You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ei...@gmail.com on 2015/08/04 20:02:42 UTC
[users@httpd] 443 VirtualHost setup yields "Server should be SSL-aware" error
RHEL: 5
Apache: 2.2.29
Trying to set up a VirtualHost in my 443 configuration
----------------------------------------------------------------------------
Listen 443 (also tried Listen 443 http)
DocumentRoot "/www/secure"
NameVirtualHost *:443
<VirtualHost *:443>
<IfDefine leveltest>
ServerName test.something.com
RewriteEngine On
SSLEngine On
SSLProxyEngine on
ProxyRequests Off
SSLCertificateFile "/example.crt"
SSLCertificateKeyFile "example.key"
SSLCertificateChainFile "example-intermediate.crt"
</IfDefine>
<IfDefine levelprod>
RewriteEngine On
SSLEngine On
SSLProxyEngine on
ProxyRequests Off
RewriteEngine On
SSLEngine On
SSLProxyEngine on
ProxyRequests Off
SSLCertificateFile "/example.crt"
SSLCertificateKeyFile "example.key"
SSLCertificateChainFile "example-intermediate.crt"
</IfDefine>
SSLOptions +StdEnvVars +ExportCertData
SSLProtocol ALL -SSLv2 -SSLv3
-------------------------------------------------------------------------------------
The above results in the following error when trying to start:
[Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
no certificate configured [Hint: SSLCertificateFile] ((null):0)
We know that certificate listed works as we are currently using it,
only difference is we tried including it in a VirtualHost now.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 443 VirtualHost setup yields "Server should be
SSL-aware" error
Posted by Matias Visbeek <ma...@vatrox.com>.
Glad to hear you find the issue cause.
It is absolutely factible that the error was caused by that included file
if it was defined for a different VirtualHost, as the configuration you set
is only for port 443. Does that included file set configurations for a
VirtualHost?
2015-08-04 17:20 GMT-03:00 , , <us...@gmail.com>:
> Hey Matias thank you for the assistance, I ended up discovering I had
> an additional configuration file included that had additional SSL
> directives defined in it.
>
> When I commented out this configuration (as everything present in it
> was also present in my main configuration) it seemed to start up
> without issue.
>
> The file that I commented out contained:
> SSLEngine on
> SSLOptions StdEnvVars StrictRequire
> SSLCompression off
> SSLProtocol All -SSLv2 -SSLv3
> SSLHonorCipherOrder on
> SSLCipherSuite
> ALL:!ADH:!LOW:!SSLv2:!EXP:!NULL:RC4+SHA:+HIGH:+MEDIUM
> SSLRandomSeed startup file:/dev/urandom 512
> SSLRandomSeed connect file:/dev/urandom 512
> SSLSessionCacheTimeout 300
>
>
> Everything in that file is present in my mainline configuration as
> well except for the SSLHonorCipherOrder. Do you think the issue was
> that the SSLEngine on was defined both inside and outside of my
> VirtualHost?
>
> On Tue, Aug 4, 2015 at 3:13 PM, Matias Visbeek
> <ma...@vatrox.com> wrote:
> > Another question, I see you have SSLProxyEngine On, so I assume your are
> > using it as a Reverse Proxy. Does the backend requires SSL aswell? In
> that
> > case you will need at least the trusted certificate for the backend's
> server
> > certificate specified in SSLProxyCACertificateFile.
> >
> > What version of Apache are you using?
> >
> > Are you sure Apache have privileges over that directory?
> >
> >
> > 2015-08-04 16:19 GMT-03:00 , , <us...@gmail.com>:
> >>
> >> That is correct.
> >>
> >> On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek
> >> <ma...@vatrox.com> wrote:
> >> > Just to be sure, is your example.crt file just the public key of your
> >> > ceritficate in PEM Base64 format?
> >> >
> >> >
> >> > 2015-08-04 15:23 GMT-03:00 <ei...@gmail.com>:
> >> >>
> >> >> Apologies, the leading slash was not supposed to be there, just
> copied
> >> >> a fake file location and forgot to remove it, the full path is
> defined
> >> >> for the certs:
> >> >> SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt"
> >> >> SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key"
> >> >> SSLCertificateChainFile
> >> >> "/opt/blah/web/apache2/cert/example-intermediate.crt"
> >> >>
> >> >> Matias, not sure what you mean by "are you sure conditions for
> >> >> IfDefine are met?" If you mean are those levels defined properly etc.
> >> >> then yes, I use those IfDefines several times in the rest of the
> >> >> configuration.
> >> >>
> >> >> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
> >> >> <ma...@vatrox.com> wrote:
> >> >> > Hi,
> >> >> >
> >> >> > I have 2 different theories about what is happening with your code.
> >> >> >
> >> >> > First, this line looks wrong
> >> >> > SSLCertificateFile "/example.crt"
> >> >> >
> >> >> > Do you have your certificate file in the root directory?
> >> >> > Try changing it for this
> >> >> >
> >> >> > SSLCertificateFile "example.crt"
> >> >> >
> >> >> > or providing the full path to the file, for example
> >> >> > "/home/user/cert/example.crt" for Linux/UNIX or
> "C:/cert/ecample.crt"
> >> >> > for
> >> >> > Windows.
> >> >> >
> >> >> > Second, you define your certificate inside IfDefine tags, are you
> >> >> > sure
> >> >> > conditions for IfDefine are met?
> >> >> >
> >> >> > Regards,
> >> >> >
> >> >> > Matías
> >> >> >
> >> >> > 2015-08-04 15:02 GMT-03:00 <ei...@gmail.com>:
> >> >> >>
> >> >> >> RHEL: 5
> >> >> >> Apache: 2.2.29
> >> >> >>
> >> >> >> Trying to set up a VirtualHost in my 443 configuration
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> ----------------------------------------------------------------------------
> >> >> >> Listen 443 (also tried Listen 443 http)
> >> >> >>
> >> >> >> DocumentRoot "/www/secure"
> >> >> >>
> >> >> >> NameVirtualHost *:443
> >> >> >>
> >> >> >> <VirtualHost *:443>
> >> >> >>
> >> >> >> <IfDefine leveltest>
> >> >> >> ServerName test.something.com
> >> >> >> RewriteEngine On
> >> >> >> SSLEngine On
> >> >> >> SSLProxyEngine on
> >> >> >> ProxyRequests Off
> >> >> >> SSLCertificateFile "/example.crt"
> >> >> >> SSLCertificateKeyFile "example.key"
> >> >> >> SSLCertificateChainFile "example-intermediate.crt"
> >> >> >> </IfDefine>
> >> >> >> <IfDefine levelprod>
> >> >> >> RewriteEngine On
> >> >> >> SSLEngine On
> >> >> >> SSLProxyEngine on
> >> >> >> ProxyRequests Off
> >> >> >> RewriteEngine On
> >> >> >> SSLEngine On
> >> >> >> SSLProxyEngine on
> >> >> >> ProxyRequests Off
> >> >> >> SSLCertificateFile "/example.crt"
> >> >> >> SSLCertificateKeyFile "example.key"
> >> >> >> SSLCertificateChainFile "example-intermediate.crt"
> >> >> >> </IfDefine>
> >> >> >>
> >> >> >> SSLOptions +StdEnvVars +ExportCertData
> >> >> >> SSLProtocol ALL -SSLv2 -SSLv3
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> -------------------------------------------------------------------------------------
> >> >> >>
> >> >> >> The above results in the following error when trying to start:
> >> >> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but
> >> >> >> has
> >> >> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
> >> >> >>
> >> >> >> We know that certificate listed works as we are currently using
> it,
> >> >> >> only difference is we tried including it in a VirtualHost now.
> >> >> >>
> >> >> >>
> >> >> >>
> ---------------------------------------------------------------------
> >> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >> >>
> >> >> >
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >>
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] 443 VirtualHost setup yields "Server should be
SSL-aware" error
Posted by ", ," <us...@gmail.com>.
Hey Matias thank you for the assistance, I ended up discovering I had
an additional configuration file included that had additional SSL
directives defined in it.
When I commented out this configuration (as everything present in it
was also present in my main configuration) it seemed to start up
without issue.
The file that I commented out contained:
SSLEngine on
SSLOptions StdEnvVars StrictRequire
SSLCompression off
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!ADH:!LOW:!SSLv2:!EXP:!NULL:RC4+SHA:+HIGH:+MEDIUM
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLSessionCacheTimeout 300
Everything in that file is present in my mainline configuration as
well except for the SSLHonorCipherOrder. Do you think the issue was
that the SSLEngine on was defined both inside and outside of my
VirtualHost?
On Tue, Aug 4, 2015 at 3:13 PM, Matias Visbeek
<ma...@vatrox.com> wrote:
> Another question, I see you have SSLProxyEngine On, so I assume your are
> using it as a Reverse Proxy. Does the backend requires SSL aswell? In that
> case you will need at least the trusted certificate for the backend's server
> certificate specified in SSLProxyCACertificateFile.
>
> What version of Apache are you using?
>
> Are you sure Apache have privileges over that directory?
>
>
> 2015-08-04 16:19 GMT-03:00 , , <us...@gmail.com>:
>>
>> That is correct.
>>
>> On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek
>> <ma...@vatrox.com> wrote:
>> > Just to be sure, is your example.crt file just the public key of your
>> > ceritficate in PEM Base64 format?
>> >
>> >
>> > 2015-08-04 15:23 GMT-03:00 <ei...@gmail.com>:
>> >>
>> >> Apologies, the leading slash was not supposed to be there, just copied
>> >> a fake file location and forgot to remove it, the full path is defined
>> >> for the certs:
>> >> SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt"
>> >> SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key"
>> >> SSLCertificateChainFile
>> >> "/opt/blah/web/apache2/cert/example-intermediate.crt"
>> >>
>> >> Matias, not sure what you mean by "are you sure conditions for
>> >> IfDefine are met?" If you mean are those levels defined properly etc.
>> >> then yes, I use those IfDefines several times in the rest of the
>> >> configuration.
>> >>
>> >> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
>> >> <ma...@vatrox.com> wrote:
>> >> > Hi,
>> >> >
>> >> > I have 2 different theories about what is happening with your code.
>> >> >
>> >> > First, this line looks wrong
>> >> > SSLCertificateFile "/example.crt"
>> >> >
>> >> > Do you have your certificate file in the root directory?
>> >> > Try changing it for this
>> >> >
>> >> > SSLCertificateFile "example.crt"
>> >> >
>> >> > or providing the full path to the file, for example
>> >> > "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt"
>> >> > for
>> >> > Windows.
>> >> >
>> >> > Second, you define your certificate inside IfDefine tags, are you
>> >> > sure
>> >> > conditions for IfDefine are met?
>> >> >
>> >> > Regards,
>> >> >
>> >> > Matías
>> >> >
>> >> > 2015-08-04 15:02 GMT-03:00 <ei...@gmail.com>:
>> >> >>
>> >> >> RHEL: 5
>> >> >> Apache: 2.2.29
>> >> >>
>> >> >> Trying to set up a VirtualHost in my 443 configuration
>> >> >>
>> >> >>
>> >> >>
>> >> >> ----------------------------------------------------------------------------
>> >> >> Listen 443 (also tried Listen 443 http)
>> >> >>
>> >> >> DocumentRoot "/www/secure"
>> >> >>
>> >> >> NameVirtualHost *:443
>> >> >>
>> >> >> <VirtualHost *:443>
>> >> >>
>> >> >> <IfDefine leveltest>
>> >> >> ServerName test.something.com
>> >> >> RewriteEngine On
>> >> >> SSLEngine On
>> >> >> SSLProxyEngine on
>> >> >> ProxyRequests Off
>> >> >> SSLCertificateFile "/example.crt"
>> >> >> SSLCertificateKeyFile "example.key"
>> >> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> >> </IfDefine>
>> >> >> <IfDefine levelprod>
>> >> >> RewriteEngine On
>> >> >> SSLEngine On
>> >> >> SSLProxyEngine on
>> >> >> ProxyRequests Off
>> >> >> RewriteEngine On
>> >> >> SSLEngine On
>> >> >> SSLProxyEngine on
>> >> >> ProxyRequests Off
>> >> >> SSLCertificateFile "/example.crt"
>> >> >> SSLCertificateKeyFile "example.key"
>> >> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> >> </IfDefine>
>> >> >>
>> >> >> SSLOptions +StdEnvVars +ExportCertData
>> >> >> SSLProtocol ALL -SSLv2 -SSLv3
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> -------------------------------------------------------------------------------------
>> >> >>
>> >> >> The above results in the following error when trying to start:
>> >> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but
>> >> >> has
>> >> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
>> >> >>
>> >> >> We know that certificate listed works as we are currently using it,
>> >> >> only difference is we tried including it in a VirtualHost now.
