search for: sslcertificatefile

Not much of a noob, but I will try. I just configured httpd and installed mod_ssl and got my certificate from GoDaddy and put them on the server with ssl.conf pointing at them. I am getting this error: SSLCertificateFile: file '/etc/pki/tls/certs/enmu.edu.crt' does not exist or is empty It's a cute error. I have checked several times for misspellings, looked at the enmu.edu.crt file (looks like a cert to me) and I can certify that it is not empty and it most certainly exists. Want some proof? Here......

...nf both 'vhost'-files are like this: <VirtualHost ipaddr:443> ServerAdmin webmaster at domain#.com ServerName vhost.domain#.com:443 ServerAlias box.domain#.com:443 ServerAlias calcbox.domain#.com:443 ServerAlias proxybox.domain#.com:443 ... SSLEngine on SSLStrictSNIVHostCheck on SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt ... </VirtualHost> only https://domain1.com/... works https://domain2.com/... results in a certificate CN mismatch ... wh...

...in_email ServerName $your_host_tld <VirtualHost *:80> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> </VirtualHost> EOF...

...able, shutting down Unable to open logs I re-generated the self signed certificate keys and restarted the server. /sbin/service httpd start is looking for ssl_gd.conf and NOT SSL.CONF; Don't know how this happened? Starting httpd: Syntax error on line 143 of /etc/httpd/conf.d/ssl_gd.conf: SSLCertificateFile: file '/etc/sslcertificate/gd.crt' does not exist or is empty [FAILED] Can anyone give some pointers to solve this? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/piperma...

Hi, suppose puppet-old.domain is a CNAME pointing to puppet-new.domain, and puppet-new.domain is running Apache (for SSL) with mod_proxy_balancer to balance over some 10 puppetmaster processes. The configured SSLCertificateFile in Apache is that of puppet-new.domain How do I get a node to stop complaining when connecting to puppet-old.domain (ending up at puppet-new.domain through the CNAME)? node# puppetd --test --server=puppet-old.domain err: Could not retrieve catalog from remote server: hostname was not match with t...

Hi all, following http://reductivelabs.com/trac/puppet/wiki/UsingMongrel it says that hostkey/cert must be owned by puppet:puppet. I tried to keep original path (and also owner) of both files and seems to puppet still works... what problems could it cause to my conf? # grep lib mongrel.conf SSLCertificateFile /var/lib/puppet/ssl/certs/gridinstall.pic.es.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/gridinstall.pic.es.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/...

...in /etc/certs: # ls -lh /etc/certs total 12K -rw-r--r-- 1 root root 981 sep 20 11:06 microlinux.crt -rw-r--r-- 1 root root 716 sep 20 11:04 microlinux.csr -rw-r--r-- 1 root root 887 sep 20 11:11 microlinux.key I'm not sure about the correct syntax to use SSL on this one. Where do I configure SSLCertificateFile and SSLCertificateKeyFile? In the virtual host stanza? Before trying various haphazard configurations, I thought I'd better ask here. Niki

...l RewriteRule ^/$ /index.html [QSA] RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule ^/(.*)$ balancer://mongrel_cluster%{REQUEST_URI} [P,QSA,L] CustomLog logs/desq-access.log common ErrorLog logs/desq-error.log SSLEngine on SSLCertificateFile /home/user/ssl.crt SSLCertificateKeyFile /home/user/ssl.key </VirtualHost> <VirtualHost *:80> ServerName server.domain.com Redirect permanent / https://server.domain.com </VirtualHost> Also, the cluster YML file: --- port: 3000 pid_file: log/mongrel.pid...

...lt;Directory "/var/www/html"> >> Options Indexes FollowSymLinks >> AllowOverride None >> Require all granted >> </Directory> >> </VirtualHost> >> <VirtualHost *:443> >> SSLEngine On >> SSLCertificateFile /etc/pki/tls/certs/$your_host_tld.crt >> SSLCertificateKeyFile /etc/pki/tls/private/$your_host_tld.key >> <Directory "/var/www/html"> >> Options Indexes FollowSymLinks >> AllowOverride None >> Require all granted >>...

