Hello, I find it extremely troubling that when Apache fails to start due to an SSL-related misconfiguration nothing is logged to that effect.
For example, if a certificate and private key do not match, Apache will fail to start and, from what I can tell, fails to log anything at all. Maybe there is some alternate log file location of which I'm not aware, but tailing /var/log/apache2/error.log (on Debian), or the site-specific log at /var/www/example.com/log/error.log, reveals absolutely nothing about the issue's cause. How can the world's "most mature", "most advanced" Web-server be brought to its knees due to an SSL misconfiguration with one site? I find this to be inexcusable. Even if Apache did log every detail regarding the cause for the failed service start-up, the fact that Apache has no mechanism for handling such a misconfiguration gracefully is disappointing. To the contrary, Dovecot, for example, failed gracefully in the same instance; it reported a very specific message in its logs (key/cert. mismatch) and still started-up. Due to the fact that the certificate was malformed, Dovecot dropped its TLS capabilities, but it still started the server and bound to the non-secure port. The "apache2ctl configtest" command seems to be ineffective when the required files exist and are not empty. This utility seems not to check for a match between the private key and the certificate. Perhaps this utility could be modified to use the `openssl` executable (if it can be found) to check these items, too. Am I missing something here? Thank you for any insight, -Ben --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
