1748181 Members
3423 Online
108759 Solutions
New Discussion юеВ

Apache SSL problem

 
Seetha Lakshmi
Frequent Advisor

Apache SSL problem

I have an web application using SSL. On some servers my application doesn't start and the following error message is logged in the error log file.

Thu Feb 3 03:35:39 2005] [crit] error setting verify locations
[Thu Feb 3 03:35:39 2005] [crit] error:02001002:system library:fopen:No such file or directory
[Thu Feb 3 03:35:39 2005] [crit] error:2006D002:BIO routines:BIO_new_file:system lib
[Thu Feb 3 03:35:39 2005] [crit] error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib

Can anyone help me with the problem
16 REPLIES 16
RAC_1
Honored Contributor

Re: Apache SSL problem

To me it looks like it is problem with few of the libraries on some boxes. Are all libraries present on the boxes where it is a problem??

Anil
There is no substitute to HARDWORK
Seetha Lakshmi
Frequent Advisor

Re: Apache SSL problem

Can you mention the names of the library files.
Peter Godron
Honored Contributor

Re: Apache SSL problem

Seetha,
have you got a SSLCertificateFile or SSLCertificateKeyFile ?
Where are they located?
Regards
Seetha Lakshmi
Frequent Advisor

Re: Apache SSL problem

Yes, they are located under apache/ssl/certs and apache/ssl/private directories.
Peter Godron
Honored Contributor

Re: Apache SSL problem

Seetha,
may also be worthwhile to try:
SSLCACertificatePath may have to be fully qualified
i.e. same as ServerRoot
ServerRoot /etc/httpsd
SSLCACertificatePath /etc/httpsd/certifs
Regards
Seetha Lakshmi
Frequent Advisor

Re: Apache SSL problem

Yes i have fully qualified the certificate file and the key file.

SSLCertificateKeyFile apache/ssl/private/$WEB_HOST.key
SSLCertificateFile apache/ssl/certs/$WEB_HOST.cert

Peter Godron
Honored Contributor

Re: Apache SSL problem

Seetha,
would you not need a "/" before the first entry to make the path absolute?
Steven E. Protter
Exalted Contributor

Re: Apache SSL problem

Are these the SSL keys and Certs that came with apache. Those are somewhat fake and useless, using the name localhost.localdomain.

I recently learned (last Friday) how to generate proper ssl certificates and keys. If this is where the problem is I can connect to a machine at another office and get you the script I developed to semi automate the process.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Seetha Lakshmi
Frequent Advisor

Re: Apache SSL problem

No. actually i have set them as follows.

SSLCertificateKeyFile $WEB_HOME/data/apache/ssl/private/$WEB_HOST.key
SSLCertificateFile $WEB_HOME/data/apache/ssl/certs/$WEB_HOST.cert

Where the variables WEB_HOME and WEB_HOST are set by the application