使用自定义证书为SSL设置Apache Web服务器时无法启动

debugcn 发表于 Dev

内特

我已经在RHEL 7实例上设置了Apache Web服务器

yum install mod_ssl openssl
openssl genrsa -out ca.key 2048 
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

在httpd.conf文件和ssl.conf文件中，我将指向443的虚拟主机更改为使用以下SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key

httpd重新启动可以正常工作

当我用自定义证书替换它们时，出现以下错误

httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2020-03-08 19:36:43 UTC; 12s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 6763 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 6761 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 6761 (code=exited, status=1/FAILURE)

Mar 08 19:36:43 hostname systemd[1]: Starting The Apache HTTP Server...
Mar 08 19:36:43 hostname httpd[6761]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:36:43 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:36:43 hostname kill[6763]: kill: cannot find process ""
Mar 08 19:36:43 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:36:43 hostname systemd[1]: Failed to start The Apache HTTP Server.
Mar 08 19:36:43 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:36:43 hostname systemd[1]: httpd.service failed.
===============================================
=================================
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname polkitd[616]: Registered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 08 19:19:39 hostname systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname httpd[6687]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=AVC msg=audit(1583695179.383:732): avc:  denied  { read } for  pid=6687 comm="httpd" name="hostname.cer" dev="nvme0n1p2" ino=539462 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SYSCALL msg=audit(1583695179.383:732): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd30429940 a1=80000 a2=0 a3=7ffd30428b60 items=0 ppid=1 pid=6687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=PROCTITLE msg=audit(1583695179.383:732): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
Mar 08 19:19:39 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:19:39 hostname kill[6689]: kill: cannot find process ""
Mar 08 19:19:39 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:19:39 hostname systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 08 19:19:39 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:19:39 hostname systemd[1]: httpd.service failed.
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SERVICE_START msg=audit(1583695179.413:733): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Mar 08 19:19:39 hostname polkitd[616]: Unregistered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 08 19:31:55 hostname adclient[1767]: INFO  AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|[email protected] pid=1767 utc=1583695915114 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/[email protected]
lines 1869-1900/1900 (END)

由于证书的专有性，我无法共享证书的详细信息，请让我知道还要寻找什么？谢谢内特

内特

必须将证书文件的所有权更改为ec2-user：root，以获取访问证书文件的过程。这解决了问题。非常感谢Roaima。

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。