Are you using a seperate configuration file for your SSL instance? Let's start with a couple of basic things. 1) Do you have the SSL configuration between <IfModule XXXX> tags?. If so, what is your XXXX set to in this case? 2) SSLCertificateFile and SSLCertificateKeyFile point to valid files right? Can you do a ls -al on that file location? 3) Sometimes, some programs refuse to enable SSL if the certificates are publicly readable. How are your permissions on these files? Let's start with these steps, then work ourselves thru your configuration. I don't think re-installing apache would necesarrily fix anything. Richard --- Rex Brooks <rexb@xxxxxxxxxxxxxx> wrote: > Thanks Richard, > > I appreciate that you took the time to answer. So > far you are the > only one. This installation is on RedHat Enterprise > Linux4 and > Apache2.0 and I have tried the Key-Certificate > generation > instructions detailed in the System Administration > Guide Ch. > 26.6-26.8, > > I tried the freebsd instructions at the url you > advised, and what > happened was that the certificate signing request > could not open the > key. I have also downloaded and tried with > openssl-0.9.8b. I was able > to generate the server.key and server.crt but httpd > still does not > start. > > The Admin Guide instructions also result in what > ought to be a valid > server key in the ssl.key directory and a server.crt > in the ssl.crt > directory as specified in the ssl.conf file in the > /etc/httpd/conf > directory, but httpd still does not start > > Here is the terminal output when attempting to start > httpd: > > [root@c-xxx-xxx-xxx-xxx ~]# service httpd start > Starting httpd: [Mon May 08 06:20:21 2006] [warn] > The Alias directive > in /etc/httpd/conf/httpd.conf at line 557 will > probably never match > because it overlaps an earlier AliasMatch. > Warning: DocumentRoot > [/home/xxx/jakarta-tomcat-5.0.28] does not exist > > [FAILED] > [root@c-xxx-xxx-xxx-xxx ~]# > > Here is the httpd error_log for that sequence: > > [Mon May 08 06:20:21 2006] [notice] core dump file > size limit raised > to 4294967295 bytes > [Mon May 08 06:20:22 2006] [notice] suEXEC mechanism > enabled > (wrapper: /usr/sbin/suexec) > [Mon May 08 06:20:22 2006] [error] Server should be > SSL-aware but has > no certificate configured [Hint: SSLCertificateFile] > > It's beginning to look like I will have to reinstall > apache. > > Regards, > Rex > > >what error are you getting? > > > >Try following the instructions at this URL. They've > >always worked for me: > > > >http://www.corserv.com/freebsd/apache-ssl-howto.html > > > >--- Rex Brooks <rexb@xxxxxxxxxxxxxx> wrote: > > > >> Please see my previous post for details. > >> > >> I said that mod_ssl was not installed, but a > double > >> check showed that it is. > >> > >> My question is only about filenames for > >> SSLCertificateFile and/or > >> SSLCertificateKeyFile. > >> > >> ApacheSSL Documentation says at > >> > >http://www.apache-ssl.org/docs.html#SSLCertificateFile: > >> > >> This is your PEM-encoded server certificate > >> (strictly, it is what > >> SSLeay calls PEM, which isn't really). > >> > >> Example: > >> > >> SSLCertificateFile > >> /usr/local/apache/certs/my.server.pem > >> > >> What the process described in RedHat Sys. Admin. > >> Guide Ch. 26.6-26.8 > >> produces in the file ssl.conf located in > >> /etc/httpd/conf.d/ used to > >> configure SSL support is: > >> > >> SSLCertificateFile > >> /etc/httpd/conf/ssl.crt/server.crt > >> > >> and > >> > >> SSLCertificateKeyFile > >> /etc/httpd/conf/ssl.key/server.key > >> > >> There is a file named server.crt in the > specified > >> location, and an > >> server.key file in its corresponding location. > Could > >> this lack of a > >> PEM-encoded server certificate, however it is > >> produced, the root > >> cause of httpd start failure? > >> > >> I have downloaded and installed openssl-0.9.8b > and I > >> have also now > >> generated a privkey.pem and a cacert.pem and I > have > >> put them in the > >> same directories as the ssl.conf file specified, > and > >> edited that file > >> to reflect that, rebooted and httpd still fails > to > >> start. > >> > >> > >> Regards, > >> Rex Brooks > >> > >> > >> -- > >> Rex Brooks > >> President, CEO > >> Starbourne Communications Design > >> GeoAddress: 1361-A Addison > >> Berkeley, CA 94702 > >> Tel: 510-849-2309 > >> > >> > >--------------------------------------------------------------------- > >> The official User-To-User support forum of the > >> Apache HTTP Server Project. > >> See <URL:http://httpd.apache.org/userslist.html> > for > >> more info. > >> To unsubscribe, e-mail: > > > users-unsubscribe@xxxxxxxxxxxxxxxx > >> " from the digest: > >> users-digest-unsubscribe@xxxxxxxxxxxxxxxx > >> For additional commands, e-mail: > >> users-help@xxxxxxxxxxxxxxxx > >> > >> > > > > > >__________________________________________________ > >Do You Yahoo!? > >Tired of spam? Yahoo! Mail has the best spam > protection around > >http://mail.yahoo.com > > > -- > Rex Brooks > President, CEO > Starbourne Communications Design > GeoAddress: 1361-A Addison > Berkeley, CA 94702 > Tel: 510-849-2309 > > --------------------------------------------------------------------- > The official User-To-User support forum of the > Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for > more info. > To unsubscribe, e-mail: > users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: > users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: > users-help@xxxxxxxxxxxxxxxx > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|