Re: [CentOS] httpd ssl problems
I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty Try restorecon -Rv /etc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
Yep. I disabled SELinux and everything is working now for ssl and apache. I will have to look later and study up on how to make SELinux work with this setup. Thanks a Lot!!! Jason Nemrow Systems Operations Specialist Information Technology Services Eastern New Mexico University -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Larry Martell Sent: Tuesday, July 09, 2013 3:10 PM To: CentOS mailing list Subject: Re: [CentOS] httpd ssl problems On Tue, Jul 9, 2013 at 3:06 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Larry Martell Sent: Tuesday, July 09, 2013 3:00 PM To: CentOS mailing list Subject: Re: [CentOS] httpd ssl problems On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here... [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224 -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt -rw---. 1 root root 1164 Jul 8 14:33 localhost.crt -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr -rwxr-xr-x. 1 root root 1708 Jul 9 11:52 www.enmu.edu.keyhttp://www.enmu.edu.key Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty. What would cause this error besides what it actually says? Permissions on the dir? selinux? Well, I don't see a problem with permissions on the directory (the certs directory): [root@itsnv607 ~]# ls -l /etc/pki/tls total 24 lrwxrwxrwx. 1 root root19 Jul 8 14:31 cert.pem - certs/ca-bundle.crt drwxr-xr-x. 2 root root 4096 Jul 9 12:57 certs drwxr-xr-x. 2 root root 4096 Jul 8 14:32 misc -rw-r--r--. 1 root root 10906 Oct 12 2012 openssl.cnf drwxr-xr-x. 2 root root 4096 Jul 8 14:33 private I am reading up on SELinux to see if it's mucking things up... As a quick test you can disable it and see if that fixes it. echo 0 /selinux/enforce ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Confidentiality Notice: This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
On Wed, Jul 10, 2013 at 10:51 AM, Nemrow, Jason jason.nem...@enmu.edu wrote: Yep. I disabled SELinux and everything is working now for ssl and apache. I will have to look later and study up on how to make SELinux work with this setup. It's always selinux ;-) If you install the selinux utilities (policycoreutils-python) then you can use them to set up the security polices. Look in /var/log/audit/audit.log for the offending lines and then use commands like this, for example this is what I had to do to allow mysqld to run: sudo audit2allow -a -m mysqld /tmp/mysqld.te sudo checkmodule -M -m /tmp/mysqld.te -o /tmp/mysqld.mod sudo semodule_package -o /tmp/mysqld.pp -m /tmp/mysqld.mod sudo semodule -i /tmp/mysqld.pp -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Larry Martell Sent: Tuesday, July 09, 2013 3:10 PM To: CentOS mailing list Subject: Re: [CentOS] httpd ssl problems On Tue, Jul 9, 2013 at 3:06 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Larry Martell Sent: Tuesday, July 09, 2013 3:00 PM To: CentOS mailing list Subject: Re: [CentOS] httpd ssl problems On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here... [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224 -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt -rw---. 1 root root 1164 Jul 8 14:33 localhost.crt -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr -rwxr-xr-x. 1 root root 1708 Jul 9 11:52 www.enmu.edu.keyhttp://www.enmu.edu.key Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty. What would cause this error besides what it actually says? Permissions on the dir? selinux? Well, I don't see a problem with permissions on the directory (the certs directory): [root@itsnv607 ~]# ls -l /etc/pki/tls total 24 lrwxrwxrwx. 1 root root19 Jul 8 14:31 cert.pem - certs/ca-bundle.crt drwxr-xr-x. 2 root root 4096 Jul 9 12:57 certs drwxr-xr-x. 2 root root 4096 Jul 8 14:32 misc -rw-r--r--. 1 root root 10906 Oct 12 2012 openssl.cnf drwxr-xr-x. 2 root root 4096 Jul 8 14:33 private I am reading up on SELinux to see if it's mucking things up... As a quick test you can disable it and see if that fixes it. echo 0 /selinux/enforce ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Confidentiality Notice: This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
It's always selinux ;-) If you install the selinux utilities (policycoreutils-python) then you can use them to set up the security polices. Look in /var/log/audit/audit.log for the offending lines and then use commands like this, for example this is what I had to do to allow mysqld to run: sudo audit2allow -a -m mysqld /tmp/mysqld.te sudo checkmodule -M -m /tmp/mysqld.te -o /tmp/mysqld.mod sudo semodule_package -o /tmp/mysqld.pp -m /tmp/mysqld.mod sudo semodule -i /tmp/mysqld.pp Well always when you step outside normal practices... Where did you install that mysql from by the way as the base policy has mysql contexts and policies in place... In general your advice would work but it's bad practice... The above assumes what you want the application is trying to do is what you want to happen - this is probably not quite the case. For the OP it's likely to be the context of the certificates where you put them... copy them (not move) to somewhere like /etc/httpd so they get the context httpd_etc_t (in the alternative make a dedicated /etc/httpd/certs directory to support multiple certs for virtualhosts with a context of cert_t as this howto describes http://www.freeipa.org/page/Apache_SNI_With_Kerberos)... The http_t domain has permission to read that