[CentOS] httpd ssl problems
Larry Martell
larry.martell at gmail.com
Tue Jul 9 21:09:52 UTC 2013
On Tue, Jul 9, 2013 at 3:06 PM, Nemrow, Jason <Jason.Nemrow at enmu.edu> wrote:
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Larry Martell
> Sent: Tuesday, July 09, 2013 3:00 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] httpd ssl problems
>
> On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason <Jason.Nemrow at enmu.edu> wrote:
>> Not much of a noob, but I will try.
>>
>> I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error:
>>
>> SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not
>> exist or is empty
>>
>> It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here...
>>
>> [root at itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224
>> -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt
>> -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt
>> -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt
>> -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt
>> -rw-------. 1 root root 1164 Jul 8 14:33 localhost.crt
>> -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert
>> -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile
>> -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr
>> -rwxr-xr-x. 1 root root 1708 Jul 9 11:52 www.enmu.edu.key<http://www.enmu.edu.key>
>>
>> Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty.
>>
>> What would cause this error besides what it actually says?
> Permissions on the dir? selinux?
> Well, I don't see a problem with permissions on the directory (the certs directory):
>
> [root at itsnv607 ~]# ls -l /etc/pki/tls
> total 24
> lrwxrwxrwx. 1 root root 19 Jul 8 14:31 cert.pem -> certs/ca-bundle.crt
> drwxr-xr-x. 2 root root 4096 Jul 9 12:57 certs
> drwxr-xr-x. 2 root root 4096 Jul 8 14:32 misc
> -rw-r--r--. 1 root root 10906 Oct 12 2012 openssl.cnf
> drwxr-xr-x. 2 root root 4096 Jul 8 14:33 private
>
> I am reading up on SELinux to see if it's mucking things up...
As a quick test you can disable it and see if that fixes it.
echo 0 >/selinux/enforce
More information about the CentOS
mailing list