Apache2 Error Failed To Configure Ca Certificate Chain
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site apache 2.4 failed to configure ca certificate chain! About Us Learn more about Stack Overflow the company Business Learn more about httpd failed to configure ca certificate chain hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is ah02562 failed to configure certificate a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best
Ssl Checker
answers are voted up and rise to the top Failed to Configure CA Certificate chain after Rebuilding/Re-Installing OS up vote 0 down vote favorite I got my free ssl at startssl.com and it works really fine. My site is working with https://. After I configure LAMP and VSFTP and broke something in there, I decided to re-install UBUNTU 12.04 OS to wipe out all the configurations and unnecessary thing i made in there. Following the same procedure as I was configuring it before and added the same SSLCertificateFile /etc/apache2/ssl/ssl.crt SSLCertificateKeyFile /etc/apache2/ssl/private.key SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem When I restart the apache2 it showed FAILED instead of OK. I immediately run this command cat /var/log/apache2/error.log and found out the error Failed to configure CA certificate chain!. I followed this post Failed to configure CA certificate chain but still no luck. BTW, I configured my VPS like this tutorial https://www.digitalocean.com/community/articles/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps and it works so fine before i re-install my OS. apache-2.2 ssl ssl-certificate ubuntu-12.04 share|improve this question asked Apr 20 '14 at 6:53 user3541736 12 Have you already manually verified the chain of trust of your ssl.crt using openssl verify? You might be missing an intermediate certificate. –dawud Apr 20 '14 at 7:25 no, how can i do it? @dawud –user3541736 Apr 20 '14 at 7:36 It is quite simple, read the verify(1) manpage. –dawud Apr 20 '14 at 7:39 okay sir. i will try it. –user3541736 Apr 20 '14 at 7:42 add a comment| active oldest votes Know someone who can answer? Share a link to this question via emai
[x] First Last Prev Next This bug is not in your last search results. Bug21160 - SSL certificate chain handling suddenly fails to work properly Summary: SSL certificate chain handling suddenly fails to work properly Status: CLOSED FIXED Product: Apache httpd-2 Classification: Unclassified Component: mod_ssl Version: 2.0.48 Hardware: PC Linux Importance: P3 normal (vote) TargetMilestone: --- Assigned To: Apache HTTPD Bugs Mailing List URL: Keywords: Duplicates: 13585 (view as bug list) Depends on: Blocks: Show dependency tree Reported: 2003-06-28 03:04 UTC by David Tonhofer Modified: 2004-11-16 19:05 UTC (History) CC List: http://serverfault.com/questions/590176/failed-to-configure-ca-certificate-chain-after-rebuilding-re-installing-os 3 users (show) elkner kleclair kris.verbeeck Attachments Add an attachment (proposed patch, testcase, etc.) Note You need to log in before you can comment on or make changes to this bug. Description David Tonhofer 2003-06-28 03:04:01 UTC There is as yet not much information here, I will have to try a few things first (next week, not today it's about 05:00). But here is what happens: Apache has https://bz.apache.org/bugzilla/show_bug.cgi?id=21160 been configured with three IP-based virtual servers on three different IP addresses. On each of these addresses, we have an SSL server, thus three SSL servers in total. One with a self-signed root CA certificate ROOT->C1->SSL virtual host Two with an 'official' CA certificate ROOT->C1->C2->SSL virtual host Everything has been configured, Apache has been happily chugging along... But then... After a restart, Apache goes through the SSL virtual servers and asks the password for each of the three private keys (good). After this, it fails (bad) with the following error in the error log: "Failed to configure CA certificate chain!" (Some additional info would have been of use, too) The weird thing is that the configuration for SSL had not changed at all. Thus the production server was suddenly dead in the water w/o reason. Also, each of the SSL virtual servers work if they are the only ones in the config file. Certain pairs also work, but not all. Finally, 'openssl verify' does not find anything amiss with the CA chains. So, that's all for now. More to follow (hopefully) What is this server: Apache/2.0.45 + mod_ssl/2.0.45 + OpenSSL/0.9.7b on a RH7.3 OS with gcc-2.96-110 and glibc-2.2.5-39 Comment 1 D
