagateway.com>,
Justin Pasher<ju...@newmediagateway.com> wrote:
> FWIW, in my experience, installing or changing an SSL cert on an Apache
> 1 server requires a stop and start (restart/reload won't work). Now
> this is using apache-ssl (as opposed to mod_ssl), but it sounds the same
> for your situation.
Ah ok, that might explain it. I'll try to remember to do a full stop / start
next time.
Andy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Refreshing renewed SSL certificate
Posted by Justin Pasher <ju...@newmediagateway.com>.
Andy Hawkins wrote:
> Hi,
>
> I renewed an SSL certificate today, and replaced the server's .crt file (the
> one pointed to by the 'SSLCertificateFile' parameter in the server's
> config). However, when I restarted the server (apachectl restart, server is
> v1.3.34) requests to the server still seemed to return the original
> certificate.
>
> I got around this by rebooting the server, but this seems a little drastic!
>
> Can anyone tell me what I need to do to get new certificates recognised?
>
FWIW, in my experience, installing or changing an SSL cert on an Apache
1 server requires a stop and start (restart/reload won't work). Now
this is using apache-ssl (as opposed to mod_ssl), but it sounds the same
for your situation.
Perhaps it has to due with apache no longer having root permissions
after it has started (I believe a restart just sends a SIGHUP to the
process), and it wants to reload both the cert and private key (private
keys SHOULD only be readable by root, if secured properly). This is all
speculation on my part though.
--
Justin Pasher
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org