Andy Hawkins wrote:
Hi,
I renewed an SSL certificate today, and replaced the server's .crt file (the
one pointed to by the 'SSLCertificateFile' parameter in the server's
config). However, when I restarted the server (apachectl restart, server is
v1.3.34) requests to the server still seemed to return the original
certificate.
I got around this by rebooting the server, but this seems a little drastic!
Can anyone tell me what I need to do to get new certificates recognised?
FWIW, in my experience, installing or changing an SSL cert on an Apache
1 server requires a stop and start (restart/reload won't work). Now
this is using apache-ssl (as opposed to mod_ssl), but it sounds the same
for your situation.
Perhaps it has to due with apache no longer having root permissions
after it has started (I believe a restart just sends a SIGHUP to the
process), and it wants to reload both the cert and private key (private
keys SHOULD only be readable by root, if secured properly). This is all
speculation on my part though.
--
Justin Pasher
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
