I’ve enabled debug log for ssl in the vhosts file like so -
<IfModule mod_ssl.c>
ErrorLog /var/log/apache2/ssl_engine.log
LogLevel debug
</IfModule>
The output from this log is
[Fri Apr 21 16:38:35.834335 2017] [ssl:info] [pid 576:tid 140583896000320]
AH02200: Loading certificate & private key of SSL-aware server 'xxx.com:443'
[Fri Apr 21 16:38:35.834528 2017] [ssl:debug] [pid 576:tid 140583896000320]
ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase
not required
[Fri Apr 21 16:38:35.853856 2017] [ssl:info] [pid 576:tid 140583896000320]
AH01914: Configuring server 'xxx.com:443' for SSL protocol
[Fri Apr 21 16:38:35.853973 2017] [ssl:emerg] [pid 576:tid 140583896000320]
AH01895: Unable to configure verify locations for client authentication
> On 25 Apr 2017, at 14:32, Robert Moskowitz <[email protected]> wrote:
>
> On my Centos system, I would be looking at: /etc/httpd/logs/ssl_error_log for
> cert errors.
>
> On 04/25/2017 03:18 PM, Sweeny, Theo (Chief Customer Office) wrote:
>> Hi Robert - the error found in /content/logs/httpd/error.log
>>
>> [Fri Apr 21 13:30:00.575781 2017] [ssl:emerg] [pid 97:tid 140688597538624]
>> AH01895: Unable to configure verify locations for client authentication
>>
>> I think it is a SSL cert issue, since adding the ssl certs the server has
>> stopped working.
>>
>>> On 25 Apr 2017, at 14:11, Robert Moskowitz <[email protected]> wrote:
>>>
>>> So what does /content/logs/httpd/error.log say?
>>>
>>> Often a permission problem.
>>>
>>> On 04/25/2017 02:55 PM, Sweeny, Theo (Chief Customer Office) wrote:
>>>> Hello - I’ve installed new SSL certs on Apache v2.4.3 and for a single
>>>> vhost - but the server won’t start.
>>>>
>>>> The error logs are -
>>>>
>>>> [Fri Apr 21 13:30:00.575805 2017] [ssl:emerg] [pid 97:tid 140688597538624]
>>>> AH02311: Fatal error initialising mod_ssl, exiting. See
>>>> /content/logs/httpd/error.log for more information
>>>>
>>>> [Fri Apr 21 13:30:00.575781 2017] [ssl:emerg] [pid 97:tid 140688597538624]
>>>> AH01895: Unable to configure verify locations for client authentication
>>>>
>>>> Can you offer some pointers?
>>>>
>>>> Regards,
>>>>
>>>> Theo
>>>>
>>>>
>>>>
>>>>
>>>> Direct Line Insurance Group plc. Registered in England & Wales No
>>>> 02280426. Registered Office: Churchill Court, Westmoreland Road, Bromley,
>>>> Kent, BR1 1DP
>>>>
>>>> This e-mail message is confidential and for use by the addressee only. If
>>>> the message is received by anyone other than the addressee, please return
>>>> the message to the sender by replying to it and then delete the message
>>>> from your computer. You should not copy, print, distribute, disclose or
>>>> use any part of it. Internet e-mails are not necessarily secure. By
>>>> replying to this message you give your consent to our monitoring of your
>>>> email communications with us. We do not accept responsibility for changes
>>>> made to this message after it was sent.
>>>>
>>>> We cannot accept any liability for viruses transmitted via this email once
>>>> it has left our network. We will never send e-mails requesting personal or
>>>> confidential information. If you ever receive such an e-mail appearing to
>>>> come from us, do not reply to it, instead please contact us immediately.
>>>>
>>>> ______________________________________________________________________
>>>> This email has been scanned by the Symantec Email Security.cloud service.
>>>> For more information please visit http://www.symanteccloud.com
>>>> ______________________________________________________________________
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [email protected]
>>>> For additional commands, e-mail: [email protected]
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>> ______________________________________________________________________
>>> This email has been scanned by the Symantec Email Security.cloud service.
>>> For more information please visit http://www.symanteccloud.com
>>> ______________________________________________________________________
>>
>> ______________________________________________________________________
>> This email has been scanned by the Symantec Email Security.cloud service.
>> For more information please visit http://www.symanteccloud.com
>> ______________________________________________________________________
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
