CB2.0: Add SSLCACertificateFile to User VirtualHosts is shared cert is used

Version 1.45.1


This is a bug, introduced when Apache 2.4.9 was released. The issue only happened on CentOS 5. CentOS 6 (newer openssl?) was unaffected. The related error generated by Apache was: [Wed Apr 02 03:28:02.003967 2014] [ssl:emerg] [pid 1048] AH02562: Failed to configure certificate www.example.com:443:0 (with chain), check /etc/httpd/conf/ssl.crt/server.crt [Wed Apr 02 03:28:02.004032 2014] [ssl:emerg] [pid 1048] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? AH00016: Configuration Failed After hours of trying many different combinations, it was discovered that we were able to get apache running by adding this line: SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.ca to ALL VirtualHost entires that used the shared server certificate, mentioned in the error. Before we added the entry to all relevant 443 VHs, the state was such that: 1) /etc/httpd/conf/extra/httpd-vhosts.conf did have the server.ca (default VirtualHost for server IP) 2) /etc/httpd/conf/extra/httpd-ssl.conf did not have the server.ca in: <VirtualHost _default_:443> 3) All User httpd.conf VirtualHosts that used the server.crt didn't have the server.ca either. Adding the server.ca to files #2 and #3, Apache started up. ============== It was also noticed (for custombuild 1.2) that the same applied: All VirtualHosts that mention the server.crt MUST load the server.ca. When NO SSLCACertificateFile lines were used at all, apache generated the error and refused to start. I'm not sure if the contents of the server.ca are relevant... we provide a generic file with many of the common authorities. As the server.crt is self-signed.. (but also tested with signed, same effect)

Try DirectAdmin with a 30-day money back guarantee!