0

I created a Private Key, CSR, and CRT using the below commands to run a Website using HTTPS on Apache 2.4.6. And the Operating System is Cent OS 7.

// To generate a Private Key
1. openssl genrsa -des3 -out www.licweb.com.key 1024

// To generate CSR
2. openssl req -new -key www.licweb.com.key -out www.licweb.com.csr

// To generate CRT
3. openssl x509 -req -days 365 -in www.licweb.com.csr -signkey www.licweb.com.key -out www.licweb.com.crt

Now, I am referencing the above created files in my httpd.conf file. But after that, when I try to RESTART Apache, I get the following error:

ERROR: SSLCertificateFile: file '/var/www/html/licweb/www.licweb.com.crt' does not exist or is empty

  1. The Path is correct.
  2. The File also Exist.
  3. There is even Data in the file and hence it is not empty.

[WHAT I TRIED]

I tried the following Solutions found on Google Resources:

Solution 1:

Executing command apachectl configtest which is running fine.

Solution 2:

Repairing SELinux with the below commands:

1. sudo restorecon -Rv /etc/pki/tls/certs/ 
2. chcon --reference=/etc/pki/tls/private/localhost.key /etc/pki/tls/private/ca.key

Solution 3:

chcon -t cert_t /etc/pki/tls/private/my.key

But none of the Solutions are working. I am still getting the same Error.

I think even the permissions are fine:

ls -l www.licweb.com.key
-rwxrwxrwt. 1 root root 963 Jul 17 10:39 www.licweb.com.key

I cannot think of any other Solution. Does anybody have any idea what is going wrong or what am I doing wrong. Any help will be highly appreciated. Thanks.

Improve this question
2
  • You should include the relevant parts of your httpd config.
    – Jenny D
    Commented Jul 18, 2018 at 8:09
  • Thanks for the question, for me chcon -t cert_t /etc/pki/tls/private/my.key did the trick, although I didn't see any changes in file's and its permissions which seemed OK from the start.
    – Picard
    Commented Sep 2, 2021 at 7:25

3 Answers 3

Reset to default
3

Note that the message you quoted referred to the Certificate File /var/www/html/licweb/www.licweb.com.crt while everything you mention after "WHAT I TRIED" refers to the Key File.

Note also that the key file is not supposed to have the permissions you mentioned. The permissions for the key file should be owner root and mode 600. Many applications that read key files check that the mode doesn't allow access to others. So the permissions on the key would also cause an error, but it would be a different error.

In the solutions you tried, you have keys in /etc/pki/tls while the error message refers to /var/www/html/licweb. There is also a ca.key mentioned, but your certificate is self signed.

Improve this answer
3
  • I again tried everything with .crt. Tried changing the permissions to 600. Error still persists. And I am not able to follow your last paragraph about ca.key. So what if there is a ca.key and I have self-signed certificate?
    – Ankit Prajapati
    Commented Jul 17, 2018 at 20:18
  • @Ankit Prajapati You write "2. chcon .../ca.key". CA in this context usually means Certificate Authority, the authority or root that signs your certificate and possible many others. The contrast is a certificate not signed by a CA, it is self signed. What is the content of the file '/var/www/html/licweb/www.licweb.com.crt'? It is no problem to make the certificate public, it will be sent to all the clients anyway. The key file has to be kept secret.
    – RalfFriedl
    Commented Jul 17, 2018 at 20:28
  • I ran the following command on my parent folder "licweb" as >>restorecon -Rv licweb/ and the error is gone. It did some resetting. Now the Apache is running fine. Thank you so much for all the help because of your efforts I got the idea. Highly appreciated.
    – Ankit Prajapati
    Commented Jul 17, 2018 at 20:38
0

Check again your resources. You need:

  • www.licweb.com.key
  • www.licweb.com.crt (or .pem)
  • ca.crt

All of them have to be in readable path and in readable permissions.

In your apache configuration you need something like this

SSLEngine on
SSLCertificateFile /path/to/www.licweb.com.crt
SSLCertificateKeyFile /path/to/www.licweb.com.key
SSLCertificateChainFile /path/to/ca.crt

You do not need ca.key

Improve this answer
0

Try This Its works sudo chcon -t httpd_sys_rw_content_t {folder_path}

eg {folder_path} if cert files in /var/ssl

{folder_path}=/var/ssl/*

After Restart apache server

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .