SSLCertificateFile: file '/etc/ssl/servercerts/servercert.pem' does not exist or is empty
(Last modified: 02Jun2005)
This document (10097845) is provided subject to the disclaimer at the end of this document.
fact
Novell Open Enterprise Server
Suse Linux 9.1
symptom
SSLCertificateFile: file '/etc/ssl/servercerts/servercert.pem' does not exist or is empty
Starting httpd2 (worker) Syntax error on line 53 of /etc/apache2/vhosts.d/vhost-ssl.conf:
An error occurred while loading http://192.168.79.70
Could not connect to host 192.168.79.70
Apache2 is not running after fresh install of OES
cause
During the install of OES, the root user was given a password less than 4 characters, which caused the CA portion of the install to not create the Self Signed Certs used for Apache2.
fix
There are 2 options to resolve this problem.
Step 1 - Create Suse CA files.
Verify there is an /etc/ssl directory. If not, create it by doing the following:
# mkdir /etc/ssl
Change the rights to the /etc/ssl directory by doing the following:
# chown -R root /etc/ssl
# chmod g-rwx /etc/ssl
# chmod o-rwx /etc/ssl
Verify there is an /etc/ssl/demoCA directory, if not create it by doing the following:
# mkdir /etc/ssl/demoCA
# touch /etc/ssl/demoCA/index.txt
# echo '00000000' >> /etc/ssl/demoCA/serial
Generating the CA files by doing the following:
# openssl req -new -x509 -extensions v3_ca -keyout /etc/ssl/private/cakey.pem -out /etc/ssl/cacert.pem -days 1095
Generating a 1024 bit RSA private key
..++++++
..................++++++
writing new private key to '/etc/ssl/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Utah
Locality Name (eg, city) []:Provo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Novell
Organizational Unit Name (eg, section) []:NTS
Email Address []:support@novell.com
Step 2 - Create CSR and ServerKey file.
# openssl req -new -nodes -out /etc/ssl/servercerts/servercert.csr -keyout /etc/ssl/servercerts/serverkey.pem
Generating a 1024 bit RSA private key
........++++++
..........++++++
writing new private key to '/etc/ssl/servercerts/serverkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Utah
Locality Name (eg, city) []:Provo
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Novell
Organizational Unit Name (eg, section) []:NTS
Common Name (eg, YOUR name) []:FS1
Email Address []:support@novell.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:novell
An optional company name []:
Step 3 - Sign CSR with Suse CA
# openssl ca -cert /etc/ssl/cacert.pem -keyfile /etc/ssl/private/cakey.pem -out /etc/ssl/servercerts/servercert.pem -outdir /etc/ssl/servercerts -infiles /etc/ssl/servercerts/servercert.csr
Using configuration from /etc/ssl/openssl.cnf
30528:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=unique_subject
Enter pass phrase for /etc/ssl/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 0 (0x0)
Validity
Not Before: Jun 2 16:43:56 2005 GMT
Not After : Jun 2 16:43:56 2006 GMT
Subject:
countryName = US
stateOrProvinceName = Utah
organizationName = Novell
organizationalUnitName = NTS
commonName = FS1
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier: BF:40:F4:BA:55:24:1F:19:88:95:FA:C7:33:46:8A:A3:E3:65:81:F3
X509v3 Authority Key Identifier: keyid:C6:34:1E:26:CF:9F:CA:31:84:4F:F2:2A:60:F4:E3:87:8C:B8:29:4D
DirName:/C=US/ST=Utah/L=Provo/O=Novell/OU=NTS/CN=FS1/emailAddress=support@novell.com
serial:00
Certificate is to be certified until Jun 2 16:43:56 2006 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated.
document
Document Title: | SSLCertificateFile: file '/etc/ssl/servercerts/servercert.pem' does not exist or is empty |
Document ID: | 10097845 |
Solution ID: | NOVL102284 |
Creation Date: | 02Jun2005 |
Modified Date: | 02Jun2005 |
Novell Product Class: | Linux |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.