Glad to hear you find the issue cause. It is absolutely factible that the error was caused by that included file if it was defined for a different VirtualHost, as the configuration you set is only for port 443. Does that included file set configurations for a VirtualHost?
2015-08-04 17:20 GMT-03:00 , , <us.shadow...@gmail.com>: > Hey Matias thank you for the assistance, I ended up discovering I had > an additional configuration file included that had additional SSL > directives defined in it. > > When I commented out this configuration (as everything present in it > was also present in my main configuration) it seemed to start up > without issue. > > The file that I commented out contained: > SSLEngine on > SSLOptions StdEnvVars StrictRequire > SSLCompression off > SSLProtocol All -SSLv2 -SSLv3 > SSLHonorCipherOrder on > SSLCipherSuite > ALL:!ADH:!LOW:!SSLv2:!EXP:!NULL:RC4+SHA:+HIGH:+MEDIUM > SSLRandomSeed startup file:/dev/urandom 512 > SSLRandomSeed connect file:/dev/urandom 512 > SSLSessionCacheTimeout 300 > > > Everything in that file is present in my mainline configuration as > well except for the SSLHonorCipherOrder. Do you think the issue was > that the SSLEngine on was defined both inside and outside of my > VirtualHost? > > On Tue, Aug 4, 2015 at 3:13 PM, Matias Visbeek > <matias.visb...@vatrox.com> wrote: > > Another question, I see you have SSLProxyEngine On, so I assume your are > > using it as a Reverse Proxy. Does the backend requires SSL aswell? In > that > > case you will need at least the trusted certificate for the backend's > server > > certificate specified in SSLProxyCACertificateFile. > > > > What version of Apache are you using? > > > > Are you sure Apache have privileges over that directory? > > > > > > 2015-08-04 16:19 GMT-03:00 , , <us.shadow...@gmail.com>: > >> > >> That is correct. > >> > >> On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek > >> <matias.visb...@vatrox.com> wrote: > >> > Just to be sure, is your example.crt file just the public key of your > >> > ceritficate in PEM Base64 format? > >> > > >> > > >> > 2015-08-04 15:23 GMT-03:00 <eigenbra...@gmail.com>: > >> >> > >> >> Apologies, the leading slash was not supposed to be there, just > copied > >> >> a fake file location and forgot to remove it, the full path is > defined > >> >> for the certs: > >> >> SSLCertificateFile "/opt/blah/web/apache2/cert/example.crt" > >> >> SSLCertificateKeyFile "/opt/blah/web/apache2/cert/example.key" > >> >> SSLCertificateChainFile > >> >> "/opt/blah/web/apache2/cert/example-intermediate.crt" > >> >> > >> >> Matias, not sure what you mean by "are you sure conditions for > >> >> IfDefine are met?" If you mean are those levels defined properly etc. > >> >> then yes, I use those IfDefines several times in the rest of the > >> >> configuration. > >> >> > >> >> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek > >> >> <matias.visb...@vatrox.com> wrote: > >> >> > Hi, > >> >> > > >> >> > I have 2 different theories about what is happening with your code. > >> >> > > >> >> > First, this line looks wrong > >> >> > SSLCertificateFile "/example.crt" > >> >> > > >> >> > Do you have your certificate file in the root directory? > >> >> > Try changing it for this > >> >> > > >> >> > SSLCertificateFile "example.crt" > >> >> > > >> >> > or providing the full path to the file, for example > >> >> > "/home/user/cert/example.crt" for Linux/UNIX or > "C:/cert/ecample.crt" > >> >> > for > >> >> > Windows. > >> >> > > >> >> > Second, you define your certificate inside IfDefine tags, are you > >> >> > sure > >> >> > conditions for IfDefine are met? > >> >> > > >> >> > Regards, > >> >> > > >> >> > MatÃas > >> >> > > >> >> > 2015-08-04 15:02 GMT-03:00 <eigenbra...@gmail.com>: > >> >> >> > >> >> >> RHEL: 5 > >> >> >> Apache: 2.2.29 > >> >> >> > >> >> >> Trying to set up a VirtualHost in my 443 configuration > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ---------------------------------------------------------------------------- > >> >> >> Listen 443 (also tried Listen 443 http) > >> >> >> > >> >> >> DocumentRoot "/www/secure" > >> >> >> > >> >> >> NameVirtualHost *:443 > >> >> >> > >> >> >> <VirtualHost *:443> > >> >> >> > >> >> >> <IfDefine leveltest> > >> >> >> ServerName test.something.com > >> >> >> RewriteEngine On > >> >> >> SSLEngine On > >> >> >> SSLProxyEngine on > >> >> >> ProxyRequests Off > >> >> >> SSLCertificateFile "/example.crt" > >> >> >> SSLCertificateKeyFile "example.key" > >> >> >> SSLCertificateChainFile "example-intermediate.crt" > >> >> >> </IfDefine> > >> >> >> <IfDefine levelprod> > >> >> >> RewriteEngine On > >> >> >> SSLEngine On > >> >> >> SSLProxyEngine on > >> >> >> ProxyRequests Off > >> >> >> RewriteEngine On > >> >> >> SSLEngine On > >> >> >> SSLProxyEngine on > >> >> >> ProxyRequests Off > >> >> >> SSLCertificateFile "/example.crt" > >> >> >> SSLCertificateKeyFile "example.key" > >> >> >> SSLCertificateChainFile "example-intermediate.crt" > >> >> >> </IfDefine> > >> >> >> > >> >> >> SSLOptions +StdEnvVars +ExportCertData > >> >> >> SSLProtocol ALL -SSLv2 -SSLv3 > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------------------------------------------------------------------------- > >> >> >> > >> >> >> The above results in the following error when trying to start: > >> >> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware but > >> >> >> has > >> >> >> no certificate configured [Hint: SSLCertificateFile] ((null):0) > >> >> >> > >> >> >> We know that certificate listed works as we are currently using > it, > >> >> >> only difference is we tried including it in a VirtualHost now. > >> >> >> > >> >> >> > >> >> >> > --------------------------------------------------------------------- > >> >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> >> >> For additional commands, e-mail: users-h...@httpd.apache.org > >> >> >> > >> >> > > >> >> > >> >> --------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> >> For additional commands, e-mail: users-h...@httpd.apache.org > >> >> > >> > > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