Site SSL certificate. And the thing is it can all be blamed on a poorly formatted Download Symantec Secure Site Primary and Secondary Intermediate CA bundle page. Yes http://danielsokolowski.blogspot.com/2012/12/verisignsymantec-failed-to-configure-ca.html even though it does say the word 'Download' you are actually asked to copy and paste; brilliant considering that if you do so your resulting file is malformed due to additional white https://supportforums.cisco.com/discussion/10823396/apache-will-not-start-if-ssl-enabled space on each line I did not notice the white space until well into my second hour of frustration and pain. Apache just chokes with "Failed to configure CA certificate chain!" or failed to "Unable to configure verify locations for client authentication" errors. For the substantial premium clients pay to use SSL Verisign certificates I must say I really expected better. To resolve the issue either manually remove the white spaces or create the chain file by copying and pasting from the 'Get Certificate' page (format X.509) the First Intermediate Certificate: and Second Intermediate Certificate: sections - End failed to configure Entity Certificate: is your SSLCertificateFile. Hope this helps you out, feel free to follow me on twitter: @danielsokolows or google plus. Posted by Daniel Sokolowski at 1:22 AM Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest 5 comments: furryscorpionleatherFebruary 9, 2013 at 2:52 AMI ran into the exact same problem and your article helped me avoid pulling hairs out! Symantec should fix this ASAP. There are clearly white spaces at the beginning of each line. This is a Symantec BUG.ReplyDeleteUnknownMarch 13, 2014 at 12:40 PMYou saved me too! Thank you and I am glad this was easy to find.ReplyDeleteMujtaba HaiderMarch 17, 2014 at 10:50 PMThank you a lot, your article made me review my intermediate.crt file and i found the problem.I was missing one hyphen sign out of five, at the end of file, and it took my days. Thanks again.ReplyDeleteJohann VázquezJune 12, 2014 at 4:22 AMTHANKS A LOT!!!!!!! Damned VeriSign Copy/Paste stufffffff!!!!ReplyDeleteKen PryorSeptember 18, 2014 at 5:34 PMThank you so much!ReplyDeleteAdd commentLoad more... Newer Post Older Post Home Subscribe to: Post Comments (Atom) Follow Me Google+ Followers Blog Archive ► 2016 (6) ► July (1) ► May (1) `
Follow Us Facebook Twitter Google + LinkedIn Newsletter Instagram YouTube DirectoryNetwork InfrastructureWAN, Routing and Switching LAN, Switching and Routing Network Management Remote Access Optical Networking Getting Started with LANs IPv6 Integration and Transition EEM Scripting Other Subjects SecurityVPN Security Management Firewalling Intrusion Prevention Systems/IDS AAA, Identity and NAC Physical Security MARS Email Security Web Security Other Subjects Service ProvidersMetro MPLS Voice Over IP XR OS and Platforms Video Other Subjects Collaboration, Voice and VideoIP Telephony Video Over IP Jabber Clients Unified Communications Applications TelePresence Digital Media System Contact Center Conferencing UC Migrations Other Subjects Wireless - MobilitySecurity and Network Management Wireless IP Voice and Video Getting Started with Wireless WLCCA Other Subjects ServicesCisco ServiceGrid Connected Analytics Smart Call Home Smart Net Total Care Operations Exchange Mobile ApplicationsCisco Proximity Cisco Technical Support Online Tools and ResourcesCisco Bug Discussions Technical Documentation Ideas Cisco CLI Analyzer Support Community Help Data CenterApplication Centric Infrastructure Application Networking Intelligent Automation Server Networking Storage Networking Unified Computing Wide Area Application Services (WAAS) Other Subjects Small BusinessNetwork Storage Routers Security Surveillance Switches Voice and Conferencing Wireless Solutions and ArchitecturesBorderless Networks Collaboration Cisco User GroupsSeattle Cisco User Group (SEACUG) Silicon Valley Cisco User Group (SVCUG) Southern California Cisco User Group (SCCUG) Cisco Certifications Cisco.com Idea Center Cisco Cafe Expert CornerTop Contributors Leaderboards Cisco Live! Events Events Community CornerAwards & Recognition Behind the Scenes Feedback Forum Cisco Certifications Cisco Press Café Cisco On Demand Support & Downloads Community Resources Security Alerts Security Alerts News News Video Cisco Support YouTube Cisco YouTube Blogs Technical Documentation Cisco Products Products Services Services Solutions Solutions Global Support Numbers Cisco S