Re: [users@httpd] Correction & Question: SSLCertificateFile: RedHat (RHEL4) apache startup failure: ebxml-registry-repository on tomcat on port 6480, with Mambo LAMP Portal on port 8080: Despite Self-Signed Cert: [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Richard,
I appreciate that you took the time to answer. So far you are the only one. This installation is on RedHat Enterprise Linux4 and Apache2.0 and I have tried the Key-Certificate generation instructions detailed in the System Administration Guide Ch. 26.6-26.8,
I tried the freebsd instructions at the url you advised, and what happened was that the certificate signing request could not open the key. I have also downloaded and tried with openssl-0.9.8b. I was able to generate the server.key and server.crt but httpd still does not start.
The Admin Guide instructions also result in what ought to be a valid server key in the ssl.key directory and a server.crt in the ssl.crt directory as specified in the ssl.conf file in the /etc/httpd/conf directory, but httpd still does not start 

Here is the terminal output when attempting to start httpd:

[root@c-xxx-xxx-xxx-xxx ~]# service httpd start
Starting httpd: [Mon May 08 06:20:21 2006] [warn] The Alias directive in /etc/httpd/conf/httpd.conf at line 557 will probably never match because it overlaps an earlier AliasMatch. 
Warning: DocumentRoot [/home/xxx/jakarta-tomcat-5.0.28] does not exist
                                                           [FAILED]
[root@c-xxx-xxx-xxx-xxx ~]#

Here is the httpd error_log for that sequence:
[Mon May 08 06:20:21 2006] [notice] core dump file size limit raised to 4294967295 bytes [Mon May 08 06:20:22 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon May 08 06:20:22 2006] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] 

It's beginning to look like I will have to reinstall apache.

Regards,
Rex


what error are you getting?

Try following the instructions at this URL. They've
always worked for me:

http://www.corserv.com/freebsd/apache-ssl-howto.html

--- Rex Brooks <rexb@xxxxxxxxxxxxxx> wrote:


 Please see my previous post for details.

 I said that mod_ssl was not installed, but a double
 check showed that it is.

 My question is only about filenames for
 SSLCertificateFile and/or
 SSLCertificateKeyFile.

 ApacheSSL Documentation says at


http://www.apache-ssl.org/docs.html#SSLCertificateFile:


 This is your PEM-encoded server certificate
 (strictly, it is what
 SSLeay calls PEM, which isn't really).

 Example:

 SSLCertificateFile
 /usr/local/apache/certs/my.server.pem

 What the process described in RedHat Sys. Admin.
 Guide Ch. 26.6-26.8
 produces in the file ssl.conf located in
 /etc/httpd/conf.d/ used to
 configure SSL support is:

 SSLCertificateFile
 /etc/httpd/conf/ssl.crt/server.crt

 and

 SSLCertificateKeyFile
 /etc/httpd/conf/ssl.key/server.key

 There is a file named server.crt in the specified
 location, and an
 server.key file in its corresponding location. Could
 this lack of a
 PEM-encoded server certificate, however it is
 produced, the root
 cause of httpd start failure?

 I have downloaded and installed openssl-0.9.8b and I
 have also now
 generated a privkey.pem and a cacert.pem and I have
 put them in the
 same directories as the ssl.conf file specified, and
 edited that file
 to reflect that, rebooted and httpd still fails to
 start.


 Regards,
 Rex Brooks


 --
 Rex Brooks
 President, CEO
 Starbourne Communications Design
 GeoAddress: 1361-A Addison
 Berkeley, CA 94702
 Tel: 510-849-2309



---------------------------------------------------------------------

 The official User-To-User support forum of the
 Apache HTTP Server Project.
 See <URL:http://httpd.apache.org/userslist.html> for
 more info.
 To unsubscribe, e-mail:

 > users-unsubscribe@xxxxxxxxxxxxxxxx

    "   from the digest:
 users-digest-unsubscribe@xxxxxxxxxxxxxxxx
 For additional commands, e-mail:
 users-help@xxxxxxxxxxxxxxxx





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com



--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux