We help IT Professionals succeed at work.
Get Started

ssl problem Invalid command 'nokeepalive'

3,378 Views
Last Modified: 2013-12-16
trying to install SSL certificate, but apache is failing to start with error:
Starting httpd: Syntax error on line 34 of /etc/httpd/conf.d/ssl.include:
Invalid command 'nokeepalive', perhaps misspelled or defined by a module not included in the server configuration
[FAILED]


ssl.conf seems to contain same three lines, but it does not complain when parsing that file - line 218
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \                      
         downgrade-1.0 force-response-1.0

it does however complain when parsing the same lines in ssl.include for the VirtualHost
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

any idea why this is hapening?
LoadModule ssl_module modules/mod_ssl.so is definately enabled

Linux frya 2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:08:30 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

Apache/2.2.3

Installed Packages
Name       : mod_ssl
Arch       : x86_64
Epoch      : 1
Version    : 2.2.3
Release    : 43.el5.centos
Size       : 179 k
Repo       : installed
Summary    : SSL/TLS module for the Apache HTTP server
URL        : http://httpd.apache.org/
License    : Apache Software License
Description: The mod_ssl module provides strong cryptography for the Apache Web
           : server via the Secure Sockets Layer (SSL) and Transport Layer
           : Security (TLS) protocols.
<VirtualHost 10.30.0.118:443>

ServerName www.domain.com
ServerAlias www.domain.com domainr.com
DocumentRoot /usr2/www/domain/             
DirectoryIndex index.php index.html index.htm

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

SSLEngine on

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCipherSuite ALL:!ADH:!EXPORT56:3DES:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP    

#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/domain.com.crt
SSLCertificateFile /etc/pki/tls/certs/domain.com.crt

#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/domain.key 
SSLCertificateKeyFile /etc/pki/tls/private/www.domain.com.key

#SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/gd_bundle.crt
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars     
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \          
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

SetEnvIf Request_URI "profit.cgi" profit
SetEnvIf Request_URI "disp.cgi" profit
CustomLog /usr2/www/domain/logs/webaccess combined env=!profit

</VirtualHost>

Open in new window

Comment
Watch Question
Top Expert 2005
Commented:
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE