Chapter 5 |
Troubleshooting |
This document provides a list of common errors and their meanings. If you are having a problem that is not covered in this document, contact Stronghold technical support at apachessl-support@c2.net.
Error setting default verify locationsSSLCACertificatePath and/or SSLCACertificateFile are set incorrectly in the configuration file. If SSLCACertificateFile is set, the file need to include PEM-encoded certificate filenames. If SSLCACertficatePath is set, the directory it specifies needs to include PEM certificate files, with appropriate hash symlinks.Can't open certificate file ``X.''
The certificate file specified with SSLCertificateFile is unreadable.Error reading server certificate file ``X.''
The certificate file specified with SSLCertificateFile is corrupt. Check to make sure it is a PEM-encoded certificate file. Check to make sure the file is not empty.Can't open key file ``X.''
The key file specified with SSLCertificateKeyFile is unreadable.Error reading private key file ``X.''
The key file is corrupt, or the password you are using to decrypt the file is incorrect.No SSLRoot set for server ``X.''
The SSLRoot directive is missing from the SSL configuration file.No SSL Certificate set for server X.
The SSLCertificateFile directive is missing from the SSL configuration file.Bad value for SSLVerifyClient (X).
SSLVerifyClient is less than 0 or greater than 2. Set its value to 0, 1, or 2.Required SSLLogFile missing.
The SSLLogFile directive is missing from the SSL configuration file.bad base64 decode
The PEM-encoded file's BASE64 coding is corrupt.bad decrypt
The passphrase for the encrypted PEM file is incorrect.bad end line
The PEM file has no end line. Insert the endline --END X509 CERTIFICATE--.no start line
The PEM file has no start line (maybe the file is empty).stderr shows i=-1 enc_bits=5
The key file and certificate file do not match. Use the checkcert utility to make sure that the filenames for ${SSLTOP}/certs/servername.cert and ${SSLTOP}/private/servername.key match:
# checkcert servername