1

I'm trying to install the certificates are purchased from Thirdparty. Received the following error in the log and nothing else. I'm unable to find a similar solution and the ssl site is not accessible.

Server Environment

Server version: Apache/2.4.6 (CentOS) Server built: Apr 24 2019 13:45:48

The following are my configuration file

/etc/httpd/conf.d/ssl.conf

Listen 443 https SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 SSLCryptoDevice builtin #SSLCryptoDevice ubsec <VirtualHost _default_:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLHonorCipherOrder on SSLCertificateFile /var/www/html/cert/2246172_abc.com_public.crt SSLCertificateKeyFile /var/www/html/cert/2246172_abc.com.key SSLCertificateChainFile /var/www/html/cert/2246172_abc.com_chain.crt <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>

/etc/httpd/sites-available/abc.com.conf

<VirtualHost abc.com:80> ServerName abc.com ServerAlias www.abc.com DocumentRoot /var/www/html/yangmao/public ErrorLog /var/www/html/log/error.log CustomLog /var/www/html/log/requests.log combined <Directory "/var/www/html/yangmao/public"> Allowoverride All </Directory> </VirtualHost> <VirtualHost abc.com:443> SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLHonorCipherOrder on SSLCertificateFile /var/www/html/cert/2246172_abc.com_public.crt SSLCertificateKeyFile /var/www/html/cert/2246172_abc.com.key SSLCertificateChainFile /var/www/html/cert/2246172_abc.com_chain.crt ServerName abc.com ServerAlias www.abc.com DocumentRoot /var/www/html/yangmao/public ErrorLog /var/www/html/log/error.log CustomLog /var/www/html/log/requests.log combined <Directory "/var/www/html/yangmao/public"> Allowoverride All </Directory> </VirtualHost>

UPDATE

Info in the /etc/httpd/log/error_log

[Thu May 23 01:43:24.475306 2019] [mpm_event:notice] [pid 4036:tid 139917334841472] AH00492: caught SIGWINCH, shutting down gracefully [Thu May 23 01:43:25.588508 2019] [suexec:notice] [pid 4357:tid 140179837872256] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu May 23 01:43:25.589750 2019] [ssl:warn] [pid 4357:tid 140179837872256] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu May 23 01:43:25.653936 2019] [auth_digest:notice] [pid 4357:tid 140179837872256] AH01757: generating secret for digest authentication ... [Thu May 23 01:43:25.654491 2019] [lbmethod_heartbeat:notice] [pid 4357:tid 140179837872256] AH02282: No slotmem from mod_heartmonitor [Thu May 23 01:43:25.655781 2019] [ssl:warn] [pid 4357:tid 140179837872256] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366) [Thu May 23 01:43:25.720059 2019] [mpm_event:notice] [pid 4357:tid 140179837872256] AH00489: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.18 configured -- resuming normal operations [Thu May 23 01:43:25.720096 2019] [core:notice] [pid 4357:tid 140179837872256] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

Info in the /etc/httpd/log/ssl_error_log

[Thu May 23 01:43:25.588891 2019] [ssl:info] [pid 4357:tid 140179837872256] AH02200: Loading certificate & private key of SSL-aware server 'abc.com:443' [Thu May 23 01:43:25.589012 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required [Thu May 23 01:43:25.589423 2019] [ssl:info] [pid 4357:tid 140179837872256] AH01914: Configuring server abc.com:443 for SSL protocol [Thu May 23 01:43:25.589581 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate) [Thu May 23 01:43:25.589587 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling [Thu May 23 01:43:25.589591 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate [Thu May 23 01:43:25.589670 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_util_ssl.c(495): AH02412: [abc.com:443] Cert matches for name 'abc.com' [subject: CN=abc.com / iss$ [Thu May 23 01:43:25.589676 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(988): AH02236: Configuring RSA server private key [Thu May 23 01:43:25.654838 2019] [ssl:info] [pid 4357:tid 140179837872256] AH02200: Loading certificate & private key of SSL-aware server 'abc.com:443' [Thu May 23 01:43:25.654954 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required [Thu May 23 01:43:25.655470 2019] [ssl:info] [pid 4357:tid 140179837872256] AH01914: Configuring server abc.com:443 for SSL protocol [Thu May 23 01:43:25.655623 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate) [Thu May 23 01:43:25.655630 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling [Thu May 23 01:43:25.655634 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate [Thu May 23 01:43:25.655704 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_util_ssl.c(495): AH02412: [abc.com:443] Cert matches for name 'abc.com' [subject: CN=abc.com / iss$ [Thu May 23 01:43:25.655710 2019] [ssl:debug] [pid 4357:tid 140179837872256] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
Improve this question
1
  • It seems to be working now, according to your new log. Are you actually having a problem now? Commented May 22, 2019 at 18:09

1 Answer 1

Reset to default
2

It looks that you placed certificate files inside Public html diretory: /var/www/html/cert/...

This may be security measure to prevent of using such certificates.

Move cert diretory one level up:

mv /var/www/html/cert /var/www/

set the readable for apache user (Ubuntu and debian systems use user www-data)

chown -R apache /var/www/cert

Change the config files accordingly, and change vhost configuration to look like:

<VirtualHost *:443> ... ServerName abc.com ServerAlias www.abc.com ...

Note * instead of hostname!

And restart apache:

apachectl graceful

Check the https:// .... url.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.