SSLCertificateFile: file server.crt does not exist or empty

I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
The apache rpm is httpd-2.0.52-9.ent

Now when I have default-site SSL-Enabled(default virtual host), I get the following error
on restart:
1.
[root@rhel4localbox ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
[Wed May 25 14:39:17 2005] [warn] _default_ VirtualHost overlap on port 443, the first
has

precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
no listening sockets available, shutting down
Unable to open logs
[FAILED]

2.
When I add a ssl-enabled virtual-host, I get the following error on restart:

[root@rhel4localbox ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: [Wed May 25 14:41:23 2005] [warn] module ssl_module is already loaded,
skipping
[Wed May 25 14:41:24 2005] [warn] module ssl_module is already loaded, skipping
Warning: DocumentRoot [/home/vh/sslsite1] does not exist
Syntax error on line 232 of /etc/httpd/conf/httpd.conf:
SSLCertificateFile: file '/home/vh/sslsite1/server.crt' does not exist or is empty
[FAILED]

Any idea on the above problem will be most welcome...

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLCertificateFile: file server.crt does not exist or empty

On Tue, May 31, 2005 at 05:10:27AM -0700, Bibhash Roy wrote:
> I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
> The apache rpm is httpd-2.0.52-9.ent
....
> 2.
> When I add a ssl-enabled virtual-host, I get the following error on restart:
>
> [root@rhel4localbox ~]# /etc/init.d/httpd restart
> Stopping httpd: [FAILED]
> Starting httpd: [Wed May 25 14:41:23 2005] [warn] module ssl_module is already loaded,
> skipping
> [Wed May 25 14:41:24 2005] [warn] module ssl_module is already loaded, skipping
> Warning: DocumentRoot [/home/vh/sslsite1] does not exist
> Syntax error on line 232 of /etc/httpd/conf/httpd.conf:
> SSLCertificateFile: file '/home/vh/sslsite1/server.crt' does not exist or is empty
> [FAILED]

You can get this type of error if you have SELinux enabled - check
/var/log/message to see if there is an "avc" denial message for this
file.

You'll need to label the certificates correctly if you want to keep
SELinux enabled, e.g.

# chcon user_u:object_r:httpd_config_t /home/vh/sslsite1/server.crt

See:

http://fedora.redhat.com/docs/selinux-faq-fc3/
http://fedora.redhat.com/docs/selinux-apache-fc3/

for more details about SELinux and Apache.

joe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLCertificateFile: file server.crt does not exist or empty

--- Joe Orton wrote:
> On Tue, May 31, 2005 at 05:10:27AM -0700, Bibhash Roy wrote:
> > I am hosting Apache Web Server on Red Hat Enterprise (RHEL4).
> > The apache rpm is httpd-2.0.52-9.ent
> ...
> > 2.
> > When I add a ssl-enabled virtual-host, I get the following error on restart:
> >
> > [root@rhel4localbox ~]# /etc/init.d/httpd restart
> > Stopping httpd: [FAILED]
> > Starting httpd: [Wed May 25 14:41:23 2005] [warn] module ssl_module is already
> loaded,
> > skipping
> > [Wed May 25 14:41:24 2005] [warn] module ssl_module is already loaded, skipping
> > Warning: DocumentRoot [/home/vh/sslsite1] does not exist
> > Syntax error on line 232 of /etc/httpd/conf/httpd.conf:
> > SSLCertificateFile: file '/home/vh/sslsite1/server.crt' does not exist or is empty
> > [FAILED]
>
> You can get this type of error if you have SELinux enabled - check
> /var/log/message to see if there is an "avc" denial message for this
> file.
>
> You'll need to label the certificates correctly if you want to keep
> SELinux enabled, e.g.
>
> # chcon user_u:object_r:httpd_config_t /home/vh/sslsite1/server.crt
>
> See:
>
> http://fedora.redhat.com/docs/selinux-faq-fc3/
> http://fedora.redhat.com/docs/selinux-apache-fc3/
>
> for more details about SELinux and Apache.



Thanks joe ...for your tips...
At least I could understand that it was a SELinux issue.

Actually to get things working I had to disable SELinux...

However "chcon user_u:object_r:httpd_config_t /home/vh/sslsite1/server.crt" did not work
out with SELinux enabled....


Regards,

Bibhash Roy


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org