Find the answer to your Linux question:
Results 1 to 3 of 3
I have apache 2.2.3. It's been running for a couple of years on Scientific Linux, currently 5.5. Yesterday it stopped running. The error message says Certificate not verified: 'Server-Cert' SSL ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2007
    Posts
    8

    Unhappy Apache quits. Certificate expired? No!


    I have apache 2.2.3. It's been running for a couple of years on Scientific Linux, currently 5.5. Yesterday it stopped running. The error message says
    Certificate not verified: 'Server-Cert'
    SSL Library Error: -8181 Certificate has expired
    Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.

    I followed that suggestion, and it started up OK. Now I want to figure out why it happened.

    The obvious thing to check is the expiration date of the server certificate. It's a proper one purchased from comodo.com, and it has more than a year of life. I don't know where else to look.

    When I started to dig into things I got very confused. Both mod_nss and mod_ssl are installed. They do almost the same thing. Could that cause problems? Why would it go bad suddenly when I haven't changed anything recently?

  2. #2
    Linux Newbie hans51's Avatar
    Join Date
    May 2011
    Posts
    136
    apache has at least 2 config test it can run:

    rcapache2 configtest
    rcapache2 extreme-configtest

    above command lines may vary in your dist - hence check
    usually the apache output if anything with system configuration wrong is self explaining and very detailed

    additionally you also may find valuable feedback looking at the last lines of BOTH your access_log and your error_log from apache.

    these apache logs may be found under
    /var/log/apache2/
    unless your dist has different location for them.

    look at the last several lines of both logs to see if anything helpful there

  3. #3
    Just Joined!
    Join Date
    May 2007
    Posts
    8

    Removed mod_nss

    After thinking about it for a while, I was able to determine that the error messages were coming from mod_nss. It's the only thing that uses the string "Server-Cert". Some digging then showed that nothing seems to use mod_nss. Then I found the command "certutil -d /etc/httpd/alias -L -n Server-Cert", which showed that the dummy certificate used by mod_nss expired on May 24. That settled this issue for me, so I removed mod_nss.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •