Re: After replacing ssl certificate, apache fails to start but gives no error
I wrote: > I've updated my ssl public certificate and intermediate certificate > according to the instructions [...] > I also made sure the file permissions match. Now apache won't start, and > doesn't indicate any error: > Also, nothing shows up in /var/log/httpd/error_log, > /var/log/httpd/access_log (of course), or /var/log/messages. Okay, I figured it out. I tried breaking things until I found the same symptom. I found that when I used the wrong private key, it had the same symptom. Sure enough, that was the problem. The CSR I used to get the certificate signed by Verisign was for a different key. I now have a significantly better understanding of how the whole process works. Why doesn't modssl provide any error message or log entry? Is it insecure to use an old key pair? What's the appropriate thing to do -- create a new key pair (and a new CSR) each time you renew your signed certificate, or just re-use the old key pair and get a new signed certificate? Thanks, Rick Onanian Network Administrator Anna Maria College __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
After replacing ssl certificate, apache fails to start but gives no error
I've updated my ssl public certificate and intermediate certificate according to the instructions at http://www.verisign.com/support/ssl-certificates-support/page_dev019509.html I also made sure the file permissions match. Now apache won't start, and doesn't indicate any error: [EMAIL PROTECTED] root]# apachectl startssl Apache/2.0.55 mod_ssl/2.0.55 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server webamc.annamaria.edu:443 (RSA) Enter pass phrase: [EMAIL PROTECTED] root]# netstat -anp | grep 443 [EMAIL PROTECTED] root]# Also, nothing shows up in /var/log/httpd/error_log, /var/log/httpd/access_log (of course), or /var/log/messages. If I put the old certificate back, it works: [EMAIL PROTECTED] root]# apachectl startssl Apache/2.0.55 mod_ssl/2.0.55 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server webamc.annamaria.edu:443 (RSA) Enter pass phrase: [EMAIL PROTECTED] root]# netstat -anp | grep 443 tcp0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1197/httpd [EMAIL PROTECTED] root]# How can I troubleshoot this? I don't have any experience with modssl, I've inherited responsibility for this system. Our certificate expires in two days. :( Thanks, Rick Onanian Network Administrator Anna Maria College __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]