Make your certificates readable by the web server user

Code and wisdom in this article have not been kept up-to-date. Use them at your own peril.

Problem: Apache-SSL logs “Ops, no RSA or DSA server certificate found?!” in its error log; secure hosts don’t work as a result.

Solution: The most obvious possibility is that you have the wrong value in your SSLCertificateFile or SSLCertificateKeyFile apache directives. Check them, then check them again.

However, a less obvious possibility is that the two files do not have the correct permissions. In particular, it is common (and desirable) to apply strict permissions to the key file; it should not be readable by anyone but the web server user. However, it’s very easy to make it not readable by anyone other than you instead, thus preventing the web server from working and getting the above cryptic error.

The certificate file should be readable by everyone and writable by the owner; the key file should be readable and writable only by the owner. Both should be owned by the web server user.

Filed under:
 0 Comments0 CommentComment
Contact