gddl630
asked on
ssl problem Invalid command 'nokeepalive'
trying to install SSL certificate, but apache is failing to start with error:
Starting httpd: Syntax error on line 34 of /etc/httpd/conf.d/ssl.incl ude:
Invalid command 'nokeepalive', perhaps misspelled or defined by a module not included in the server configuration
[FAILED]
ssl.conf seems to contain same three lines, but it does not complain when parsing that file - line 218
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
it does however complain when parsing the same lines in ssl.include for the VirtualHost
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
any idea why this is hapening?
LoadModule ssl_module modules/mod_ssl.so is definately enabled
Linux frya 2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:08:30 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
Apache/2.2.3
Installed Packages
Name : mod_ssl
Arch : x86_64
Epoch : 1
Version : 2.2.3
Release : 43.el5.centos
Size : 179 k
Repo : installed
Summary : SSL/TLS module for the Apache HTTP server
URL : http://httpd.apache.org/
License : Apache Software License
Description: The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.
Starting httpd: Syntax error on line 34 of /etc/httpd/conf.d/ssl.incl
Invalid command 'nokeepalive', perhaps misspelled or defined by a module not included in the server configuration
[FAILED]
ssl.conf seems to contain same three lines, but it does not complain when parsing that file - line 218
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
it does however complain when parsing the same lines in ssl.include for the VirtualHost
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
any idea why this is hapening?
LoadModule ssl_module modules/mod_ssl.so is definately enabled
Linux frya 2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:08:30 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
Apache/2.2.3
Installed Packages
Name : mod_ssl
Arch : x86_64
Epoch : 1
Version : 2.2.3
Release : 43.el5.centos
Size : 179 k
Repo : installed
Summary : SSL/TLS module for the Apache HTTP server
URL : http://httpd.apache.org/
License : Apache Software License
Description: The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.
<VirtualHost 10.30.0.118:443>
ServerName www.domain.com
ServerAlias www.domain.com domainr.com
DocumentRoot /usr2/www/domain/
DirectoryIndex index.php index.html index.htm
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCipherSuite ALL:!ADH:!EXPORT56:3DES:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/domain.com.crt
SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/domain.key
SSLCertificateKeyFile /etc/pki/tls/private/www.domain.com.key
#SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/gd_bundle.crt
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
SetEnvIf Request_URI "profit.cgi" profit
SetEnvIf Request_URI "disp.cgi" profit
CustomLog /usr2/www/domain/logs/webaccess combined env=!profit
</VirtualHost>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
wow thanks for this - I would have never thought of that
I copied the stuff from another file and I am not sure how the spaces ended up there, but it works fine after removing the spaces
I copied the stuff from another file and I am not sure how the spaces ended up there, but it works fine after removing the spaces
So, logically, there is no problem with the file ssl.conf but with ssl.include, so we should look at the file
ssl.include here.
Did you create that file?
As I said, no big experience with that myself, but ssl.include seems not very common for me
ssl.conf yes ... and any *.conf files are usually included by the httpd.conf file anyway, but *.include files ???
Maybe it has to be included there first.