...tly that format > > i go even so far and include the CDHE and DHE params there which means in case of a recent httpd you can make DHE compatible which most clients even if your RSA certificate is 4096 Bit (read the hint about 2.4.7 or later at http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatefile if you want to know why) > > there is also no need to place that certs below /etc/dovecot at all nor have them readable for anybody but root, we have our wildcard certificate on a unique location synced to all servers offering SSL and again Dovecot, Postfix and Apache are happy to read the PE...

...work when ssl_enabled=Yes. I have tried setting the following: rsa_cert_file=/usr/share/ssl/certs/inet06cert.pem which is the public certificate and this: rsa_cert_file=/usr/share/ssl/private/inet06key.pem which is the server private key. Both these are in use by the apache web server as : SSLCertificateFile /usr/share/ssl/certs/inet06cert.pem and SSLCertificateKeyFile /usr/share/ssl/private/inet06key.pem respectively and I have no trouble using ssl with that service. As far as I can tell the certificates are in the right places and do the right things for apache but vsftpd chokes. Since vsftpd...

...ronment consists of the same distribution and I would prefer not to introduce a different one just for this purpose. Here is my virtual host configuration for this: ================================== <VirtualHost xxx.xxx.xxx.xxx:443> ServerName testproxy.domain.com SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key RequestHeader set Front-End-Https "On" ProxyRequests Off ProxyPreserveHost On LogLevel debug <Location /exchange> ProxyPass http://yyy.yyy.yyy.yyy/exchange Pro...

.../html. I installed mod_ssl and only edited the following directives in /etc/httpd/conf.d/ssl.conf. I kept the default options for everything else. --8<------------------------------------------------ ... DocumentRoot "/var/www/html/default/html" ServerName sd-41893.dedibox.fr:443 ... SSLCertificateFile /etc/letsencrypt/live/sd-41893.dedibox.fr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/sd-41893.dedibox.fr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem --8<------------------------------------------------ After restarting Apache, the websit...

...logs/ssl_access.log combined CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" LogLevel info SSLEngine on SSLProxyEngine On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2 SSLCertificateFile /etc/httpd/certs/server.crt SSLCertificateKeyFile /etc/httpd/certs/server.key ProxyRequests Off ProxyPreserveHost On ProxyPass / http://192.168.1.5:5100/ ProxyPassReverse / http://192.168.1.5:5100/ RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port &quot...

...assenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11 PassengerRuby /usr/bin/ruby CustomLog "/var/log/httpd/puppet_access_log" common ErrorLog "/var/log/httpd/puppet_error_log" SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /drbd01/puppet/var/lib/puppet/ssl/certs/ puppetmaster.foo.bar.pem SSLCertificateKeyFile /drbd01/puppet/var/lib/puppet/ssl/ private_keys/puppetmaster.foo.bar.pem SSLCertificateChainFile /drbd01/puppet/var/lib/puppet/ssl/ca/ ca_crt.pem SSLCACertificateFile /drbd01/puppet/var/lib...

...lIdleTime 600 Listen 8140 <VirtualHost *:8140> SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/<puppetmaster>.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ <puppetmaster>.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocat...

...pet/rack/puppetmasterd/public/production/certificate_request/pclient Here is some relevant apache config info: # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.localdomain.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/...

I''m having a problem but don''t know what is causing it so I don''t know exactly where to post, please bear with me. I''m trying to set up https access however whenever I go to https://url_for_site the root route renders but the url is rewritten to http://url_for_site. The ssl request shows in the apache logs but obviously no further ssl requests show up.

...entry.com-error.log" CustomLog "/var/log/www/new.identry.com-access.log" combined SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW: +SSLv2:+EXP:+eNULL SSLCertificateKeyFile "/usr/local/etc/apache22/certs/ new.identry.com/server.key" SSLCertificateFile "/usr/local/etc/apache22/certs/new.identry.com/ server.crt" #DocumentRoot "/home/identry/public_html" RequestHeader set X_FORWARDED_PROTO ''https'' ProxyPass / https://new.identry.com:3000/ ProxyPassReverse / https://new.identry.com:3000/ ProxyPr...

...ertificate, and expected it to just plain not work any more, and thereby updating my Puppet master''s key store. Here''s that Apache configuration I was talking about: <VirtualHost 10.1.0.165:443> SSLEngine On SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/puppet01.ops.az.domain.local.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet01.ops.az.domain.local.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +StdE...