Hey Matias thank you for the assistance, I ended up discovering I had an additional configuration file included that had additional SSL directives defined in it. When I commented out this configuration (as everything present in it was also present in my main configuration) it seemed to start up without issue. The file that I commented out contained: SSLEngine on SSLOptions StdEnvVars StrictRequire SSLCompression off SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite ALL:!ADH:!LOW:!SSLv2:!EXP:!NULL:RC4+SHA:+HIGH:+MEDIUM SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect file:/dev/urandom 512 SSLSessionCacheTimeout 300 Everything in that file is present in my mainline configuration as well except for the SSLHonorCipherOrder. Do you think the issue was that the SSLEngine on was defined both inside and outside of my VirtualHost? On Tue, Aug 4, 2015 at 3:13 PM, Matias Visbeek <matias.visbeek@xxxxxxxxxx> wrote: > Another question, I see you have SSLProxyEngine On, so I assume your are > using it as a Reverse Proxy. Does the backend requires SSL aswell? In that > case you will need at least the trusted certificate for the backend's server > certificate specified in SSLProxyCACertificateFile. > > What version of Apache are you using? > > Are you sure Apache have privileges over that directory? > > > 2015-08-04 16:19 GMT-03:00 , , <us.shadow.op@xxxxxxxxx>: >> >> That is correct. >> >> On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek >> <matias.visbeek@xxxxxxxxxx> wrote: >> > Just to be sure, is your example.crt file just the public key of your >> > ceritficate in PEM Base64 format? >> > >> > >> > 2015-08-04 15:23 GMT-03:00 <eigenbrais1@xxxxxxxxx>: >> >> >> >> Apologies, the leading slash was not supposed to be there, just copied >> >> a fake file location and forgot to remove it, the full path is defined >> >> for the certs: >> >> SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt" >> >> SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key" >> >> SSLCertificateChainFile >> >> "/opt/blah/web/apache2/cert/example-intermediate.crt" >> >> >> >> Matias, not sure what you mean by "are you sure conditions for >> >> IfDefine are met?" If you mean are those levels defined properly etc. >> >> then yes, I use those IfDefines several times in the rest of the >> >> configuration. >> >> >> >> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek >> >> <matias.visbeek@xxxxxxxxxx> wrote: >> >> > Hi, >> >> > >> >> > I have 2 different theories about what is happening with your code. >> >> > >> >> > First, this line looks wrong >> >> > SSLCertificateFile "/example.crt" >> >> > >> >> > Do you have your certificate file in the root directory? >> >> > Try changing it for this >> >> > >> >> > SSLCertificateFile "example.crt" >> >> > >> >> > or providing the full path to the file, for example >> >> > "/home/user/cert/example.crt" for Linux/UNIX or "C:/cert/ecample.crt" >> >> > for >> >> > Windows. >> >> > >> >> > Second, you define your certificate inside IfDefine tags, are you >> >> > sure >> >> > conditions for IfDefine are met? >> >> > >> >> > Regards, >> >> > >> >> > Matías >> >> > >> >> > 2015-08-04 15:02 GMT-03:00 <eigenbrais1@xxxxxxxxx>: >> >> >> >> >> >> RHEL: 5 >> >> >> Apache: 2.2.29 >> >> >> >> >> >> Trying to set up a VirtualHost in my 443 configuration >> >> >> >> >> >> >> >> >> >> >> >> ---------------------------------------------------------------------------- >> >> >> Listen 443 (also tried Listen 443 http) >> >> >> >> >> >> DocumentRoot "/www/secure" >> >> >> >> >> >> NameVirtualHost *:443 >> >> >> >> >> >> <VirtualHost *:443> >> >> >> >> >> >> <IfDefine leveltest> >> >> >> ServerName test.something.com >> >> >> RewriteEngine On >> >> >> SSLEngine On >> >> >> SSLProxyEngine on >> >> >> ProxyRequests Off >> >> >> SSLCertificateFile "/example.crt" >> >> >> SSLCertificateKeyFile "example.key" >> >> >> SSLCertificateChainFile "example-intermediate.crt" >> >> >> </IfDefine> >> >> >> <IfDefine levelprod> >> >> >> RewriteEngine On >> >> >> SSLEngine On >> >> >> SSLProxyEngine on >> >> >> ProxyRequests Off >> >> >> RewriteEngine On >> >> >> SSLEngine On >> >> >> SSLProxyEngine on >> >> >> ProxyRequests Off >> >> >> SSLCertificateFile "/example.crt" >> >> >> SSLCertificateKeyFile "example.key" >> >> >> SSLCertificateChainFile "example-intermediate.crt" >> >> >> </IfDefine> >> >> >> >> >> >> SSLOptions +StdEnvVars +ExportCertData >> >> >> SSLProtocol ALL -SSLv2 -SSLv3 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------------- >> >> >> >> >> >> The above results in the following error when trying to start: >> >> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but >> >> >> has >> >> >> no certificate configured [Hint: SSLCertificateFile] ((null):0) >> >> >> >> >> >> We know that certificate listed works as we are currently using it, >> >> >> only difference is we tried including it in a VirtualHost now. >> >> >> >> >> >> >> >> >> --------------------------------------------------------------------- >> >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> >> >> > >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|