I added the last couple of messages in this
thread back into the last reply to which I am
responding.
I was busy all week with the OASIS Symposium 2006.
I want to be clear that I have Apache2.0
installed on RedHatEnterprise Linux using all the
included packages. The location of the
SSLCertificateFile and SSLCertificateKeyFile
match the locations in ssl.conf file in the
conf.d directory from which all .conf files are
loaded by httpd.conf.
The error message I get in the error log when
attempting to start httpd remains:
[Mon May 08 06:20:22 2006] [error] Server should
be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
So I am missing something because it seems to me
the I have the certificate configured correctly.
My intention to reintall apache was thwarted when
I unchecked the webserver from the Add or Remove
Packages list and clicked update, I got the
message: Package Not Found: php required by
<'php-pear', '4.3.9, '3.6').
This is an anomaly similar to the message I get
that DocumentRoot
/home/rexb/jakarta-tomcat-5.0.28 does not exist.
So, for now I can't even reinstall Apache and
then rebuild the portal and registry.
So, I am back to asking if I am missing something
in the configuration of the certificate or
pointing to it.
Please note that I tried several ways to build
and references Certificate-Key files.
Regards,
Rex
At 2:42 PM +0200 5/9/06, Axel-Stéphane SMORGRAV wrote:
No need to reinstall Apache. This is only a configuration issue.
You need to tell Apache where to find the
- Server certificate
- Private key associated with the server certificate
- CA Certificate
From your httpd.conf file, you probably include
a configuration file called ssl.conf. This
include directive may be enclosed within a
condition like <IfDefine SSL>. Chances are that
the SSL variable is not defined and therefore
the ssl.conf file is not loaded. You can remove
this condition altogether (and the associated
</IfDefine>), or you can start Apache with the
command "apachectl startssl" rather than
"apachectl start".
The module mod_info is very useful for
determining exactly what configuation directives
have been loaded into Apache by requesting
http://myserver.mydomain.com/server-info which
will give you a list of all loaded modules and
all associated configuration directives.
-ascs
-----Original Message-----
From: Rex Brooks [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 09, 2006 2:10 PM
To: Richard de Vries
Cc: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Correction &
Question: SSLCertificateFile: RedHat (RHEL4)
apache startup failure:
ebxml-registry-repository on tomcat on port
6480, with Mambo LAMP Portal on port 8080:
Despite Self-Signed Cert: [error] Server should
be SSL-aware but ha
Here is the httpd error_log for that sequence:
[Mon May 08 06:20:21 2006] [notice] core dump file size limit raised
to 4294967295 bytes
[Mon May 08 06:20:22 2006] [notice] suEXEC mechanism enabled
(wrapper: /usr/sbin/suexec)
[Mon May 08 06:20:22 2006] [error] Server should be SSL-aware but has
no certificate configured [Hint: SSLCertificateFile]
It's beginning to look like I will have to reinstall apache.
Regards,
Rex
Thanks Richard,
I appreciate that you took the time to answer. So
far you are the only one. This installation is on
RedHat Enterprise Linux4 and Apache2.0 and I have
tried the Key-Certificate generation instructions
detailed in the System Administration Guide Ch.
26.6-26.8,
I tried the freebsd instructions at the url you
advised, and what happened was that the
certificate signing request could not open the
key. I have also downloaded and tried with
openssl-0.9.8b. I was able to generate the
server.key and server.crt but httpd still does
not start.
The Admin Guide instructions also result in what
ought to be a valid server key in the ssl.key
directory and a server.crt in the ssl.crt
directory as specified in the ssl.conf file in
the /etc/httpd/conf directory, but httpd still
does not start
Here is the terminal output when attempting to start httpd:
[EMAIL PROTECTED] ~]# service httpd start
Starting httpd: [Mon May 08 06:20:21 2006] [warn]
The Alias directive in /etc/httpd/conf/httpd.conf
at line 557 will probably never match because it
overlaps an earlier AliasMatch.
Warning: DocumentRoot [/home/xxx/jakarta-tomcat-5.0.28] does not exist
[FAILED]
[EMAIL PROTECTED] ~]#
Here is the httpd error_log for that sequence:
[Mon May 08 06:20:21 2006] [notice] core dump
file size limit raised to 4294967295 bytes
[Mon May 08 06:20:22 2006] [notice] suEXEC
mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon May 08 06:20:22 2006] [error] Server should
be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
It's beginning to look like I will have to reinstall apache.
Regards,
Rex
what error are you getting?
Try following the instructions at this URL. They've
always worked for me:
http://www.corserv.com/freebsd/apache-ssl-howto.html
--- Rex Brooks <[EMAIL PROTECTED]> wrote:
Please see my previous post for details.
I said that mod_ssl was not installed, but a double
check showed that it is.
My question is only about filenames for
SSLCertificateFile and/or
SSLCertificateKeyFile.
ApacheSSL Documentation says at
http://www.apache-ssl.org/docs.html#SSLCertificateFile:
This is your PEM-encoded server certificate
(strictly, it is what
SSLeay calls PEM, which isn't really).
Example:
SSLCertificateFile
/usr/local/apache/certs/my.server.pem
What the process described in RedHat Sys. Admin.
Guide Ch. 26.6-26.8
produces in the file ssl.conf located in
/etc/httpd/conf.d/ used to
configure SSL support is:
SSLCertificateFile
/etc/httpd/conf/ssl.crt/server.crt
and
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/server.key
There is a file named server.crt in the specified
location, and an
server.key file in its corresponding location. Could
this lack of a
PEM-encoded server certificate, however it is
produced, the root
cause of httpd start failure?
I have downloaded and installed openssl-0.9.8b and I
have also now
generated a privkey.pem and a cacert.pem and I have
put them in the
same directories as the ssl.conf file specified, and
edited that file
to reflect that, rebooted and httpd still fails to
start.
Regards,
Rex Brooks
--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
