asked on

ssl problem Invalid command 'nokeepalive'

trying to install SSL certificate, but apache is failing to start with error:
Starting httpd: Syntax error on line 34 of /etc/httpd/conf.d/ssl.include:
Invalid command 'nokeepalive', perhaps misspelled or defined by a module not included in the server configuration
[FAILED]

ssl.conf seems to contain same three lines, but it does not complain when parsing that file - line 218
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

it does however complain when parsing the same lines in ssl.include for the VirtualHost
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

any idea why this is hapening?
LoadModule ssl_module modules/mod_ssl.so is definately enabled

Linux frya 2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:08:30 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

Apache/2.2.3

Installed Packages
Name : mod_ssl
Arch : x86_64
Epoch : 1
Version : 2.2.3
Release : 43.el5.centos
Size : 179 k
Repo : installed
Summary : SSL/TLS module for the Apache HTTP server
URL : http://httpd.apache.org/
License : Apache Software License
Description: The mod_ssl module provides strong cryptography for the Apache Web
: server via the Secure Sockets Layer (SSL) and Transport Layer
: Security (TLS) protocols.

<VirtualHost 10.30.0.118:443>

ServerName www.domain.com
ServerAlias www.domain.com domainr.com
DocumentRoot /usr2/www/domain/             
DirectoryIndex index.php index.html index.htm

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

SSLEngine on

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCipherSuite ALL:!ADH:!EXPORT56:3DES:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP    

#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/domain.com.crt
SSLCertificateFile /etc/pki/tls/certs/domain.com.crt

#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/domain.key 
SSLCertificateKeyFile /etc/pki/tls/private/www.domain.com.key

#SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/gd_bundle.crt
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars     
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \          
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

SetEnvIf Request_URI "profit.cgi" profit
SetEnvIf Request_URI "disp.cgi" profit
CustomLog /usr2/www/domain/logs/webaccess combined env=!profit

</VirtualHost>

Open in new window

ASKER CERTIFIED SOLUTION

ravenpl

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

xberry

Well, looking at things with a 'simple' mind (someone who is not a big expert in exactly this area ;-)) :

So, logically, there is no problem with the file ssl.conf but with ssl.include, so we should look at the file
ssl.include here.

Did you create that file?

As I said, no big experience with that myself, but ssl.include seems not very common for me
ssl.conf yes ... and any *.conf files are usually included by the httpd.conf file anyway, but *.include files ???
Maybe it has to be included there first.

gddl630

ASKER

wow thanks for this - I would have never thought of that

I copied the stuff from another file and I am not sure how the spaces ended up there, but it works fine after removing the spaces