I was busy all week with the OASIS Symposium 2006.I want to be clear that I have Apache2.0 installed on RedHatEnterprise Linux using all the included packages. The location of the SSLCertificateFile and SSLCertificateKeyFile match the locations in ssl.conf file in the conf.d directory from which all .conf files are loaded by httpd.conf.
The error message I get in the error log when attempting to start httpd remains:
[Mon May 08 06:20:22 2006] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
So I am missing something because it seems to me the I have the certificate configured correctly.
My intention to reintall apache was thwarted when I unchecked the webserver from the Add or Remove Packages list and clicked update, I got the message: Package Not Found: php required by <'php-pear', '4.3.9, '3.6').
This is an anomaly similar to the message I get that DocumentRoot /home/rexb/jakarta-tomcat-5.0.28 does not exist.
So, for now I can't even reinstall Apache and then rebuild the portal and registry.
So, I am back to asking if I am missing something in the configuration of the certificate or pointing to it.
Please note that I tried several ways to build and references Certificate-Key files.
Regards, Rex At 2:42 PM +0200 5/9/06, Axel-Stéphane SMORGRAV wrote:
No need to reinstall Apache. This is only a configuration issue. You need to tell Apache where to find the - Server certificate - Private key associated with the server certificate - CA CertificateFrom your httpd.conf file, you probably includea configuration file called ssl.conf. This include directive may be enclosed within a condition like <IfDefine SSL>. Chances are that the SSL variable is not defined and therefore the ssl.conf file is not loaded. You can remove this condition altogether (and the associated </IfDefine>), or you can start Apache with the command "apachectl startssl" rather than "apachectl start".The module mod_info is very useful for determining exactly what configuation directives have been loaded into Apache by requesting http://myserver.mydomain.com/server-info which will give you a list of all loaded modules and all associated configuration directives.-ascs -----Original Message----- From: Rex Brooks [mailto:rexb@xxxxxxxxxxxxxx] Sent: Tuesday, May 09, 2006 2:10 PM To: Richard de Vries Cc: users@xxxxxxxxxxxxxxxxSubject: Re: [users@httpd] Correction & Question: SSLCertificateFile: RedHat (RHEL4) apache startup failure: ebxml-registry-repository on tomcat on port 6480, with Mambo LAMP Portal on port 8080: Despite Self-Signed Cert: [error] Server should be SSL-aware but haHere is the httpd error_log for that sequence: [Mon May 08 06:20:21 2006] [notice] core dump file size limit raised to 4294967295 bytes [Mon May 08 06:20:22 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon May 08 06:20:22 2006] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] It's beginning to look like I will have to reinstall apache. Regards, Rex
Thanks Richard,I appreciate that you took the time to answer. So far you are the only one. This installation is on RedHat Enterprise Linux4 and Apache2.0 and I have tried the Key-Certificate generation instructions detailed in the System Administration Guide Ch. 26.6-26.8,
I tried the freebsd instructions at the url you advised, and what happened was that the certificate signing request could not open the key. I have also downloaded and tried with openssl-0.9.8b. I was able to generate the server.key and server.crt but httpd still does not start.
The Admin Guide instructions also result in what ought to be a valid server key in the ssl.key directory and a server.crt in the ssl.crt directory as specified in the ssl.conf file in the /etc/httpd/conf directory, but httpd still does not start
Here is the terminal output when attempting to start httpd: [root@c-xxx-xxx-xxx-xxx ~]# service httpd startStarting httpd: [Mon May 08 06:20:21 2006] [warn] The Alias directive in /etc/httpd/conf/httpd.conf at line 557 will probably never match because it overlaps an earlier AliasMatch.
Warning: DocumentRoot [/home/xxx/jakarta-tomcat-5.0.28] does not exist
[FAILED]
[root@c-xxx-xxx-xxx-xxx ~]#
Here is the httpd error_log for that sequence:
[Mon May 08 06:20:21 2006] [notice] core dump
file size limit raised to 4294967295 bytes
[Mon May 08 06:20:22 2006] [notice] suEXEC
mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon May 08 06:20:22 2006] [error] Server should
be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
It's beginning to look like I will have to reinstall apache. Regards, Rex
what error are you getting? Try following the instructions at this URL. They've always worked for me: http://www.corserv.com/freebsd/apache-ssl-howto.html --- Rex Brooks <rexb@xxxxxxxxxxxxxx> wrote:Please see my previous post for details. I said that mod_ssl was not installed, but a double check showed that it is. My question is only about filenames for SSLCertificateFile and/or SSLCertificateKeyFile. ApacheSSL Documentation says athttp://www.apache-ssl.org/docs.html#SSLCertificateFile:This is your PEM-encoded server certificate (strictly, it is what SSLeay calls PEM, which isn't really). Example: SSLCertificateFile /usr/local/apache/certs/my.server.pem What the process described in RedHat Sys. Admin. Guide Ch. 26.6-26.8 produces in the file ssl.conf located in /etc/httpd/conf.d/ used to configure SSL support is: SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt and SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key There is a file named server.crt in the specified location, and an server.key file in its corresponding location. Could this lack of a PEM-encoded server certificate, however it is produced, the root cause of httpd start failure? I have downloaded and installed openssl-0.9.8b and I have also now generated a privkey.pem and a cacert.pem and I have put them in the same directories as the ssl.conf file specified, and edited that file to reflect that, rebooted and httpd still fails to start. Regards,Rex Brooks
-- Rex Brooks President, CEO Starbourne Communications Design GeoAddress: 1361-A Addison Berkeley, CA 94702 Tel: 510-849-2309 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|