>> >> >>
>> >> >>
>> >> >> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >> >>
>> >> >
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 443 VirtualHost setup yields "Server should be
SSL-aware" error
Posted by Matias Visbeek <ma...@vatrox.com>.
Another question, I see you have SSLProxyEngine On, so I assume your are
using it as a Reverse Proxy. Does the backend requires SSL aswell? In that
case you will need at least the trusted certificate for the backend's
server certificate specified in SSLProxyCACertificateFile.
What version of Apache are you using?
Are you sure Apache have privileges over that directory?
2015-08-04 16:19 GMT-03:00 , , <us...@gmail.com>:
> That is correct.
>
> On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek
> <ma...@vatrox.com> wrote:
> > Just to be sure, is your example.crt file just the public key of your
> > ceritficate in PEM Base64 format?
> >
> >
> > 2015-08-04 15:23 GMT-03:00 <ei...@gmail.com>:
> >>
> >> Apologies, the leading slash was not supposed to be there, just copied
> >> a fake file location and forgot to remove it, the full path is defined
> >> for the certs:
> >> SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt"
> >> SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key"
> >> SSLCertificateChainFile
> >> "/opt/blah/web/apache2/cert/example-intermediate.crt"
> >>
> >> Matias, not sure what you mean by "are you sure conditions for
> >> IfDefine are met?" If you mean are those levels defined properly etc.
> >> then yes, I use those IfDefines several times in the rest of the
> >> configuration.
> >>
> >> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
> >> <ma...@vatrox.com> wrote:
> >> > Hi,
> >> >
> >> > I have 2 different theories about what is happening with your code.
> >> >
> >> > First, this line looks wrong
> >> > SSLCertificateFile "/example.crt"
> >> >
> >> > Do you have your certificate file in the root directory?
> >> > Try changing it for this
> >> >
> >> > SSLCertificateFile "example.crt"
> >> >
> >> > or providing the full path to the file, for example
> >> > "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt"
> >> > for
> >> > Windows.
> >> >
> >> > Second, you define your certificate inside IfDefine tags, are you sure
> >> > conditions for IfDefine are met?
> >> >
> >> > Regards,
> >> >
> >> > Matías
> >> >
> >> > 2015-08-04 15:02 GMT-03:00 <ei...@gmail.com>:
> >> >>
> >> >> RHEL: 5
> >> >> Apache: 2.2.29
> >> >>
> >> >> Trying to set up a VirtualHost in my 443 configuration
> >> >>
> >> >>
> >> >>
> ----------------------------------------------------------------------------
> >> >> Listen 443 (also tried Listen 443 http)
> >> >>
> >> >> DocumentRoot "/www/secure"
> >> >>
> >> >> NameVirtualHost *:443
> >> >>
> >> >> <VirtualHost *:443>
> >> >>
> >> >> <IfDefine leveltest>
> >> >> ServerName test.something.com
> >> >> RewriteEngine On
> >> >> SSLEngine On
> >> >> SSLProxyEngine on
> >> >> ProxyRequests Off
> >> >> SSLCertificateFile "/example.crt"
> >> >> SSLCertificateKeyFile "example.key"
> >> >> SSLCertificateChainFile "example-intermediate.crt"
> >> >> </IfDefine>
> >> >> <IfDefine levelprod>
> >> >> RewriteEngine On
> >> >> SSLEngine On
> >> >> SSLProxyEngine on
> >> >> ProxyRequests Off
> >> >> RewriteEngine On
> >> >> SSLEngine On
> >> >> SSLProxyEngine on
> >> >> ProxyRequests Off
> >> >> SSLCertificateFile "/example.crt"
> >> >> SSLCertificateKeyFile "example.key"
> >> >> SSLCertificateChainFile "example-intermediate.crt"
> >> >> </IfDefine>
> >> >>
> >> >> SSLOptions +StdEnvVars +ExportCertData
> >> >> SSLProtocol ALL -SSLv2 -SSLv3
> >> >>
> >> >>
> >> >>
> >> >>
> -------------------------------------------------------------------------------------
> >> >>
> >> >> The above results in the following error when trying to start:
> >> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
> >> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
> >> >>
> >> >> We know that certificate listed works as we are currently using it,
> >> >> only difference is we tried including it in a VirtualHost now.
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >>
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] 443 VirtualHost setup yields "Server should be
SSL-aware" error
Posted by ", ," <us...@gmail.com>.
That is correct.
On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek
<ma...@vatrox.com> wrote:
> Just to be sure, is your example.crt file just the public key of your
> ceritficate in PEM Base64 format?
>
>
> 2015-08-04 15:23 GMT-03:00 <ei...@gmail.com>:
>>
>> Apologies, the leading slash was not supposed to be there, just copied
>> a fake file location and forgot to remove it, the full path is defined
>> for the certs:
>> SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt"
>> SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key"
>> SSLCertificateChainFile
>> "/opt/blah/web/apache2/cert/example-intermediate.crt"
>>
>> Matias, not sure what you mean by "are you sure conditions for
>> IfDefine are met?" If you mean are those levels defined properly etc.
>> then yes, I use those IfDefines several times in the rest of the
>> configuration.
>>
>> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
>> <ma...@vatrox.com> wrote:
>> > Hi,
>> >
>> > I have 2 different theories about what is happening with your code.
>> >
>> > First, this line looks wrong
>> > SSLCertificateFile "/example.crt"
>> >
>> > Do you have your certificate file in the root directory?
>> > Try changing it for this
>> >
>> > SSLCertificateFile "example.crt"
>> >
>> > or providing the full path to the file, for example
>> > "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt"
>> > for
>> > Windows.
>> >
>> > Second, you define your certificate inside IfDefine tags, are you sure
>> > conditions for IfDefine are met?
>> >
>> > Regards,
>> >
>> > Matías
>> >
>> > 2015-08-04 15:02 GMT-03:00 <ei...@gmail.com>:
>> >>
>> >> RHEL: 5
>> >> Apache: 2.2.29
>> >>
>> >> Trying to set up a VirtualHost in my 443 configuration
>> >>
>> >>
>> >> ----------------------------------------------------------------------------
>> >> Listen 443 (also tried Listen 443 http)
>> >>
>> >> DocumentRoot "/www/secure"
>> >>
>> >> NameVirtualHost *:443
>> >>
>> >> <VirtualHost *:443>
>> >>
>> >> <IfDefine leveltest>
>> >> ServerName test.something.com
>> >> RewriteEngine On
>> >> SSLEngine On
>> >> SSLProxyEngine on
>> >> ProxyRequests Off
>> >> SSLCertificateFile "/example.crt"
>> >> SSLCertificateKeyFile "example.key"
>> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> </IfDefine>
>> >> <IfDefine levelprod>
>> >> RewriteEngine On
>> >> SSLEngine On
>> >> SSLProxyEngine on
>> >> ProxyRequests Off
>> >> RewriteEngine On
>> >> SSLEngine On
>> >> SSLProxyEngine on
>> >> ProxyRequests Off
>> >> SSLCertificateFile "/example.crt"
>> >> SSLCertificateKeyFile "example.key"
>> >> SSLCertificateChainFile "example-intermediate.crt"
>> >> </IfDefine>
>> >>
>> >> SSLOptions +StdEnvVars +ExportCertData
>> >> SSLProtocol ALL -SSLv2 -SSLv3
>> >>
>> >>
>> >>
>> >> -------------------------------------------------------------------------------------
>> >>
>> >> The above results in the following error when trying to start:
>> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
>> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
>> >>
>> >> We know that certificate listed works as we are currently using it,
>> >> only difference is we tried including it in a VirtualHost now.
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 443 VirtualHost setup yields "Server should be
SSL-aware" error
Posted by Matias Visbeek <ma...@vatrox.com>.
Just to be sure, is your example.crt file just the public key of your
ceritficate in PEM Base64 format?
2015-08-04 15:23 GMT-03:00 <ei...@gmail.com>:
> Apologies, the leading slash was not supposed to be there, just copied
> a fake file location and forgot to remove it, the full path is defined
> for the certs:
> SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt"
> SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key"
> SSLCertificateChainFile
> "/opt/blah/web/apache2/cert/example-intermediate.crt"
>
> Matias, not sure what you mean by "are you sure conditions for
> IfDefine are met?" If you mean are those levels defined properly etc.
> then yes, I use those IfDefines several times in the rest of the
> configuration.
>
> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
> <ma...@vatrox.com> wrote:
> > Hi,
> >
> > I have 2 different theories about what is happening with your code.
> >
> > First, this line looks wrong
> > SSLCertificateFile "/example.crt"
> >
> > Do you have your certificate file in the root directory?
> > Try changing it for this
> >
> > SSLCertificateFile "example.crt"
> >
> > or providing the full path to the file, for example
> > "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt" for
> > Windows.
> >
> > Second, you define your certificate inside IfDefine tags, are you sure
> > conditions for IfDefine are met?
> >
> > Regards,
> >
> > Matías
> >
> > 2015-08-04 15:02 GMT-03:00 <ei...@gmail.com>:
> >>
> >> RHEL: 5
> >> Apache: 2.2.29
> >>
> >> Trying to set up a VirtualHost in my 443 configuration
> >>
> >>
> ----------------------------------------------------------------------------
> >> Listen 443 (also tried Listen 443 http)
> >>
> >> DocumentRoot "/www/secure"
> >>
> >> NameVirtualHost *:443
> >>
> >> <VirtualHost *:443>
> >>
> >> <IfDefine leveltest>
> >> ServerName test.something.com
> >> RewriteEngine On
> >> SSLEngine On
> >> SSLProxyEngine on
> >> ProxyRequests Off
> >> SSLCertificateFile "/example.crt"
> >> SSLCertificateKeyFile "example.key"
> >> SSLCertificateChainFile "example-intermediate.crt"
> >> </IfDefine>
> >> <IfDefine levelprod>
> >> RewriteEngine On
> >> SSLEngine On
> >> SSLProxyEngine on
> >> ProxyRequests Off
> >> RewriteEngine On
> >> SSLEngine On
> >> SSLProxyEngine on
> >> ProxyRequests Off
> >> SSLCertificateFile "/example.crt"
> >> SSLCertificateKeyFile "example.key"
> >> SSLCertificateChainFile "example-intermediate.crt"
> >> </IfDefine>
> >>
> >> SSLOptions +StdEnvVars +ExportCertData
> >> SSLProtocol ALL -SSLv2 -SSLv3
> >>
> >>
> >>
> -------------------------------------------------------------------------------------
> >>
> >> The above results in the following error when trying to start:
> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
> >>
> >> We know that certificate listed works as we are currently using it,
> >> only difference is we tried including it in a VirtualHost now.
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] 443 VirtualHost setup yields "Server should be
SSL-aware" error
Posted by ei...@gmail.com.
Apologies, the leading slash was not supposed to be there, just copied
a fake file location and forgot to remove it, the full path is defined
for the certs:
SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt"
SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key"
SSLCertificateChainFile "/opt/blah/web/apache2/cert/example-intermediate.crt"
Matias, not sure what you mean by "are you sure conditions for
IfDefine are met?" If you mean are those levels defined properly etc.
then yes, I use those IfDefines several times in the rest of the
configuration.
On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
<ma...@vatrox.com> wrote:
> Hi,
>
> I have 2 different theories about what is happening with your code.
>
> First, this line looks wrong
> SSLCertificateFile "/example.crt"
>
> Do you have your certificate file in the root directory?
> Try changing it for this
>
> SSLCertificateFile "example.crt"
>
> or providing the full path to the file, for example
> "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt" for
> Windows.
>
> Second, you define your certificate inside IfDefine tags, are you sure
> conditions for IfDefine are met?
