Errors after installing SSL and doing httpd restart

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
samiejg
Posts: 5
Joined: 2013/01/23 19:41:52

Errors after installing SSL and doing httpd restart

Post by samiejg » 2013/01/30 15:23:56

Hey Guys,

Just wondering if anybody can help me out with an issue here.

I'm trying to install SSL on my centos machine but am running into some issues.

I followed all the steps at "http://wiki.centos.org/HowTos/Https" and registered and SSL at another company (providing them my CSR) and after doing a "/etc/init.d/httpd restart" I am getting the following errors.

[root@localhost ssl]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: Syntax error on line 121 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateKeyFile: file '/etc/pki/tls/private/ca.key' does not exist or is empty
[FAILED]

However if I go: vi /etc/pki/tls/private/ca.key the private key is infact there with root ownerships and even tried changing the permissions to 777.

I generated the private key / CSR with the following:
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out csr.csr

Any suggestions?

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Errors after installing SSL and doing httpd restart

Post by gerald_clark » 2013/01/30 15:33:25

Did you heed the warning and perform the restorecon?

samiejg
Posts: 5
Joined: 2013/01/23 19:41:52

Re: Errors after installing SSL and doing httpd restart

Post by samiejg » 2013/01/30 15:49:39

Doh.... I will try that. I thought that had something to do with backing up my files.

Thanks :-)

Oscar Frank
Posts: 1
Joined: 2013/12/21 03:04:31

Re: Errors after installing SSL and doing httpd restart

Post by Oscar Frank » 2013/12/21 03:07:25

Instal Apache mod ssl

Code: Select all

# yum install mod_ssl
Go to certs folder in centos 6

Code: Select all

# cd /etc/ssl/certs/
Regenerate Private Key and CSR with the help of following OpenSSL command

Code: Select all

# openssl req -nodes -newkey rsa:2048 -keyout namhuy_net.key -out namhuy_net.csr
Get the CA Root Certificate from Verisign, Thawte, Globalsign, Comodo. After you purchase a cert from those vendor, you will get an email w/ cert files. Upload those files to

Code: Select all

/etc/ssl/certs/
Save the combined file as namhuy_net.pem. The .pem file is now ready to use.

The SSL configuration file for Apache is where I ended up putting the configurations for my server.

Code: Select all

# nano /etc/httpd/conf.d/ssl.conf
Edit lines

Code: Select all

SSLEngine on
SSLCertificateFile /etc/ssl/certs/namhuy_net.crt
SSLCertificateKeyFile /etc/ssl/certs/namhuy_net.key
SSLCertificateChainFile /etc/ssl/certs/namhuy_net.pem
Restart httpd service

Code: Select all

# service httpd restart
Source: http://namhuy.net/760/how-to-install-an ... pache.html

Post Reply

Return to “CentOS 5 - Server Support”