Thanks Richard,
I appreciate that you took the time to answer. So far you are the
only one. This installation is on RedHat Enterprise Linux4 and
Apache2.0 and I have tried the Key-Certificate generation
instructions detailed in the System Administration Guide Ch.
26.6-26.8,
I tried the freebsd instructions at the url you advised, and what
happened was that the certificate signing request could not open the
key. I have also downloaded and tried with openssl-0.9.8b. I was able
to generate the server.key and server.crt but httpd still does not
start.
The Admin Guide instructions also result in what ought to be a valid
server key in the ssl.key directory and a server.crt in the ssl.crt
directory as specified in the ssl.conf file in the /etc/httpd/conf
directory, but httpd still does not start
Here is the terminal output when attempting to start httpd:
[EMAIL PROTECTED] ~]# service httpd start
Starting httpd: [Mon May 08 06:20:21 2006] [warn] The Alias directive
in /etc/httpd/conf/httpd.conf at line 557 will probably never match
because it overlaps an earlier AliasMatch.
Warning: DocumentRoot [/home/xxx/jakarta-tomcat-5.0.28] does not exist
[FAILED]
[EMAIL PROTECTED] ~]#
Here is the httpd error_log for that sequence:
[Mon May 08 06:20:21 2006] [notice] core dump file size limit raised
to 4294967295 bytes
[Mon May 08 06:20:22 2006] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Mon May 08 06:20:22 2006] [error] Server should be SSL-aware but has
no certificate configured [Hint: SSLCertificateFile]
It's beginning to look like I will have to reinstall apache.
Regards,
Rex
what error are you getting?
Try following the instructions at this URL. They've
always worked for me:
http://www.corserv.com/freebsd/apache-ssl-howto.html
--- Rex Brooks <[EMAIL PROTECTED]> wrote:
Please see my previous post for details.
I said that mod_ssl was not installed, but a double
check showed that it is.
My question is only about filenames for
SSLCertificateFile and/or
SSLCertificateKeyFile.
ApacheSSL Documentation says at
http://www.apache-ssl.org/docs.html#SSLCertificateFile:
This is your PEM-encoded server certificate
(strictly, it is what
SSLeay calls PEM, which isn't really).
Example:
SSLCertificateFile
/usr/local/apache/certs/my.server.pem
What the process described in RedHat Sys. Admin.
Guide Ch. 26.6-26.8
produces in the file ssl.conf located in
/etc/httpd/conf.d/ used to
configure SSL support is:
SSLCertificateFile
/etc/httpd/conf/ssl.crt/server.crt
and
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/server.key
There is a file named server.crt in the specified
location, and an
server.key file in its corresponding location. Could
this lack of a
PEM-encoded server certificate, however it is
produced, the root
cause of httpd start failure?
I have downloaded and installed openssl-0.9.8b and I
have also now
generated a privkey.pem and a cacert.pem and I have
put them in the
same directories as the ssl.conf file specified, and
edited that file
to reflect that, rebooted and httpd still fails to
start.
Regards,
Rex Brooks
--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309
---------------------------------------------------------------------
The official User-To-User support forum of the
Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for
more info.
To unsubscribe, e-mail:
> [EMAIL PROTECTED]
" from the digest:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]