>
> Regards,
>
> Matías
>
> 2015-08-04 15:02 GMT-03:00 <ei...@gmail.com>:
>>
>> RHEL: 5
>> Apache: 2.2.29
>>
>> Trying to set up a VirtualHost in my 443 configuration
>>
>> ----------------------------------------------------------------------------
>> Listen 443 (also tried Listen 443 http)
>>
>> DocumentRoot "/www/secure"
>>
>> NameVirtualHost *:443
>>
>> <VirtualHost *:443>
>>
>> <IfDefine leveltest>
>> ServerName test.something.com
>> RewriteEngine On
>> SSLEngine On
>> SSLProxyEngine on
>> ProxyRequests Off
>> SSLCertificateFile "/example.crt"
>> SSLCertificateKeyFile "example.key"
>> SSLCertificateChainFile "example-intermediate.crt"
>> </IfDefine>
>> <IfDefine levelprod>
>> RewriteEngine On
>> SSLEngine On
>> SSLProxyEngine on
>> ProxyRequests Off
>> RewriteEngine On
>> SSLEngine On
>> SSLProxyEngine on
>> ProxyRequests Off
>> SSLCertificateFile "/example.crt"
>> SSLCertificateKeyFile "example.key"
>> SSLCertificateChainFile "example-intermediate.crt"
>> </IfDefine>
>>
>> SSLOptions +StdEnvVars +ExportCertData
>> SSLProtocol ALL -SSLv2 -SSLv3
>>
>>
>> -------------------------------------------------------------------------------------
>>
>> The above results in the following error when trying to start:
>> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
>> no certificate configured [Hint: SSLCertificateFile] ((null):0)
>>
>> We know that certificate listed works as we are currently using it,
>> only difference is we tried including it in a VirtualHost now.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 443 VirtualHost setup yields "Server should be
SSL-aware" error
Posted by Matias Visbeek <ma...@vatrox.com>.
Hi,
I have 2 different theories about what is happening with your code.
First, this line looks wrong
SSLCertificateFile "/example.crt"
Do you have your certificate file in the root directory?
Try changing it for this
SSLCertificateFile "example.crt"
or providing the full path to the file, for example
"/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt" for
Windows.
Second, you define your certificate inside IfDefine tags, are you sure
conditions for IfDefine are met?
Regards,
Matías
2015-08-04 15:02 GMT-03:00 <ei...@gmail.com>:
> RHEL: 5
> Apache: 2.2.29
>
> Trying to set up a VirtualHost in my 443 configuration
>
> ----------------------------------------------------------------------------
> Listen 443 (also tried Listen 443 http)
>
> DocumentRoot "/www/secure"
>
> NameVirtualHost *:443
>
> <VirtualHost *:443>
>
> <IfDefine leveltest>
> ServerName test.something.com
> RewriteEngine On
> SSLEngine On
> SSLProxyEngine on
> ProxyRequests Off
> SSLCertificateFile "/example.crt"
> SSLCertificateKeyFile "example.key"
> SSLCertificateChainFile "example-intermediate.crt"
> </IfDefine>
> <IfDefine levelprod>
> RewriteEngine On
> SSLEngine On
> SSLProxyEngine on
> ProxyRequests Off
> RewriteEngine On
> SSLEngine On
> SSLProxyEngine on
> ProxyRequests Off
> SSLCertificateFile "/example.crt"
> SSLCertificateKeyFile "example.key"
> SSLCertificateChainFile "example-intermediate.crt"
> </IfDefine>
>
> SSLOptions +StdEnvVars +ExportCertData
> SSLProtocol ALL -SSLv2 -SSLv3
>
>
> -------------------------------------------------------------------------------------
>
> The above results in the following error when trying to start:
> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
> no certificate configured [Hint: SSLCertificateFile] ((null):0)
>
> We know that certificate listed works as we are currently using it,
> only difference is we tried including it in a VirtualHost now.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] 443 VirtualHost setup yields "Server should be SSL-aware" error
Posted by in...@mathijs.info.
On 2015-08-04 20:02, eigenbrais1@gmail.com wrote:
<snip>
> SSLCertificateFile "/example.crt"
> SSLCertificateKeyFile "example.key"
> SSLCertificateChainFile "example-intermediate.crt"
<snip>
> The above results in the following error when trying to start:
> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but has
> no certificate configured [Hint: SSLCertificateFile] ((null):0)
>
> We know that certificate listed works as we are currently using it,
> only difference is we tried including it in a VirtualHost now.
The leading slash before example.crt makes the httpd think it's an
absolute file location, so it is looking in the root of your filesystem
for a file called example.crt. It's probably next to your example.key
file so removing the leading slash should resolve this issue.
Br,
Sling
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org