Software
 » 
Apache
 » 
mod_ssl
 » 
mod_ssl - Users

After replacing ssl certificate, apache fails to start but gives no error

View: New views
2 Messages — Rating Filter:   Alert me  

After replacing ssl certificate, apache fails to start but gives no error

by Richard Onanian :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I've updated my ssl public certificate and intermediate certificate
according to the instructions at
http://www.verisign.com/support/ssl-certificates-support/page_dev019509.html
I also made sure the file permissions match. Now apache won't start, and
doesn't indicate any error:

 [root@EmpowerWeb root]# apachectl startssl
 Apache/2.0.55 mod_ssl/2.0.55 (Pass Phrase Dialog)
 Some of your private key files are encrypted for security reasons.
 In order to read them you have to provide us with the pass phrases.

 Server webamc.annamaria.edu:443 (RSA)
 Enter pass phrase:
 [root@EmpowerWeb root]# netstat -anp | grep 443
 [root@EmpowerWeb root]#

Also, nothing shows up in /var/log/httpd/error_log,
/var/log/httpd/access_log (of course), or /var/log/messages.


If I put the old certificate back, it works:

 [root@EmpowerWeb root]# apachectl startssl
 Apache/2.0.55 mod_ssl/2.0.55 (Pass Phrase Dialog)
 Some of your private key files are encrypted for security reasons.
 In order to read them you have to provide us with the pass phrases.

 Server webamc.annamaria.edu:443 (RSA)
 Enter pass phrase:
 [root@EmpowerWeb root]# netstat -anp | grep 443
 tcp        0      0 0.0.0.0:443                 0.0.0.0:*
LISTEN      1197/httpd
 [root@EmpowerWeb root]#


How can I troubleshoot this? I don't have any experience with modssl, I've
inherited responsibility for this system. Our certificate expires in two
days. :(

Thanks,
  Rick Onanian
  Network Administrator
  Anna Maria College

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@...
Automated List Manager                            majordomo@...

Re: After replacing ssl certificate, apache fails to start but gives no error

by Richard Onanian :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I wrote:
 > I've updated my ssl public certificate and intermediate certificate
 > according to the instructions [...]
 > I also made sure the file permissions match. Now apache won't start, and
 > doesn't indicate any error:
 > Also, nothing shows up in /var/log/httpd/error_log,
 > /var/log/httpd/access_log (of course), or /var/log/messages.

Okay, I figured it out. I tried breaking things until I found the same
symptom. I found that when I used the wrong private key, it had the same
symptom. Sure enough, that was the problem. The CSR I used to get the
certificate signed by Verisign was for a different key. I now have a
significantly better understanding of how the whole process works.

Why doesn't modssl provide any error message or log entry?

Is it insecure to use an old key pair? What's the appropriate thing to
do -- create a new key pair (and a new CSR) each time you renew your
signed certificate, or just re-use the old key pair and get a new signed
certificate?

Thanks,
  Rick Onanian
  Network Administrator
  Anna Maria College

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@...
Automated List Manager                            majordomo@...
LightInTheBox - Buy quality products at wholesale price!
Free Forum Powered by Nabble Forum Help