[users@httpd] Apache Doesn't See My SSLCACertificateFile

Wed, 07 Apr 2010 07:48:15 -0700 

I have Apache running on my RHEL 5.4 web server and when someone goes
to my website, they get a scary warning that tells them my secure site
isn't safe because it can't be validated by a CA. I contacted my CA
(Verisign) today and was told that my web server (Apache) isn't
properly rendering my 'intermediate' certificate. I clearly show
Apache is properly displaying my public certificate and can read my
private SSL key so I don't know why it's missing the
SSLCACertificateFile entry from my httpd.conf file: My entry looks as
follows in 'httpd.conf':

<VirtualHost *:443>
        DocumentRoot /var/www/html/int/main
        ServerName www.mydomain.tld:443
        ServerAdmin webmas...@mydomain.tld
        ErrorLog /var/log/httpd/www.mydomain.tld-int-error_log
        TransferLog /var/log/httpd/www.mydomain.tld-int-access_log
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        #SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/httpd/conf/ssl/www.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl/www.key
        SSLCACertificateFile /etc/httpd/conf/ssl/intermediate.crt

Now I starting to look around and noticed I also have a
/etc/httpd/conf.d/ssl.conf file and it too has a section to list SSL
parameter/path. I am wondering if I need to also add my SSL www.crt,
www.key, and intermediate.crt in the 'ssl.con' file also? Or could it
be that simply that Apache doesn't have permissions to properly render
the 'intermediate.crt' which makes no sense to me since it can see the
www.crt & www.key fine and they all have the same permissions:

[r...@ideweb1 ssl]# ls -la
total 24
dr-------- 2 root root 4096 Mar 26 14:36 .
drwxr-xr-x 3 root root 4096 Apr  7 10:46 ..
-r-------- 1 root root 1659 Jul 21  2009 intermediate.crt
-r-------- 1 root root 1936 Mar 26 14:36 www.crt
-r-------- 1 root root  887 Feb 11  2009 www.key
-r-------- 1 root root 1931 Mar 26 14:36 www.orig

Please help me understand this...

-Carlos

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to