SLES 10 SP4 - Apache won't startup

I just build a fresh new server to be a webserver.

when I try to start apache I get this message:

[CODE] # rcapache2 start
Starting httpd2 (prefork) Syntax error on line 72 of /etc/apache2/vhosts.d/vhost-ssl.conf:
SSLCertificateFile: file ‘/etc/ssl/servercerts/servercert.pem’ does not exist or is empty

The command line was:
/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -DSSL

                                                                  failed

#[/CODE]

I went to see in /etc/ssl/ their is no servercerts folder but their is a certs folder in witch I see no file called servercert.pem

Then I tried to modify /etc/apache2/vhosts.d/vhost-ssl.conf on line 72 and 80 with different pem files but I haven’t had any luck yet!

What should I do to make this work?


Bouzzi :confused:

Hi Bouzzi,

depending on your current needs & environment, you need to create proper certificate/key files and point your https server configuration to these files.

As you say this is a fresh new server - is there a specific reason you chose SLES10SP4 rather than the current SLES11SP2?

Regards,
Jens

Hi Bouzzi,

To recreate the “Common Server Certificates” you could open YaST2 > Security & Users > Common Server Certificate - click on that and click on Finish. That should create your server certs in all the right places for Apache to use, if your CA is in place correctly. Note that these would be self-signed certificates and you will get a certificate warning message when going to an SSL enabled website on this box.

But, as Jens asks above… why SLES10 and not the current SLES11SP2?

Cheers,

But, as Jens asks above… why SLES10 and not the current SLES11SP2?

Perhaps he has a license for 10 but not 11.

Hi GofBorg,

But, as Jens asks above… why SLES10 and not the current SLES11SP2?
Perhaps he has a license for 10 but not 11.

how’s that? As far as I know, if you have a subscription (that’s what you pay for when you buy SLES, plus optionally support) then it’s not restricted to a specific version. If you have no subscription, you won’t receive updates… but then still (unpatched) SLES11SP2 would be much newer than (formerly patched) SLES10SP4…

Regards,
Jens

how’s that? As far as I know, if you have a subscription (that’s what[color=blue]
you pay for when you buy SLES, plus optionally support) then it’s not
restricted to a specific version. If you have no subscription, you won’t
receive updates… but then still (unpatched) SLES11SP2 would be much
newer than (formerly patched) SLES10SP4…[/color]

Maybe he had a subscription during version 10, but it’s expired so
all he has is SLES10. There is a license management utility that you
have to register with and it will tell you which versions you are licensed
for. So it is possible to use an older version but not possible to update
and still have access to the newer version repos. At least that’s the way it
was the last time I used it.

Hi GofBorg,

Maybe he had a subscription during version 10, but it’s expired so
all he has is SLES10.

SLES subscriptions usually are not version-specific. I have multiple subscriptions running from SLES10 times which show as “SLES10” in NCC, but are perfectly eligible to run SLES11 servers, too. If in question, you should contact your SuSE/Novell sales representative to discuss this subject. (I’m not from Novell/SuSE, but had that discussion with SuSE folks - your specific case might be different, but it’d surprise me.)

Thus in all cases I know of, your statement that “it is possible to use an older version but not possible to update and still have access to the newer version repos” would be considered wrong.

Even if you have no subscription, you could download the SLES11 images from SuSE to set up your server, but won’t receive updates. That code’d still be newer than SLES10SP4.

Regards,
Jens

Thus in all cases I know of, your statement that “it is possible to use[color=blue]
an older version but not possible to update and still have access to the
newer version repos” would be considered wrong.[/color]

You are correct, what I meant to say was that he had access to SLES10 with
the updates, perhaps a local repo, but would not have access to SLES 11 if
he were to install it.