Errors with SSL and Apache
Articles and Tips: qna
01 Feb 2003
Q.
I am trying to get the Apache Web server to work with SSL on my NetWare server. When I load Apache, I get the following error:
[crit] (10022) error: make_secure_socket: for port 443, WSAIoctl: (SO_SSL_SET_SERVER)
Why is this happening?
Erroring in Edina
A.
Dear Erroring: The error message, SO_SSL_SET_SERVER, is actually a catch-all for several types of errors, including:
The certificate does not exist
The certificate name is spelled wrong
The certificate has expired
The encryption modules are corrupt or missing
To resolve this problem, make sure that the certificate exists. Note that the name will look something like "SSL Certificate - Servername" in NWadmin or ConsoleOne utility.
The server name is added automatically and should not be entered in the configuration file. Go to the SYS:APACHE/CONF/HTTD.CONF file and edit the section <IfModule Mod_tls.c> and change it to match the NDSPKI: Key Material DN that is stored on the servers SAS Service object. It should look like the following:
<IfModule Mod_tls.c>
SecureListen 443 "SSL CertificateIP"
</IfModules>
If the certificate exists, open it up (properties) and check the expiration date. If the certificate has expired, you will need to re-create it. Please see TID #10026561 "Error: 'SAS_Register failed. KMO/key=SSL CertificateIP! (-13)'" for more information.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.