[users@httpd] 2.4.9 expecting DH PARAMETERS

[Jesse Defer <Je...@asu.edu>]

When upgrading from 2.4.7 to 2.4.9 we found that the server complained about missing DH PARAMETERS in our certificate and would not start.  Adding dhparams to it fixed it.  After some troubleshooting we found that only systems that did not have SSLCertificateChainFile directives with the intermediate certificate exhibited this problem.  Combining the server and intermediate certificates into the SSLCertificateFile also required adding dhparams.

Errors:

[Thu Apr 10 13:03:32.999467 2014] [ssl:emerg] [pid 27709] AH02562: Failed to configure certificate xxx:443:0 (with chain), check /usr/local/apache2/conf/xxx.crt
[Thu Apr 10 13:03:32.999486 2014] [ssl:emerg] [pid 27709] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
AH00016: Configuration Failed

OS is RHEL5, using distro provided openssl (0.9.8e).

Is this a bug or am I doing something wrong?

Thanks,
Jesse DeFer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org