The fix - Generat a chain certificate using the root and intermediate certificates. Also remove the root ca certificate.
cat Root-R1.cer Intermediate.cer >> chain.cer Add to the chain to the vhosts file SSLCertificateChainFile /etc/httpd/conf/ssl/chain.cer Also comment out #SSLCACertificateFile /etc/httpd/conf/ssl/Root-R1.cer Finally SSL config SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl/xxx.com.cer SSLCertificateKeyFile /etc/httpd/conf/ssl/xxx.com.key SSLCertificateChainFile /etc/httpd/conf/ssl/chain.cer Thanks for the help. > On 25 Apr 2017, at 14:32, Robert Moskowitz <[email protected]> wrote: > > On my Centos system, I would be looking at: /etc/httpd/logs/ssl_error_log for > cert errors. > > On 04/25/2017 03:18 PM, Sweeny, Theo (Chief Customer Office) wrote: >> Hi Robert - the error found in /content/logs/httpd/error.log >> >> [Fri Apr 21 13:30:00.575781 2017] [ssl:emerg] [pid 97:tid 140688597538624] >> AH01895: Unable to configure verify locations for client authentication >> >> I think it is a SSL cert issue, since adding the ssl certs the server has >> stopped working. >> >>> On 25 Apr 2017, at 14:11, Robert Moskowitz <[email protected]> wrote: >>> >>> So what does /content/logs/httpd/error.log say? >>> >>> Often a permission problem. >>> >>> On 04/25/2017 02:55 PM, Sweeny, Theo (Chief Customer Office) wrote: >>>> Hello - I’ve installed new SSL certs on Apache v2.4.3 and for a single >>>> vhost - but the server won’t start. >>>> >>>> The error logs are - >>>> >>>> [Fri Apr 21 13:30:00.575805 2017] [ssl:emerg] [pid 97:tid 140688597538624] >>>> AH02311: Fatal error initialising mod_ssl, exiting. See >>>> /content/logs/httpd/error.log for more information >>>> >>>> [Fri Apr 21 13:30:00.575781 2017] [ssl:emerg] [pid 97:tid 140688597538624] >>>> AH01895: Unable to configure verify locations for client authentication >>>> >>>> Can you offer some pointers? >>>> >>>> Regards, >>>> >>>> Theo >>>> >>>> >>>> >>>> >>>> Direct Line Insurance Group plc. Registered in England & Wales No >>>> 02280426. Registered Office: Churchill Court, Westmoreland Road, Bromley, >>>> Kent, BR1 1DP >>>> >>>> This e-mail message is confidential and for use by the addressee only. If >>>> the message is received by anyone other than the addressee, please return >>>> the message to the sender by replying to it and then delete the message >>>> from your computer. You should not copy, print, distribute, disclose or >>>> use any part of it. Internet e-mails are not necessarily secure. By >>>> replying to this message you give your consent to our monitoring of your >>>> email communications with us. We do not accept responsibility for changes >>>> made to this message after it was sent. >>>> >>>> We cannot accept any liability for viruses transmitted via this email once >>>> it has left our network. We will never send e-mails requesting personal or >>>> confidential information. If you ever receive such an e-mail appearing to >>>> come from us, do not reply to it, instead please contact us immediately. >>>> >>>> ______________________________________________________________________ >>>> This email has been scanned by the Symantec Email Security.cloud service. >>>> For more information please visit http://www.symanteccloud.com >>>> ______________________________________________________________________ >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >>> ______________________________________________________________________ >>> This email has been scanned by the Symantec Email Security.cloud service. >>> For more information please visit http://www.symanteccloud.com >>> ______________________________________________________________________ >> >> ______________________________________________________________________ >> This email has been scanned by the Symantec Email Security.cloud service. >> For more information please visit http://www.symanteccloud.com >> ______________________________________________________________________ >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
