PDA

View Full Version : [ubuntu] Apache2 SSL Issues


own3mall
August 16th, 2009, 08:19 AM
I followed this guide here:

http://www.akadia.com/services/ssh_test_certificate.html

To create a self signed ssl key and certificate.

When I try to restart Apache2, I receive the following error:



* Restarting web server apache2 Syntax error on line 1 of /etc/apache2/conf.d/ssl.crt:
Invalid command '-----BEGIN', perhaps misspelled or defined by a module not included in the server configuration
What's causing this error?

I put the following lines in my apache2.conf:



SSLEngine on
SSLCertificateFile /etc/apache2/conf.d/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/conf.d/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
What am I doing wrong?
dabang
August 16th, 2009, 10:34 AM
The error message is complaining about

Syntax error on line 1 of /etc/apache2/conf.d/ssl.crt:
but in apache2.conf you defined

SSLCertificateFile /etc/apache2/conf.d/ssl.crt/server.crt
as certifcate... Are you sure the files are at the right place? If so, I'd guess there's something wrong with the crt file (like the error says).
lodp
September 3rd, 2011, 12:45 AM
Sorry for digging up this old thread, but it turned up on Google when I searched and I have the solution:

You have to move your key and certificate out of the /etc/apache2/conf.d directory, and place them somewhere else. Apparently when the certificate and key files are somewhere below conf.d, Apache reads them as if they were configuration files. Used to be fine in earlier versions though..

Anyway, if you just move the key and certificate files to /etc/apache2/ssl.crt and /etc/apache2/ssl.key respectively, it'll work.
own3mall
September 4th, 2011, 07:56 AM
Sorry for digging up this old thread, but it turned up on Google when I searched and I have the solution:

You have to move your key and certificate out of the /etc/apache2/conf.d directory, and place them somewhere else. Apparently when the certificate and key files are somewhere below conf.d, Apache reads them as if they were configuration files. Used to be fine in earlier versions though..

Anyway, if you just move the key and certificate files to /etc/apache2/ssl.crt and /etc/apache2/ssl.key respectively, it'll work.

Interesting. I will give it a try. Thanks for the post.