I'm having trouble trying to install a new SSL certificate for Apache2. We have regular traffic running on port 80, SSL running on 443.
I modified httpd.conf, only renaming /etc/httpd/conf/2009certs/
to /etc/httpd/conf/2010certs/
:
# This parameter already existed as-is
SSLEngine on
# These are the parameters I changed (already existed w/ diff paths.)
SSLCertificateFile /etc/httpd/conf/2010certs/server.crt
SSLCertificateKeyFile /etc/httpd/conf/2010certs/server.key
SSLCertificateChainFile /etc/httpd/conf/2010certs/intermediate.pem
SSLCACertificateFile /etc/httpd/conf/2010certs/gs_root.pem
# Other parameters here; ServerAdmin, DocumentRoot, ServerName, ErrorLog, etc....
Another VirtualHost block exists for *:80
, but no changes were made to that area.
After saving httpd.conf with the new cert paths, commenting out the old 2009 paths, and attempting to restart apache, I get the following in /var/log/httpd/error_log
and httpd
fails to start:
You configured HTTP(80) on the
standard HTTPS(443) port!
Nothing was changed except the certificate paths, and te issue disappears after changing httpd.conf back to use the old certificates.
What could be causing this?
Answer
The problem ended up being due to the presence of a pass phrase on the RSA private key-file server.key -- the apache start scripts were not configured to provide one.
I'm not quite sure why this resulted in the error message above. I'm guessing that apache fell back to a different VirtualHost configuration on port 80 when it failed to read the SSL private key file and couldn't start as HTTPS on 443.
No comments:
Post a Comment