Results 1 to 3 of 3
I have apache 2.2.3. It's been running for a couple of years on Scientific Linux, currently 5.5. Yesterday it stopped running. The error message says Certificate not verified: 'Server-Cert' SSL ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-26-2011 #1
- Join Date
- May 2007
Apache quits. Certificate expired? No!
I have apache 2.2.3. It's been running for a couple of years on Scientific Linux, currently 5.5. Yesterday it stopped running. The error message says
Certificate not verified: 'Server-Cert'
SSL Library Error: -8181 Certificate has expired
Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
I followed that suggestion, and it started up OK. Now I want to figure out why it happened.
The obvious thing to check is the expiration date of the server certificate. It's a proper one purchased from comodo.com, and it has more than a year of life. I don't know where else to look.
When I started to dig into things I got very confused. Both mod_nss and mod_ssl are installed. They do almost the same thing. Could that cause problems? Why would it go bad suddenly when I haven't changed anything recently?
- 05-26-2011 #2
apache has at least 2 config test it can run:
above command lines may vary in your dist - hence check
usually the apache output if anything with system configuration wrong is self explaining and very detailed
additionally you also may find valuable feedback looking at the last lines of BOTH your access_log and your error_log from apache.
these apache logs may be found under
unless your dist has different location for them.
look at the last several lines of both logs to see if anything helpful there
- 05-30-2011 #3
- Join Date
- May 2007
After thinking about it for a while, I was able to determine that the error messages were coming from mod_nss. It's the only thing that uses the string "Server-Cert". Some digging then showed that nothing seems to use mod_nss. Then I found the command "certutil -d /etc/httpd/alias -L -n Server-Cert", which showed that the dummy certificate used by mod_nss expired on May 24. That settled this issue for me, so I removed mod_nss.