Problem installing CRT...

[brianteeter]

Here's what I get:

Any thoughts? Nothing changes in httpd.conf, and no SSL requests are answered.

Thanks - Brian


Attempting to verify your certificate.....
Cerificate appears to be intact
/usr/share/ssl/certs/wesmarc.com.crt.test: OK

Warning: DocumentRoot [/home/paraster/public_html/chinese] does not exist
[Tue Apr 2 19:19:53 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
...
(a bunch more No VirtualHosts... gotta love that &feature& of WHM.
...
Syntax OK
The CRT for the domain wesmarc.com could not be installed.
Apache produced the following errors:

 

[feanor]

we'll need to see what's in your /usr/local/apache/logs/error_log upon apache restart to know what exactly it's failing on.........

it should report a certificate mismatch to the private key or OpenSSL busted, or something along those lines.

 

[brianteeter]

[quote:505cb7f9a0][i:505cb7f9a0]Originally posted by feanor[/i:505cb7f9a0]


we'll need to see what's in your /usr/local/apache/logs/error_log upon apache restart to know what exactly it's failing on.........

it should report a certificate mismatch to the private key or OpenSSL busted, or something along those lines.
[/quote:505cb7f9a0]

Wow, that was fast!

Here goes, fresh from the error log:

[Tue Apr 2 19:14:31 2002] [error] [client 138.88.1.201] File does not exist: /usr/local/cpanel/base/neomail/neo-images/neomail-bg.gif
[Tue Apr 2 19:15:37 2002] [notice] caught SIGTERM, shutting down
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.160:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:41 2002] [warn] NameVirtualHost 216.12.211.202:80 has no VirtualHosts
[Tue Apr 2 19:15:44 2002] [notice] Apache/1.3.23 (Unix) mod_bwlimited/1.0 mod_jk PHP/4.1.2 mod_log_bytes/0.3 FrontPage/5.0.2.2510 mod_ssl/2.8.7 OpenSSL/0.9.6 configured -- resuming normal operations
[Tue Apr 2 19:15:44 2002] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Tue Apr 2 19:15:44 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Tue Apr 2 19:15:56 2002] [error] [client 138.88.1.201] File does not exist: /usr/local/cpanel/base/neomail/neo-images/neomail-bg.gif
[Tue Apr 2 19:16:11 2002] [error] [client 138.88.1.201] Invalid method in request L
[Tue Apr 2 19:16:12 2002] [error] [client 138.88.1.201] Invalid method in request L


The last two lines occur when I request the https://&IP Address& page on the server.

Thanks - Brian

 

[feanor]

run /scripts/initsslhttpd

and then kill apache (killall -9 httpd)
and

/etc/rc.d/init.d/httpd startssl &

 

[brianteeter]

[quote:93e524ddb5][i:93e524ddb5]Originally posted by feanor[/i:93e524ddb5]


run /scripts/initsslhttpd

[/quote:93e524ddb5]

Done. No output produced. (Assuming this is correct operation...)


[quote:93e524ddb5]

and then kill apache (killall -9 httpd)
and

/etc/rc.d/init.d/httpd startssl &

[/quote:93e524ddb5]

Done. Produced the same output in the log as before. Reattempted to install the CRT, got the same message as before. Restarted apache, produced the same logs as before...

No dice. Any other ideas?

Thanks - Brian

 

[feanor]

try using /scripts/installssl
to install the certificate from the command line.

I'm assuming the key you generated for the domain is still on the server, right? Did you use cpanel/whm to generate the key and CSR?

 

[brianteeter]

OK. The command line created the following in httpd.conf:

&IfDefine SSL&
&VirtualHost 216.12.211.202:443&
ServerAdmin [email protected]
DocumentRoot /home/wesmarc/public_html
ServerName wesmarc.com

CustomLog /usr/local/apache/domlogs/wesmarc.com-ssl_log &%t %{version}c %{cipher}c %{clientcert}c&

SSLVerifyClient none
SSLEnable

SSLCertificateFile /usr/share/ssl/certs/wesmarc.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/wesmarc.com.key
SSLLogFile /usr/local/apache/domlogs/wesmarc.com-ssl
UserDir public_html

ScriptAlias /cgi-bin/ /home/wesmarc/public_html/cgi-bin/
&/VirtualHost&
&/IfDefine&

But, restarting Apache produces in the error_log:



[Tue Apr 2 21:44:45 2002] [error] [client 207.243.118.1] File does not exist: /home/continen/public_html/
holly_pong.gif
[Tue Apr 2 21:44:45 2002] [error] [client 207.243.118.1] File does not exist: /home/continen/public_html/
404.shtml
[Tue Apr 2 21:45:32 2002] [error] [client 152.163.188.232] File does not exist: /home/dropndra/public_htm
l/shows/shows_2k1/september_slam/P1060346.JPG
[Tue Apr 2 21:45:32 2002] [error] [client 152.163.188.232] File does not exist: /home/dropndra/public_htm
l/404.shtml
[Tue Apr 2 21:45:49 2002] [error] [client 152.163.189.173] File does not exist: /home/dropndra/public_htm
l/shows/shows_2k1/september_slam/P1060451.JPGhttp://
[Tue Apr 2 21:45:49 2002] [error] [client 152.163.189.173] File does not exist: /home/dropndra/public_htm
l/404.shtml
[Tue Apr 2 21:45:53 2002] [notice] caught SIGTERM, shutting down
[Tue Apr 2 21:45:55 2002] [error] mod_ssl: Init: Private key not found (OpenSSL library error follows)
[Tue Apr 2 21:45:55 2002] [error] OpenSSL: error:0D084069:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Tue Apr 2 21:45:55 2002] [error] OpenSSL: error:0D09D082:asn1 encoding routines:d2i_RSAPrivateKey:parsin
g
[Tue Apr 2 21:45:55 2002] [error] OpenSSL: error:0D09B00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib


Note that the files as referenced in the directives for the SSL commands exist, and are readible by nobody. (Verified on the command line, by su'ing to nobody and cating the files. )

Any ideas?

Thanks - Brian


[quote:20f6cf4293][i:20f6cf4293]Originally posted by feanor[/i:20f6cf4293]


try using /scripts/installssl
to install the certificate from the command line.

I'm assuming the key you generated for the domain is still on the server, right? Did you use cpanel/whm to generate the key and CSR?

[/quote:20f6cf4293]