View Single Post
  #6  
Old 8th November 2011, 17:00
zenny zenny is offline
Senior Member
 
Join Date: Nov 2006
Posts: 178
Thanks: 21
Thanked 7 Times in 7 Posts
Exclamation

Quote:
Originally Posted by till View Post
The file /etc/httpd/conf/sites-available/ispconfig.vhost is managed by the ispconfig installer and should not be edited manually. So which exact changes did you do there that caused apache to fail?

The messages in the log you posted are not related to ssl and they are no errors that may cause apache to fail.
I followed http://www.faqforge.com/linux/contro...-controlpanel/ to make the changes.

Actually I tried to create a certificate for a virtual domain and it created problem.

Your second reply above helped me to restart the httpd server. However, SNI/SSL does not seem to be working with the newly created certificate.

/var/log/httpd/error.log states:

Quote:
[Tue Nov 08 16:01:18 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 16:01:52 2011] [notice] mod_fcgid: call /var/www/thehumanape.org/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 16:02:02 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 16:02:03 2011] [notice] mod_fcgid: process /var/www/mydomain.tld/web/index.php(6375) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 16:02:13 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 16:02:16 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 16:02:16 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 16:02:16 2011] [notice] Digest: done
[Tue Nov 08 16:02:17 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
and /var/log/httpd/ssl_error.log states almost nothing (last few lines among several):

Quote:
[Tue Nov 08 16:01:14 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:01:17 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:01:18 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:02:16 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 16:02:17 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Just wondering how to make SNI work with a single IP to cater several ssl connections to virtual domains?

Last edited by zenny; 8th November 2011 at 17:12.
Reply With Quote