[NCLUG] Apache/mod_ssl question
Rich Young
rich at experienceplus.com
Tue Mar 16 15:10:07 MST 2004
apachectl configtest didn't do much for me -- just verified that there
are no invalid directives in the configuration files. It wasn't a
surprise, but it's nice to know that.
Following the instructions at
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#verify, I verified
that the currently installed cert and key match. I don't see much else
in the SSL FAQ that looks applicable to this situation.
openssl s_client is providing much more information now. I appear to
have some sort of break in the CA chain - again, a bit mystifying
because I don't remember messing with this in the first place....
Anyway, I'm fooling around with the SSLCertificateChainFile and
SSLCACertificateFile directives, trying to get rid of the errors I'm
seeing (#'s 20 and 19, mostly -- both indicating that there's something
wrong with the CA, if I'm reading the errors & google output correctly.)
Right now, my plan is to come in during the wee hours, back up my cert,
key, web site, and current config files, and uninstall/reinstall apache.
Then I'll work with the fresh config to bring the site back up and get
it working with the key. Unless somebody else has a better idea ;^)
Thanks again, Steve.
--Rich
> I forgot to mention the '-debug' flag to the s_client command.
> That will give you some more diagnostics.
>
> Also, 'apachectl configtest' can help sort out any problems
> with the Apache configuration file.
>
> Good luck, and let us know what the resolution was.
More information about the NCLUG
mailing list