Problem installing CRT...

**brianteeter** · 04-02-2002 06:25 PM

Here's what I get:

Any thoughts? Nothing changes in httpd.conf, and no SSL requests are answered.

Thanks - Brian

Attempting to verify your certificate.....
Cerificate appears to be intact
/usr/share/ssl/certs/wesmarc.com.crt.test: OK

Warning: DocumentRoot [/home/paraster/public_html/chinese] does not exist
[Tue Apr 2 19:19:53 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
...
(a bunch more No VirtualHosts... gotta love that &feature& of WHM. :-)
...
Syntax OK
The CRT for the domain wesmarc.com could not be installed.
Apache produced the following errors:

**feanor** · 04-02-2002 06:26 PM

we'll need to see what's in your /usr/local/apache/logs/error_log upon apache restart to know what exactly it's failing on.........

it should report a certificate mismatch to the private key or OpenSSL busted, or something along those lines.

**brianteeter** · 04-02-2002 06:29 PM

[quote:505cb7f9a0][i:505cb7f9a0]Originally posted by feanor[/i:505cb7f9a0]

we'll need to see what's in your /usr/local/apache/logs/error_log upon apache restart to know what exactly it's failing on.........

it should report a certificate mismatch to the private key or OpenSSL busted, or something along those lines.
[/quote:505cb7f9a0]

Wow, that was fast!

Here goes, fresh from the error log:

[Tue Apr 2 19:14:31 2002] [error] [client 138.88.1.201] File does not exist: /usr/local/cpanel/base/neomail/neo-images/neomail-bg.gif
[Tue Apr 2 19:15:37 2002] [notice] caught SIGTERM, shutting down
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:44 2002] [notice] Apache/1.3.23 (Unix) mod_bwlimited/1.0 mod_jk PHP/4.1.2 mod_log_bytes/0.3 FrontPage/5.0.2.2510 mod_ssl/2.8.7 OpenSSL/0.9.6 configured -- resuming normal operations
[Tue Apr 2 19:15:44 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Tue Apr 2 19:15:44 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Tue Apr 2 19:15:56 2002] [error] [client 138.88.1.201] File does not exist: /usr/local/cpanel/base/neomail/neo-images/neomail-bg.gif
[Tue Apr 2 19:16:11 2002] [error] [client 138.88.1.201] Invalid method in request L
[Tue Apr 2 19:16:12 2002] [error] [client 138.88.1.201] Invalid method in request L

The last two lines occur when I request the https://&IP Address& page on the server.

Thanks - Brian

**feanor** · 04-02-2002 06:35 PM

run /scripts/initsslhttpd

and then kill apache (killall -9 httpd)
and

/etc/rc.d/init.d/httpd startssl &

**brianteeter** · 04-02-2002 06:47 PM

[quote:93e524ddb5][i:93e524ddb5]Originally posted by feanor[/i:93e524ddb5]

run /scripts/initsslhttpd

[/quote:93e524ddb5]

Done. No output produced. (Assuming this is correct operation...)

[quote:93e524ddb5]

and then kill apache (killall -9 httpd)
and

/etc/rc.d/init.d/httpd startssl &

[/quote:93e524ddb5]

Done. Produced the same output in the log as before. Reattempted to install the CRT, got the same message as before. Restarted apache, produced the same logs as before...

No dice. Any other ideas?

Thanks - Brian

**feanor** · 04-02-2002 06:59 PM

try using /scripts/installssl
to install the certificate from the command line.

I'm assuming the key you generated for the domain is still on the server, right? Did you use cpanel/whm to generate the key and CSR?

**brianteeter** · 04-02-2002 08:46 PM

OK. The command line created the following in httpd.conf:

&IfDefine SSL&
&VirtualHost 216.12.211.202:443&
ServerAdmin webmaster@wesmarc.com
DocumentRoot /home/wesmarc/public_html
ServerName wesmarc.com

CustomLog /usr/local/apache/domlogs/wesmarc.com-ssl_log &%t %{version}c %{cipher}c %{clientcert}c&

SSLVerifyClient none
SSLEnable

SSLCertificateFile /usr/share/ssl/certs/wesmarc.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/wesmarc.com.key
SSLLogFile /usr/local/apache/domlogs/wesmarc.com-ssl
UserDir public_html

ScriptAlias /cgi-bin/ /home/wesmarc/public_html/cgi-bin/
&/VirtualHost&
&/IfDefine&

But, restarting Apache produces in the error_log:

[Tue Apr 2 21:44:45 2002] [error] [client 207.243.118.1] File does not exist: /home/continen/public_html/
holly_pong.gif
[Tue Apr 2 21:44:45 2002] [error] [client 207.243.118.1] File does not exist: /home/continen/public_html/
404.shtml
[Tue Apr 2 21:45:32 2002] [error] [client 152.163.188.232] File does not exist: /home/dropndra/public_htm
l/shows/shows_2k1/september_slam/P1060346.JPG
[Tue Apr 2 21:45:32 2002] [error] [client 152.163.188.232] File does not exist: /home/dropndra/public_htm
l/404.shtml
[Tue Apr 2 21:45:49 2002] [error] [client 152.163.189.173] File does not exist: /home/dropndra/public_htm
l/shows/shows_2k1/september_slam/P1060451.JPGhttp://
[Tue Apr 2 21:45:49 2002] [error] [client 152.163.189.173] File does not exist: /home/dropndra/public_htm
l/404.shtml
[Tue Apr 2 21:45:53 2002] [notice] caught SIGTERM, shutting down
[Tue Apr 2 21:45:55 2002] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows)
[Tue Apr 2 21:45:55 2002] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Tue Apr 2 21:45:55 2002] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey

arsin
g
[Tue Apr 2 21:45:55 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

Note that the files as referenced in the directives for the SSL commands exist, and are readible by nobody. (Verified on the command line, by su'ing to nobody and cating the files. )

Any ideas?

Thanks - Brian

[quote:20f6cf4293][i:20f6cf4293]Originally posted by feanor[/i:20f6cf4293]

try using /scripts/installssl
to install the certificate from the command line.

I'm assuming the key you generated for the domain is still on the server, right? Did you use cpanel/whm to generate the key and CSR?

[/quote:20f6cf4293]

LinkBack

Thread Tools

Problem installing CRT...

exim.crt errors

how to install CRT for cpanel/WHM.. ?

Unable to install SSL Crt

intermediate.crt problem

cpanels root ca crt (ssl) where