On Wed, Jul 10, 2013 at 10:51 AM, Nemrow, Jason <jason.nem...@enmu.edu> wrote:
> Yep. I disabled SELinux and everything is working now for ssl and apache. I
> will have to look later and study up on how to make SELinux work with this
> setup.
It's always selinux ;-)
If you install the selinux utilities (policycoreutils-python) then you
can use them to set up the security polices. Look in
/var/log/audit/audit.log for the offending lines and then use commands
like this, for example this is what I had to do to allow mysqld to
run:
sudo audit2allow -a -m mysqld > /tmp/mysqld.te
sudo checkmodule -M -m /tmp/mysqld.te -o /tmp/mysqld.mod
sudo semodule_package -o /tmp/mysqld.pp -m /tmp/mysqld.mod
sudo semodule -i /tmp/mysqld.pp
>
> -----Original Message-----
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf
> Of Larry Martell
> Sent: Tuesday, July 09, 2013 3:10 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] httpd ssl problems
>
> On Tue, Jul 9, 2013 at 3:06 PM, Nemrow, Jason <jason.nem...@enmu.edu> wrote:
>> -----Original Message-----
>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
>> Behalf Of Larry Martell
>> Sent: Tuesday, July 09, 2013 3:00 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] httpd ssl problems
>>
>> On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason <jason.nem...@enmu.edu> wrote:
>>> Not much of a noob, but I will try.
>>>
>>> I just configured httpd and installed mod_ssl and got my certificate from
>>> GoDaddy and put them on the server with ssl.conf pointing at them. I am
>>> getting this error:
>>>
>>> SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not
>>> exist or is empty
>>>
>>> It's a cute error. I have checked several times for misspellings, looked at
>>> the enmu.edu.crt file (looks like a cert to me) and I can certify that it
>>> is not empty and it most certainly exists. Want some proof? Here...
>>>
>>> [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224
>>> -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt
>>> -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt
>>> -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt
>>> -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt
>>> -rw-------. 1 root root 1164 Jul 8 14:33 localhost.crt
>>> -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert
>>> -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile
>>> -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr
>>> -rwxr-xr-x. 1 root root 1708 Jul 9 11:52
>>> www.enmu.edu.key<http://www.enmu.edu.key>
>>>
>>> Just for fun, I started playing with permissions, just in case that
>>> mattered (it didn't). You can see that enmu.edu.crt is there, where it is
>>> supposed to be, and is not empty.
>>>
>>> What would cause this error besides what it actually says?
>
>> Permissions on the dir? selinux?
>
>> Well, I don't see a problem with permissions on the directory (the certs
>> directory):
>>
>> [root@itsnv607 ~]# ls -l /etc/pki/tls
>> total 24
>> lrwxrwxrwx. 1 root root 19 Jul 8 14:31 cert.pem -> certs/ca-bundle.crt
>> drwxr-xr-x. 2 root root 4096 Jul 9 12:57 certs drwxr-xr-x. 2 root
>> root 4096 Jul 8 14:32 misc -rw-r--r--. 1 root root 10906 Oct 12
>> 2012 openssl.cnf drwxr-xr-x. 2 root root 4096 Jul 8 14:33 private
>>
>> I am reading up on SELinux to see if it's mucking things up...
>
> As a quick test you can disable it and see if that fixes it.
>
> echo 0 >/selinux/enforce
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> ________________________________
>
>
>
>
> Confidentiality Notice:
>
> This e-mail, including all attachments, is for the sole use of the intended
> recipient(s) and may contain confidential and privileged information as
> defined under FERPA. Any unauthorized review, use, disclosure or distribution
> is prohibited unless specifically provided under the New Mexico Inspection of
> Public Records Act. If you are not the intended recipient, please contact the
> sender and destroy all copies of this message
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
