Welcome to Server Circle. It's a friendly site and all levels of experience are welcome. Be aware that we use cookies for your login.
Server Circle - Ask questions about Servers and get answers from experts.
Beta (0.87 sec)
Apache SSL Certificate problem

I have a SSL site working now but the certificate runs out soon. I purchased a renewed certificate and installed it like I have done a thousand times before but it doesn't work.

When I reload the web server it just fails no errors in stdout or in the logs. I put the old certs back in and everything works fine.

Now my cert provider has upgraded to 2048 encryption so I had to regenerate my private key before I could use the new cert. Yes I am pointing to the new key and the new cert in my conf file. If I could get an error that would be great then I could figure it out but I'm getting anything. This is a production system so down time is unacceptable but I need to update this cert. Any body know how I can troubleshoot this?

Ubuntu 10.04 server x86_64

Apache 2.2.14
Asked by:
fieropunk
260 points
 Report Abuse
 Share Page - Category: Linux Servers - Tags: Apache SSL Certificate problem
 Enter your response
Please use Pastie.org to paste lengthy code or to fix formatting issues with code
  • Responses in reverse (2)

The private key is tied to the certificate, you can't just create a new private key to work with an already existing certificate.

You'd create a key pair, then use it to generate a certificate request, then have that signed by your certificate authority. Then you'd use the certificate they give you back with the key you generated. As Trinity says, that certificate may be signed by a root authority of an intermediate authority in which case, you'll have to configure apache to send that (and possibly more in the chain) to clients as well so that they can link your certificate to the root certificate authority they trust (SSLCACertificateFile configuration parameter).

To get more information from apache, try and increase the log level:

LogLevel debug

Response by:
s
3383 points
This caught me out recently.

These days you need an intermediate certificate to create a trusted chain.

See second part here:

http://help.globalscape.c ...

Your cert's root authority website should give you it, eg Geotrust even if you bought the cert from RapidSSL. Sorry if my terminology is a bit wrong, hopefully you get the idea.

Response by:
Trinity
2782 points


  • Related Questions

by Keith (432 points) in Linux Servers - 0 replies

by jesny (50 points) in Linux Servers - 0 replies

by tmtt (440 points) in Linux Servers - 2 replies


About Us : Contact Us : Etiquette : Terms : CDN Failover : ShorterURL : CDN Fallback : © 2013 Server Circle