context type so that will work properly and the various bits restricted appropriately... As for your mysql I'm guessing it installed to /opt or /usr/local or had a version number in place such as /var/lib/mysql55 which took the files out of the standard locations and consequently the file contexts would have been incorrect as they would have inherited from those other locations probably resulting in mysqld in the wrong domain too (initrc_t perhaps or bin_t depending how it was started). Using the audit2allow -a -M etc method outlined above would then result in mysqld having too broad access or possibly other processes getting access to the mysql database files or config files improperly (depending on how the auto generated rule went). To fix that scenario given that the base selinux policy already has rules for mysql all you need to do is ensure that the right file contexts are on the files in the improper locations. First use semanage fcontext -l | grep mysql to get a list of all file contexts related to mysql. Then for each of these (there's only about 21) check to see where you custom install has put the equivalent file (eg /usr/libexec/mysqld might be in /usr/local/bin/mysqld or /opt/mysql/bin/msqld). With that knowledge in hand simply copy and paste the context to the new file for example: original from the list above:/usr/libexec/mysqldregular file system_u:object_r:mysqld_exec_t:s0 Add your new path: semanage fcontext -a -t mysqld_exec_t '/usr/local/bin/mysqld' restorecon -Rv /usr/local/bin/mysqld With the correct contexts on the files you should then be able start the service and it'll be properly confined in its correct domain. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
On Wed, Jul 10, 2013 at 12:23 PM, James Hogarth james.hoga...@gmail.com wrote: It's always selinux ;-) If you install the selinux utilities (policycoreutils-python) then you can use them to set up the security polices. Look in /var/log/audit/audit.log for the offending lines and then use commands like this, for example this is what I had to do to allow mysqld to run: sudo audit2allow -a -m mysqld /tmp/mysqld.te sudo checkmodule -M -m /tmp/mysqld.te -o /tmp/mysqld.mod sudo semodule_package -o /tmp/mysqld.pp -m /tmp/mysqld.mod sudo semodule -i /tmp/mysqld.pp Well always when you step outside normal practices... Where did you install that mysql from by the way as the base policy has mysql contexts and policies in place... I got from just doing 'yum install mysql' I don't have access to that system any more to see where it got installed. In general your advice would work but it's bad practice... The above assumes what you want the application is trying to do is what you want to happen - this is probably not quite the case. For the OP it's likely to be the context of the certificates where you put them... copy them (not move) to somewhere like /etc/httpd so they get the context httpd_etc_t (in the alternative make a dedicated /etc/httpd/certs directory to support multiple certs for virtualhosts with a context of cert_t as this howto describes http://www.freeipa.org/page/Apache_SNI_With_Kerberos)... The http_t domain has permission to read that context type so that will work properly and the various bits restricted appropriately... As for your mysql I'm guessing it installed to /opt or /usr/local or had a version number in place such as /var/lib/mysql55 which took the files out of the standard locations and consequently the file contexts would have been incorrect as they would have inherited from those other locations probably resulting in mysqld in the wrong domain too (initrc_t perhaps or bin_t depending how it was started). Using the audit2allow -a -M etc method outlined above would then result in mysqld having too broad access or possibly other processes getting access to the mysql database files or config files improperly (depending on how the auto generated rule went). To fix that scenario given that the base selinux policy already has rules for mysql all you need to do is ensure that the right file contexts are on the files in the improper locations. First use semanage fcontext -l | grep mysql to get a list of all file contexts related to mysql. Then for each of these (there's only about 21) check to see where you custom install has put the equivalent file (eg /usr/libexec/mysqld might be in /usr/local/bin/mysqld or /opt/mysql/bin/msqld). With that knowledge in hand simply copy and paste the context to the new file for example: original from the list above:/usr/libexec/mysqldregular file system_u:object_r:mysqld_exec_t:s0 Add your new path: semanage fcontext -a -t mysqld_exec_t '/usr/local/bin/mysqld' restorecon -Rv /usr/local/bin/mysqld With the correct contexts on the files you should then be able start the service and it'll be properly confined in its correct domain. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
I got from just doing 'yum install mysql' I don't have access to that system any more to see where it got installed. Well that's very weird as selinux enabled mysql is supported right out of the box under those conditions... Unless this was the early EL5 days whilst Red Hat and co were still in the process of writing a lot of the policies... but then with the targeted policy in place until they wrote an actual policy it still wouldn't be restricted... Ah well that's the end of that ;) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
On 07/10/2013 09:51 AM, Nemrow, Jason wrote: Yep. I disabled SELinux and everything is working now for ssl and apache. I will have to look later and study up on how to make SELinux work with this setup. restorecon -R -v /etc/pki/tls It sounds like you saved the crt file somewhere else first, and then used mv to place it in /etc/pki/tls/certs. Use cp instead. A file that's moved will keep its original SELinux context. A file that's copied will be a new file, and will get its context from the parent directory. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] httpd ssl problems
Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here... [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224 -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt -rw---. 1 root root 1164 Jul 8 14:33 localhost.crt -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr -rwxr-xr-x. 1 root root 1708 Jul 9 11:52 www.enmu.edu.keyhttp://www.enmu.edu.key Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty. What would cause this error besides what it actually says? Jason Nemrow Systems Operations Specialist Information Technology Services Eastern New Mexico University Confidentiality Notice: This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here... [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224 -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt -rw---. 1 root root 1164 Jul 8 14:33 localhost.crt -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr -rwxr-xr-x. 1 root root 1708 Jul 9 11:52 www.enmu.edu.keyhttp://www.enmu.edu.key Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty. What would cause this error besides what it actually says? Jason Nemrow Systems Operations Specialist Information Technology Services Eastern New Mexico University Permissions on the dir? selinux? -larry in Santa Fe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Larry Martell Sent: Tuesday, July 09, 2013 3:00 PM To: CentOS mailing list Subject: Re: [CentOS] httpd ssl problems On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here... [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224 -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt -rw---. 1 root root 1164 Jul 8 14:33 localhost.crt -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr -rwxr-xr-x. 1 root root 1708 Jul 9 11:52 www.enmu.edu.keyhttp://www.enmu.edu.key Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty. What would cause this error besides what it actually says? Jason Nemrow Systems Operations Specialist Information Technology Services Eastern New Mexico University Permissions on the dir? selinux? -larry in Santa Fe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Well, I don't see a problem with permissions on the directory (the certs directory): [root@itsnv607 ~]# ls -l /etc/pki/tls total 24 lrwxrwxrwx. 1 root root19 Jul 8 14:31 cert.pem - certs/ca-bundle.crt drwxr-xr-x. 2 root root 4096 Jul 9 12:57 certs drwxr-xr-x. 2 root root 4096 Jul 8 14:32 misc -rw-r--r--. 1 root root 10906 Oct 12 2012 openssl.cnf drwxr-xr-x. 2 root root 4096 Jul 8 14:33 private I am reading up on SELinux to see if it's mucking things up... Jason Nemrow Systems Operations Specialist Information Technology Services Eastern New Mexico University Confidentiality Notice: This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the New Mexico Inspection of Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
On Tue, Jul 9, 2013 at 3:06 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Larry Martell Sent: Tuesday, July 09, 2013 3:00 PM To: CentOS mailing list Subject: Re: [CentOS] httpd ssl problems On Tue, Jul 9, 2013 at 2:56 PM, Nemrow, Jason jason.nem...@enmu.edu wrote: Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here... [root@itsnv607 ~]# ls -l /etc/pki/tls/certs total 1224 -rw-r--r--. 1 root root 571450 Apr 7 2010 ca-bundle.crt -rw-r--r--. 1 root root 651083 Apr 7 2010 ca-bundle.trust.crt -rw-r--r--. 1 apache apache 1874 Jul 9 11:54 enmu.edu.crt -rwxr-xr-x. 1 root root 3197 Jul 9 11:54 gd_bundle.crt -rw---. 1 root root 1164 Jul 8 14:33 localhost.crt -rwxr-xr-x. 1 root root 610 Feb 21 16:45 make-dummy-cert -rw-r--r--. 1 root root 2242 Feb 21 16:45 Makefile -rwxr-xr-x. 1 root root 1131 Jul 9 11:52 www.enmu.edu.csr -rwxr-xr-x. 1 root root 1708 Jul 9 11:52 www.enmu.edu.keyhttp://www.enmu.edu.key Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty. What would cause this error besides what it actually says? Permissions on the dir? selinux? Well, I don't see a problem with permissions on the directory (the certs directory): [root@itsnv607 ~]# ls -l /etc/pki/tls total 24 lrwxrwxrwx. 1 root root19 Jul 8 14:31 cert.pem - certs/ca-bundle.crt drwxr-xr-x. 2 root root 4096 Jul 9 12:57 certs drwxr-xr-x. 2 root root 4096 Jul 8 14:32 misc -rw-r--r--. 1 root root 10906 Oct 12 2012 openssl.cnf drwxr-xr-x. 2 root root 4096 Jul 8 14:33 private I am reading up on SELinux to see if it's mucking things up... As a quick test you can disable it and see if that fixes it. echo 0 /selinux/enforce ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] httpd ssl problems
Nemrow, Jason wrote: Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here... [root@itsnv607 ~]# ls -l /etc/pki/tls/certs First, could you do ls -la /etc/pki/tls/certs? I'd like to know if the directory was readable/executable for apache. Just for fun, I started playing with permissions, just in case that mattered (it didn't). You can see that enmu.edu.crt is there, where it is supposed to be, and is not empty. What would cause this error besides what it actually says? Also, run getenforce mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
