[CentOS] httpd ssl problems

2013-07-09 Thread Nemrow, Jason 
Not much of a noob, but I will try.

I just configured httpd and installed mod_ssl and got my certificate from 
GoDaddy and put them on the server with ssl.conf pointing at them.  I am 
getting this error:

SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is 
empty

It's a cute error. I have checked several times for misspellings, looked at the 
enmu.edu.crt file (looks like a cert to me) and I can certify that it is not 
empty and it most certainly exists. Want some proof? Here...

[root@itsnv607 ~]# ls -l /etc/pki/tls/certs
total 1224
-rw-r--r--. 1 root   root   571450 Apr  7  2010 ca-bundle.crt
-rw-r--r--. 1 root   root   651083 Apr  7  2010 ca-bundle.trust.crt
-rw-r--r--. 1 apache apache   1874 Jul  9 11:54 enmu.edu.crt
-rwxr-xr-x. 1 root   root 3197 Jul  9 11:54 gd_bundle.crt
-rw---. 1 root   root 1164 Jul  8 14:33 localhost.crt
-rwxr-xr-x. 1 root   root  610 Feb 21 16:45 make-dummy-cert
-rw-r--r--. 1 root   root 2242 Feb 21 16:45 Makefile
-rwxr-xr-x. 1 root   root 1131 Jul  9 11:52 www.enmu.edu.csr
-rwxr-xr-x. 1 root   root 1708 Jul  9 11:52 
www.enmu.edu.key

Just for fun, I started playing with permissions, just in case that mattered 
(it didn't). You can see that enmu.edu.crt is there, where it is supposed to 
be, and is not empty.

What would cause this error besides what it actually says?

Jason Nemrow
Systems Operations Specialist
Information Technology Services
Eastern New Mexico University







Confidentiality Notice:

This e-mail, including all attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information as defined 
under FERPA. Any unauthorized review, use, disclosure or distribution is 
prohibited unless specifically provided under the New Mexico Inspection of 
Public Records Act. If you are not the intended recipient, please contact the 
sender and destroy all copies of this message
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] httpd ssl problems

2013-07-09 Thread Nemrow, Jason 
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Larry Martell
Sent: Tuesday, July 09, 2013 3:00 PM
To: CentOS mailing list
Subject: Re: [CentOS] httpd ssl problems

On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason  wrote:
> Not much of a noob, but I will try.
>
> I just configured httpd and installed mod_ssl and got my certificate from 
> GoDaddy and put them on the server with ssl.conf pointing at them.  I am 
> getting this error:
>
> SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not
> exist or is empty
>
> It's a cute error. I have checked several times for misspellings, looked at 
> the enmu.edu.crt file (looks like a cert to me) and I can certify that it is 
> not empty and it most certainly exists. Want some proof? Here...
>
> [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224
> -rw-r--r--. 1 root   root   571450 Apr  7  2010 ca-bundle.crt
> -rw-r--r--. 1 root   root   651083 Apr  7  2010 ca-bundle.trust.crt
> -rw-r--r--. 1 apache apache   1874 Jul  9 11:54 enmu.edu.crt
> -rwxr-xr-x. 1 root   root 3197 Jul  9 11:54 gd_bundle.crt
> -rw---. 1 root   root 1164 Jul  8 14:33 localhost.crt
> -rwxr-xr-x. 1 root   root  610 Feb 21 16:45 make-dummy-cert
> -rw-r--r--. 1 root   root 2242 Feb 21 16:45 Makefile
> -rwxr-xr-x. 1 root   root 1131 Jul  9 11:52 www.enmu.edu.csr
> -rwxr-xr-x. 1 root   root 1708 Jul  9 11:52 
> www.enmu.edu.key<http://www.enmu.edu.key>
>
> Just for fun, I started playing with permissions, just in case that mattered 
> (it didn't). You can see that enmu.edu.crt is there, where it is supposed to 
> be, and is not empty.
>
> What would cause this error besides what it actually says?
>
> Jason Nemrow
> Systems Operations Specialist
> Information Technology Services
> Eastern New Mexico University


Permissions on the dir? selinux?

-larry in Santa Fe
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--

Well, I don't see a problem with permissions on the directory (the certs 
directory):

[root@itsnv607 ~]# ls -l /etc/pki/tls
total 24
lrwxrwxrwx. 1 root root19 Jul  8 14:31 cert.pem -> certs/ca-bundle.crt
drwxr-xr-x. 2 root root  4096 Jul  9 12:57 certs
drwxr-xr-x. 2 root root  4096 Jul  8 14:32 misc
-rw-r--r--. 1 root root 10906 Oct 12  2012 openssl.cnf
drwxr-xr-x. 2 root root  4096 Jul  8 14:33 private

I am reading up on SELinux to see if it's mucking things up...

Jason Nemrow
Systems Operations Specialist
Information Technology Services
Eastern New Mexico University








Confidentiality Notice:

This e-mail, including all attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information as defined 
under FERPA. Any unauthorized review, use, disclosure or distribution is 
prohibited unless specifically provided under the New Mexico Inspection of 
Public Records Act. If you are not the intended recipient, please contact the 
sender and destroy all copies of this message
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] httpd ssl problems

2013-07-10 Thread Nemrow, Jason 
Yep. I disabled SELinux and everything is working now for ssl and apache.  I 
will have to look later and study up on how to make SELinux work with this 
setup.

Thanks a Lot!!!

Jason Nemrow
Systems Operations Specialist
Information Technology Services
Eastern New Mexico University


-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Larry Martell
Sent: Tuesday, July 09, 2013 3:10 PM
To: CentOS mailing list
Subject: Re: [CentOS] httpd ssl problems

On Tue, Jul 9, 2013 at 3:06 PM, Nemrow, Jason  wrote:
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of Larry Martell
> Sent: Tuesday, July 09, 2013 3:00 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] httpd ssl problems
>
> On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason  wrote:
>> Not much of a noob, but I will try.
>>
>> I just configured httpd and installed mod_ssl and got my certificate from 
>> GoDaddy and put them on the server with ssl.conf pointing at them.  I am 
>> getting this error:
>>
>> SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not
>> exist or is empty
>>
>> It's a cute error. I have checked several times for misspellings, looked at 
>> the enmu.edu.crt file (looks like a cert to me) and I can certify that it is 
>> not empty and it most certainly exists. Want some proof? Here...
>>
>> [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224
>> -rw-r--r--. 1 root   root   571450 Apr  7  2010 ca-bundle.crt
>> -rw-r--r--. 1 root   root   651083 Apr  7  2010 ca-bundle.trust.crt
>> -rw-r--r--. 1 apache apache   1874 Jul  9 11:54 enmu.edu.crt
>> -rwxr-xr-x. 1 root   root 3197 Jul  9 11:54 gd_bundle.crt
>> -rw---. 1 root   root 1164 Jul  8 14:33 localhost.crt
>> -rwxr-xr-x. 1 root   root  610 Feb 21 16:45 make-dummy-cert
>> -rw-r--r--. 1 root   root 2242 Feb 21 16:45 Makefile
>> -rwxr-xr-x. 1 root   root 1131 Jul  9 11:52 www.enmu.edu.csr
>> -rwxr-xr-x. 1 root   root 1708 Jul  9 11:52 
>> www.enmu.edu.key<http://www.enmu.edu.key>
>>
>> Just for fun, I started playing with permissions, just in case that mattered 
>> (it didn't). You can see that enmu.edu.crt is there, where it is supposed to 
>> be, and is not empty.
>>
>> What would cause this error besides what it actually says?

> Permissions on the dir? selinux?

> Well, I don't see a problem with permissions on the directory (the certs 
> directory):
>
> [root@itsnv607 ~]# ls -l /etc/pki/tls
> total 24
> lrwxrwxrwx. 1 root root19 Jul  8 14:31 cert.pem -> certs/ca-bundle.crt
> drwxr-xr-x. 2 root root  4096 Jul  9 12:57 certs drwxr-xr-x. 2 root
> root  4096 Jul  8 14:32 misc -rw-r--r--. 1 root root 10906 Oct 12
> 2012 openssl.cnf drwxr-xr-x. 2 root root  4096 Jul  8 14:33 private
>
> I am reading up on SELinux to see if it's mucking things up...

As a quick test you can disable it and see if that fixes it.

echo 0 >/selinux/enforce
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos






Confidentiality Notice:

This e-mail, including all attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information as defined 
under FERPA. Any unauthorized review, use, disclosure or distribution is 
prohibited unless specifically provided under the New Mexico Inspection of 
Public Records Act. If you are not the intended recipient, please contact the 
sender and destroy all copies of this message
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos