LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-26-2011, 12:39 PM   #1
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Rep: Reputation: 15
Unhappy Apache quits. Certificate expired? No!


I have apache 2.2.3. It's been running for a couple of years on Scientific Linux, currently 5.5. Yesterday it stopped running. The error message says
Certificate not verified: 'Server-Cert'
SSL Library Error: -8181 Certificate has expired
Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.

I followed that suggestion, and it started up OK. Now I want to figure out why it happened.

The obvious thing to check is the expiration date of the server certificate. It's a proper one purchased from comodo.com, and it has more than a year of life. I don't know where else to look.

When I started to dig into things I got very confused. Both mod_nss and mod_ssl are installed. They do almost the same thing. Could that cause problems? Why would it go bad suddenly when I haven't changed anything recently?
 
Old 05-26-2011, 01:55 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by bluethumb
The obvious thing to check is the expiration date of the server certificate. It's a proper one purchased from comodo.com, and it has more than a year of life. I don't know where else to look.
Right. Have you triple checked that valid date?

Code:
# openssl x509 -text -in server.crt

Quote:
Originally Posted by bluethumb
When I started to dig into things I got very confused. Both mod_nss and mod_ssl are installed. They do almost the same thing. Could that cause problems? Why would it go bad suddenly when I haven't changed anything recently?
Are you using both modules for your TLS needs? (If so, please explain why that is.)
 
Old 05-26-2011, 03:19 PM   #3
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Original Poster
Rep: Reputation: 15
I checked the certificate again. It's good to September 2012. The cert information displayed by a https web page agrees.

Why both ssl and nss? Until yesterday I had never heard of nss. I think it's there because it was installed as part of the standard set of packages. I don't know what would break if I removed it. Also I don't know if it's causing a problem. As I said, I haven't messed with these things for months.
 
Old 05-30-2011, 01:09 PM   #4
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Original Poster
Rep: Reputation: 15
After thinking about it for a while, I was able to determine that the error messages were coming from mod_nss. It's the only thing that uses the string "Server-Cert". Some digging then showed that nothing seems to use mod_nss. Then I found the command "certutil -d /etc/httpd/alias -L -n Server-Cert", which showed that the dummy certificate used by mod_nss expired on May 24. That settled this issue for me, so I removed mod_nss.
 
Old 12-20-2011, 09:54 PM   #5
cumthsc
LQ Newbie
 
Registered: Dec 2011
Posts: 1

Rep: Reputation: Disabled
If this is Red Hat 5 or a clone, the issue is that the mod_nss rpm creates the necessary certificates and they are set to expire at some point. To fix, remove and reinstall the mod_nss rpm.
 
Old 05-21-2012, 04:31 AM   #6
SarahGurung
Member
 
Registered: Jul 2011
Posts: 310

Rep: Reputation: Disabled
ya it's centos...but is it not ok even if the nss is not there?or do i needto install it again?
 
  


Reply

Tags
apache, certificate, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
yum expired certificate? jnojr Red Hat 3 01-05-2010 02:30 AM
LXer: Expired Microsoft rights management certificate locks out Office 2003 users LXer Syndicated Linux News 0 12-15-2009 08:00 PM
apache 2.0.52 : timeout specified has expired jeanpba Linux - Networking 1 02-15-2005 05:18 PM
https SSL Certificate Expired lothario Linux - Security 1 01-19-2005 09:42 PM
can't update up2date after expired certificate LeechBot Red Hat 28 05-15-2004 11:35 AM


All times are GMT -5. The time now is 11:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration