Login or Register to Ask a Question and Join Our Community


Web Development

Apache: SSLACARevocation directive issue

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Web Development Apache: SSLACARevocation directive issue
# 1  
Old 10-19-2009
Apache: SSLACARevocation directive issue
I am installing a .crl in my apache config. It looks like this:

Code:
<VirtualHost default>

DocumentRoot "web" ServerName example.com

SSLEngine on

SSLCertificateFile "cert.crt" SSLCertificateKeyFile "key.key" SSLCertificateChainFile "cert.ca-bundle"

SSLProtocol -all +SSLv3 SSLCipherSuite SSLv3:+HIGH:+MEDIUM

<Directory />

Order deny,allow Allow from all

SSLCACertificateFile "ClientRootCert.crt"

SSLVerifyClient require SSLVerifyDepth 3

SSLCARevocationFile "CRLList.crl"

</Directory>

</VirtualHost>

When Apache is started, I get the error:

SSLCARevocationFile not allowed here

When I place SSLCARevocationFile above the Directory tag, Apache starts, but all client certs are rejected with the message:

ssl_error_expired_cert_alert (both revoked and active certs)

How to solve this?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Ubuntu

Apache - Files directive does not work

HI guys. when i configure Files in this way: <Files ~ "\.png$"> deny from all </Files> it works. but when defining in this way it doesn't work: <Files /var/www/test/file.png> deny from all </Files> directives are not inside Directory directive. Could someone help? (0 Replies)
Discussion started by: majid.merkava
0 Replies

2. Red Hat

Apache 2.2.17 compile issue.

Hi, I am using RedHat Linux 5.3 64bit OS.. When i try to compile apache 2.2.17. during the make install i am getting the below error. Appreciate your help. rsync: link_stat "/Application/softwares/softwares/httpd-2.2.15/docs/manual/." failed: Permission denied (13) rsync: cannot stat... (4 Replies)
Discussion started by: Krrishv
4 Replies

3. AIX

Apache Installation issue

HI Guys, I got the below error while trying to install the apache2.2.15. from the error I can interpret that some of the .h files are missing. I guess those are C library header files.. Can you help me with it. bash-3.00# make Making all in srclib Making all in apr /bin/sh... (3 Replies)
Discussion started by: kkeng808
3 Replies

4. Web Development

regex in apache Allow from directive

Hi, Does the apache Allow from directive support regular expressions? such as: Allow from ^web11blah\.blah\.blah\.yahoo\.com$ what i want to do: allow access from hosts in the range web1160blah.blah.blah.yahoo.com to web1189blah.blah.blah.yahoo.com notice the 1160 to 1189 range as part... (3 Replies)
Discussion started by: Yogesh Sawant
3 Replies

5. Web Development

Apache 2.0 Issue

I did not see a DocumentRoot entry in apache2.conf so I manually put one. DocumentRoot /mohit I restarted apache services but the the pages do not serve from that location. Can someone tell me what I need to do? (4 Replies)
Discussion started by: mojoman
4 Replies

6. UNIX for Advanced & Expert Users

Apache issue

I am trying to get a number of virtual server running on a linux/apache box. I have the virtual server configure properly. However doesn't matter what happens it allways ends up in the / directory (root for apache) and brings up the default page. If I look at the log files all i ever see is GET /,... (1 Reply)
Discussion started by: frankkahle
1 Replies

7. Solaris

Apache start issue

Hi group, I need help to start apache in following scenario: 1) Say apache is installed on solaris OS by user 'root'. 2) An entry is there in httpd.conf that says to start apache process as user: #User <RUN_AS_USER> is edited as User user1 2) Now say user2 has logged and tries to start... (6 Replies)
Discussion started by: rs266
6 Replies

8. Solaris

Apache config issue

I want to build a little website on a Sun Blade 100 running Solaris 10. I just went out to apache.org and downloaded Unix Source: httpd-2.2.8.tar.gz After unpacking the tarball, I CD'd into the subdirectory and ran the configure utility. Of course, it crapped out. I see that it is... (17 Replies)
Discussion started by: BrewDudeBob
17 Replies

9. Solaris

Apache Configuration issue on Solaris

I seem to have an issue with Apache configurationon our Sun solaris Server. Since there are 2 my_app instances running in parallel, the perl modules in my_app_perl_libs are getting shared between them, even though they are in different directories (/u01/my_app and /u01/my_app8). This is because... (1 Reply)
Discussion started by: rahulrathod
1 Replies

10. UNIX for Dummies Questions & Answers

apache directive only for outside network

I set up a directive for the .htaccess file in one of my web directories. It works fine. Is there a way to force only users outside my internal home network to go through the password authorization? Or, put another way, any user in my network should not have to enter a password. Is that possible? (2 Replies)
Discussion started by: dangral
2 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pmdaapache

PMDAAPACHE(1)						      General Commands Manual						     PMDAAPACHE(1)

NAME

       pmdaapache - Apache2 web server performance metrics domain agent (PMDA)

SYNOPSIS

       $PCP_PMDAS_DIR/apache/pmdaapache [-d domain] [-l logfile] [-U username] [-S server] [-P port] [-L location]

DESCRIPTION

       pmdaapache is a Performance Metrics Domain Agent (PMDA) which extracts performance metrics describing the state of an Apache web server.

       The  apache  PMDA  exports metrics that measure the request rate, cumulative request sizes, uptime and various connection states for active
       clients.

       This information is obtained by performing a HTTP request to the server status URL, which must be enabled in the  httpd.conf  configuration
       file.

	    ExtendedStatus on
	    <Location /server-status>
	    SetHandler server-status
	    Order deny,allow
	    Deny from all
	    Allow from localhost
	    </Location>

       A brief description of the pmdaapache command line options follows:

       -d   It	is  absolutely crucial that the performance metrics domain number specified here is unique and consistent.  That is, domain should
	    be different for every PMDA on the one host, and the same domain number should be used for the same PMDA on all hosts.

       -l   Location of the log file.  By default, a log file named apache.log is written in the current directory of pmcd(1) when  pmdaapache	is
	    started,  i.e.   $PCP_LOG_DIR/pmcd	.   If	the log file cannot be created or is not writable, output is written to the standard error
	    instead.

       -S   Query the Apache status information from the named server rather than the local host.

       -P   Query the Apache status information from the given port rather than the default (80).

       -L   Specify an alternative location for finding the server-status page.

       -U   User account under which to run the agent.	The default is the unprivileged "pcp" account in current versions of  PCP,  but  in  older
	    versions the superuser account ("root") was used by default.

INSTALLATION

       If you want access to the names, help text and values for the apache performance metrics, do the following as root:

	    # cd $PCP_PMDAS_DIR/apache
	    # ./Install

       If you want to undo the installation, do the following as root:

	    # cd $PCP_PMDAS_DIR/apache
	    # ./Remove

       pmdaapache  is  launched by pmcd(1) and should never be executed directly.  The Install and Remove scripts notify pmcd(1) when the agent is
       installed or removed.

FILES

       $PCP_PMCDCONF_PATH
		 command line options used to launch pmdaapache
       $PCP_PMDAS_DIR/apache/help
		 default help text file for the apache metrics
       $PCP_PMDAS_DIR/apache/Install
		 installation script for the pmdaapache agent
       $PCP_PMDAS_DIR/apache/Remove
		 undo installation script for the pmdaapache agent
       $PCP_LOG_DIR/pmcd/apache.log
		 default log file for error messages and other information from pmdaapache

PCP ENVIRONMENT

       Environment variables with the prefix PCP_ are used to parameterize the file and directory names used by PCP.  On  each	installation,  the
       file  /etc/pcp.conf contains the local values for these variables.  The $PCP_CONF variable may be used to specify an alternative configura-
       tion file, as described in pcp.conf(5).

SEE ALSO

       PCPIntro(1), httpd(8), pmcd(1), pcp.conf(5) and pcp.env(5).

Performance Co-Pilot							PCP							     PMDAAPACHE(1)