0

I try to configure SSL on my apache 2.4.12 Webserver. But apache2 can't find the Certificate and Key File in the corespondening ssl directory. I already checked file permissions but without success. The Certificates are not empty and the same Certificates worked in a apache 2.0.64 ssl installation.

here the error message:

/usr/sbin/apache2 -f /etc/apache2/httpd.conf
AH00526: Syntax error on line 7 of /etc/apache2/mod_ssl.conf:
SSLCertificateFile: file '/etc/apache2/ssl/cert/server.crt' does not exist or is empty

here my mod_ssl.conf

cat mod_ssl.conf 
    <VirtualHost _default_:443>
    #  General setup for the virtual host
    DocumentRoot "/var/www/"
    ServerName 192.168.2.1:443
    ServerAdmin you@your.address
    SSLEngine on
    SSLCertificateFile "/etc/apache2/ssl/cert/server.crt"
    SSLCertificateKeyFile "/etc/apache2/ssl/key/server.key"
</VirtualHost>


/etc/apache2/ssl/cert$ ll
drwxrwxrwx    2 www      www            232 Jan  1 01:57 .
drwxrwxrwx    4 www      www            288 Jan  1 01:54 ..
-rwxrwxrwx    1 www      www            863 Feb 10  2015 server.crt

/etc/apache2/ssl/key$ ll
drwxrwxrwx    2 www      www            232 Jan  1 01:56 .
drwxrwxrwx    4 www      www            288 Jan  1 01:54 ..
-rwxrwxrwx    1 www      www            916 Feb 10  2015 server.key

Has anyone come across something like this before?

Oliver G.
  • 115
  • 1
  • 8
  • can you try to give the path without the quotes? SSLCertificateFile /etc/apache2/ssl/cert/server.crt – Goez Mar 02 '15 at 08:26
  • Also check your key length: DH parameter interoperability with primes > 1024 bit Beginning with version 2.4.7, mod_ssl makes use of standardized DH parameters with prime lengths of 2048, 3072 and 4096 bits and with additional prime lengths of 6144 and 8192 bits beginning with version 2.4.10 (from RFC 3526), and hands them out to clients based on the length of the certificate's RSA/DSA key. With Java-based clients in particular (Java 7 or earlier), this may lead to handshake failures - see this FAQ answer for working around such issues. – Goez Mar 02 '15 at 08:27
  • 1
    What are the permissions on /etc/apache2/ssl, /etc/apache2/ssl/cert directories? – Dan Mar 02 '15 at 08:35
  • i removed the path around the quotes without success. i recreated my certificates with openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout server.key -out server.crt without success and same error – Oliver G. Mar 02 '15 at 08:50
  • Which user is apache running under? Check your `User` directive and then check if that user has access to the desired location. It might be that some directory in the path doesn't give him permission. – Gustavo Maia Mar 03 '15 at 13:21
  • Apache is running as user daemon. User directive is also deamon. I also tried user www and directive www. – Oliver G. Mar 03 '15 at 16:12
  • Are you running in a chroot, any selinux policies or equivalent? – Martin Mar 03 '15 at 18:48
  • No but the apache is self compiled for the ARM Architecture and running on a Embedded Device with BusyBox . But no SELinux. If I compile it for i686 for Ubuntu everything works fine – Oliver G. Mar 04 '15 at 07:46

0 Answers0