httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matias Visbeek <matias.visb...@vatrox.com>
Subject Re: [users@httpd] 443 VirtualHost setup yields "Server should be SSL-aware" error
Date Tue, 04 Aug 2015 20:29:56 GMT
Glad to hear you find the issue cause.
It is absolutely factible that the error was caused by that included file
if it was defined for a different VirtualHost, as the configuration you set
is only for port 443. Does that included file set configurations for a
VirtualHost?

2015-08-04 17:20 GMT-03:00 , , <us.shadow.op@gmail.com>:

> Hey Matias thank you for the assistance, I ended up discovering I had
> an additional configuration file included that had additional SSL
> directives defined in it.
>
> When I commented out this configuration (as everything present in it
> was also present in my main configuration) it seemed to start up
> without issue.
>
> The file that I commented out contained:
> SSLEngine               on
> SSLOptions              StdEnvVars StrictRequire
> SSLCompression off
> SSLProtocol             All -SSLv2 -SSLv3
> SSLHonorCipherOrder on
> SSLCipherSuite
> ALL:!ADH:!LOW:!SSLv2:!EXP:!NULL:RC4+SHA:+HIGH:+MEDIUM
> SSLRandomSeed           startup file:/dev/urandom 512
> SSLRandomSeed           connect file:/dev/urandom 512
> SSLSessionCacheTimeout  300
>
>
> Everything in that file is present in my mainline configuration as
> well except for the SSLHonorCipherOrder. Do you think the issue was
> that the SSLEngine on was defined both inside and outside of my
> VirtualHost?
>
> On Tue, Aug 4, 2015 at 3:13 PM, Matias Visbeek
> <matias.visbeek@vatrox.com> wrote:
> > Another question, I see you have SSLProxyEngine On, so I assume your are
> > using it as a Reverse Proxy. Does the backend requires SSL aswell? In
> that
> > case you will need at least the trusted certificate for the backend's
> server
> > certificate specified in SSLProxyCACertificateFile.
> >
> > What version of Apache are you using?
> >
> > Are you sure Apache have privileges over that directory?
> >
> >
> > 2015-08-04 16:19 GMT-03:00 , , <us.shadow.op@gmail.com>:
> >>
> >> That is correct.
> >>
> >> On Tue, Aug 4, 2015 at 1:29 PM, Matias Visbeek
> >> <matias.visbeek@vatrox.com> wrote:
> >> > Just to be sure, is your example.crt file just the public key of your
> >> > ceritficate in PEM Base64 format?
> >> >
> >> >
> >> > 2015-08-04 15:23 GMT-03:00 <eigenbrais1@gmail.com>:
> >> >>
> >> >> Apologies, the leading slash was not supposed to be there, just
> copied
> >> >> a fake file location and forgot to remove it, the full path is
> defined
> >> >> for the certs:
> >> >> SSLCertificateFile      "/opt/blah/web/apache2/cert/example.crt"
> >> >> SSLCertificateKeyFile   "/opt/blah/web/apache2/cert/example.key"
> >> >> SSLCertificateChainFile
> >> >> "/opt/blah/web/apache2/cert/example-intermediate.crt"
> >> >>
> >> >> Matias, not sure what you mean by "are you sure conditions for
> >> >> IfDefine are met?" If you mean are those levels defined properly etc.
> >> >> then yes, I use those IfDefines several times in the rest of the
> >> >> configuration.
> >> >>
> >> >> On Tue, Aug 4, 2015 at 1:17 PM, Matias Visbeek
> >> >> <matias.visbeek@vatrox.com> wrote:
> >> >> > Hi,
> >> >> >
> >> >> > I have 2 different theories about what is happening with your
code.
> >> >> >
> >> >> > First, this line looks wrong
> >> >> > SSLCertificateFile      "/example.crt"
> >> >> >
> >> >> > Do you have your certificate file in the root directory?
> >> >> > Try changing it for this
> >> >> >
> >> >> > SSLCertificateFile      "example.crt"
> >> >> >
> >> >> > or providing the full path to the file, for example
> >> >> > "/home/user/cert/example.crt" for Linux/UNIX or
> "C:/cert/ecample.crt"
> >> >> > for
> >> >> > Windows.
> >> >> >
> >> >> > Second, you define your certificate inside IfDefine tags, are
you
> >> >> > sure
> >> >> > conditions for IfDefine are met?
> >> >> >
> >> >> > Regards,
> >> >> >
> >> >> > Matías
> >> >> >
> >> >> > 2015-08-04 15:02 GMT-03:00 <eigenbrais1@gmail.com>:
> >> >> >>
> >> >> >> RHEL: 5
> >> >> >> Apache: 2.2.29
> >> >> >>
> >> >> >> Trying to set up a VirtualHost in my 443 configuration
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> ----------------------------------------------------------------------------
> >> >> >> Listen 443 (also tried Listen 443 http)
> >> >> >>
> >> >> >> DocumentRoot    "/www/secure"
> >> >> >>
> >> >> >> NameVirtualHost *:443
> >> >> >>
> >> >> >> <VirtualHost *:443>
> >> >> >>
> >> >> >> <IfDefine leveltest>
> >> >> >> ServerName      test.something.com
> >> >> >> RewriteEngine On
> >> >> >> SSLEngine     On
> >> >> >> SSLProxyEngine on
> >> >> >> ProxyRequests Off
> >> >> >> SSLCertificateFile      "/example.crt"
> >> >> >> SSLCertificateKeyFile   "example.key"
> >> >> >> SSLCertificateChainFile "example-intermediate.crt"
> >> >> >> </IfDefine>
> >> >> >> <IfDefine levelprod>
> >> >> >> RewriteEngine On
> >> >> >> SSLEngine     On
> >> >> >> SSLProxyEngine on
> >> >> >> ProxyRequests Off
> >> >> >> RewriteEngine On
> >> >> >> SSLEngine     On
> >> >> >> SSLProxyEngine on
> >> >> >> ProxyRequests Off
> >> >> >> SSLCertificateFile      "/example.crt"
> >> >> >> SSLCertificateKeyFile   "example.key"
> >> >> >> SSLCertificateChainFile "example-intermediate.crt"
> >> >> >> </IfDefine>
> >> >> >>
> >> >> >> SSLOptions              +StdEnvVars +ExportCertData
> >> >> >> SSLProtocol             ALL -SSLv2 -SSLv3
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> -------------------------------------------------------------------------------------
> >> >> >>
> >> >> >> The above results in the following error when trying to start:
> >> >> >> [Tue Aug 04 11:20:09 2015] [error] Server should be SSL-aware
but
> >> >> >> has
> >> >> >> no certificate configured [Hint: SSLCertificateFile] ((null):0)
> >> >> >>
> >> >> >> We know that certificate listed works as we are currently
using
> it,
> >> >> >> only difference is we tried including it in a VirtualHost
now.
> >> >> >>
> >> >> >>
> >> >> >>
> ---------------------------------------------------------------------
> >> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >> >>
> >> >> >
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >>
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message