[CentOS] httpd ssl problems

Larry Martell larry.martell at gmail.com
Tue Jul 9 21:09:52 UTC 2013 

On Tue, Jul 9, 2013 at 3:06 PM, Nemrow, Jason <Jason.Nemrow at enmu.edu> wrote:
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Larry Martell
> Sent: Tuesday, July 09, 2013 3:00 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] httpd ssl problems
>
> On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason <Jason.Nemrow at enmu.edu> wrote:
>> Not much of a noob, but I will try.
>>
>> I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them.  I am getting this error:
>>
>> SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not
>> exist or is empty
>>
>> It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here...
>>
>> [root at itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224
>> -rw-r--r--. 1 root   root   571450 Apr  7  2010 ca-bundle.crt
>> -rw-r--r--. 1 root   root   651083 Apr  7  2010 ca-bundle.trust.crt
>> -rw-r--r--. 1 apache apache   1874 Jul  9 11:54 enmu.edu.crt
>> -rwxr-xr-x. 1 root   root     3197 Jul  9 11:54 gd_bundle.crt
>> -rw-------. 1 root   root     1164 Jul  8 14:33 localhost.crt
>> -rwxr-xr-x. 1 root   root      610 Feb 21 16:45 make-dummy-cert
>> -rw-r--r--. 1 root   root     2242 Feb 21 16:45 Makefile
>> -rwxr-xr-x. 1 root   root     1131 Jul  9 11:52 www.enmu.edu.csr
>> -rwxr-xr-x. 1 root   root     1708 Jul  9 11:52 www.enmu.edu.key<http://www.enmu.edu.key>
>>
>> Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty.
>>
>> What would cause this error besides what it actually says?

> Permissions on the dir? selinux?

> Well, I don't see a problem with permissions on the directory (the certs directory):
>
> [root at itsnv607 ~]# ls -l /etc/pki/tls
> total 24
> lrwxrwxrwx. 1 root root    19 Jul  8 14:31 cert.pem -> certs/ca-bundle.crt
> drwxr-xr-x. 2 root root  4096 Jul  9 12:57 certs
> drwxr-xr-x. 2 root root  4096 Jul  8 14:32 misc
> -rw-r--r--. 1 root root 10906 Oct 12  2012 openssl.cnf
> drwxr-xr-x. 2 root root  4096 Jul  8 14:33 private
>
> I am reading up on SELinux to see if it's mucking things up...

As a quick test you can disable it and see if that fixes it.

echo 0 >/selinux/enforce

More information about the CentOS mailing list