Error Unable To Configure Verify Locations For Client Authentication Apache
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this apache 2.4 unable to configure verify locations for client authentication site About Us Learn more about Stack Overflow the company Business Learn more apache server should be ssl-aware but has no certificate configured about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x [hint: sslcertificatefile] ((null):0) Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up httpd not
Fatal Error Initialising Mod_ssl, Exiting.
starting after installing certificate [closed] up vote 11 down vote favorite 3 i got a ssl cert and im running ubuntu the domain.crt and domain.ca-bundle files and in the folder as specified but no matter what i keep getting these errors [Sat Jul 27 06:35:00 2013] [error] Unable to configure verify locations for client authentication [Sat Jul 27 06:35:00 2013] [error] SSL Library Error: 218570875 sslcacertificatefile error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long [Sat Jul 27 06:36:55 2013] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/default-ssl:2) my port.conf is NameVirtualHost *:80 Listen 80
4 messages Bill Moseley Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ "Unable to unable to configure rsa server private key configure verify locations for client authentication" I am not trying to
Sslcertificatechainfile
set up client auth on Apache, just install a new SSL certificate.The instructions[1] for the new certificate says
Apache Ssl
to install and intermediate certificate:SSLCACertificateFile /usr/local/ssl/crt/intermediate.crt I've done that, confirmed the paths and the certificate, but apache reports: [error] Unable to configure verify locations for client authenticationIf I comment http://stackoverflow.com/questions/17898135/httpd-not-starting-after-installing-certificate out that directive in httpd.conf the server starts fine and the site works ok for some newer browsers but older browsers (including FF3.6.8) report that the CA is unknown. Searching Google for that error message I find mostly people trying to set up client auth, which I'm not trying to do.For example: http://www.mail-archive.com/modssl-users@.../msg17547.html, but again that user was trying http://openssl.6102.n7.nabble.com/quot-Unable-to-configure-verify-locations-for-client-authentication-quot-td28713.html to set up client auth, plus SSLCADNRequestFile is not a known config setting in my environment. Running an old version of Apache, unfortunately: Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7eAny ideas? Thanks,[1] https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO15167 -- Bill Moseley[hidden email] Kyle Hamilton Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: "Unable to configure verify locations for client authentication" You're looking at a couple of issues here. (First, please be aware that this is the OpenSSL users list, not necessary a mod_ssl support list; however, since they're intertwined, we do have some knowledge of mod_ssl.) What you need to do is change that from 'SSLCACertificateFile' to 'SSLCACertificateChainFile'. The documentation on SSLCACertificateChainFile: This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the var
8.1 Search Apache SSL for Dummies... Ask all your questions regarding OC 8.0 and 8.1 Please read the https://forum.owncloud.org/viewtopic.php?t=31646 Support Forum Rules Forum rules The forums were migrated over to http://docstore.mik.ua/orelly/weblinux2/apache/ch11_10.htm https://central.owncloud.org which is based on the forum software Discourse. The forums here is put into read-only mode starting from today.More background information about this move and the reasoning behind it is available in this blogpost:https://daniel.molkentin.net/2016/07/20 ... d-central/ Locked Print view Search Advanced search unable to 4 posts • Page 1 of 1 friede Newbie Posts: 2 Joined: Tue Nov 17, 2015 5:29 pm ownCloud version: 8.1.3 Webserver: Apache Database: MySQL OS: Linux PHP version: 5.6.14 Apache SSL for Dummies... Quote Postby friede » Sun Nov 22, 2015 12:02 pm Hello world,I am struggeling with Apache for a week now...My Owncloud-Server unable to configure is a virtual Debian 8 running inside VirtualBox on a physical Debian 7 (Openmediavault). Port forwarding and DynDNS are working great but I struggle with the SSL setup. So far I created a pair of private key and CSR, copied that CSR to Godaddy and downloaded the new certificate with the according cert_bundle. I enabled SSL and added the certificate and key paths to the default-ssl.conf in /sites-availabe. Until this point the apache default site was available on port 80. After reloading apache it fails to start and everything is broken. I tried this several times thanks to the snapshot I created before messing with the SSL settings. Could you please help me? I think there is the one thing that I'm missing but can't figure out what it is.Please tell me which further information you need and I will answer immediately.Thank you so much- friedeEdit:sites-enabled folder:Code: Select allroot@Owncloud-Server:/etc/apache2/sites-enabled# ls (PL) sees things more from the point of view of the ordinary web master who wants to get his wares before the public. Security of the web site is merely one of many problems that have to be solved. It is rather as if you had to take a PhD in combustion technology before you could safely buy and operate a motor car. The motor industry was like that around 1900 -- it has moved on since then. In earlier editions we rather cravenly ducked the practical questions, referring the reader to other authorities. However, we feel now that things have settled down enough that a section on what the professionals call "cookbook security" would be helpful. We would not suggest that you read this and then set up an online bank. However, if your security concerns are simply to keep casual hackers and possible business rivals out of the back room, then this may well be good enough. Most of us need a good lock on the front door, and over the years we have learned how to choose and fit such a lock. Sadly this level of awareness has not yet developed on the Web. In this section we deal with a good, ordinary door lock -- the reactive letter box is left to a later stage. 11.10.1. Cookbook Security The first problem in security is to know with whom you are dealing. The client's concerns about the site's identity ("Am I sending my money to the real MegaBank or a crew of clowns in Bogota?") should be settled by a server certificate as described earlier. You, as the webmaster, may well want to be sure that the person who logs on as one of your valued clients really is that person and not a cunning clown. Without any extra effort, SSL encrypts both your data and your Basic Authentication passwords (see Chapter 5) as they travel over the Web. This is a big step forward in security. Bad Guys trying to snoop on our traffic should be somewhat discouraged. But we rely on a password to prove that it isn't a Bad Guy at the client end. We can improve on that with Client Certificates. Although the technology exists to verify that the correct human body is at the console -- by reading fingerprints or retina patterns, etc. -- none of this kit
000-default.conf default-ssl.conf
default-ssl.conf:Code: Select all