We help IT Professionals succeed at work.

ssl problem Invalid command 'nokeepalive'

trying to install SSL certificate, but apache is failing to start with error:
Starting httpd: Syntax error on line 34 of /etc/httpd/conf.d/ssl.include:
Invalid command 'nokeepalive', perhaps misspelled or defined by a module not included in the server configuration

ssl.conf seems to contain same three lines, but it does not complain when parsing that file - line 218
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \                      
         downgrade-1.0 force-response-1.0

it does however complain when parsing the same lines in ssl.include for the VirtualHost
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

any idea why this is hapening?
LoadModule ssl_module modules/mod_ssl.so is definately enabled

Linux frya 2.6.18-194.3.1.el5 #1 SMP Thu May 13 13:08:30 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux


Installed Packages
Name       : mod_ssl
Arch       : x86_64
Epoch      : 1
Version    : 2.2.3
Release    : 43.el5.centos
Size       : 179 k
Repo       : installed
Summary    : SSL/TLS module for the Apache HTTP server
URL        : http://httpd.apache.org/
License    : Apache Software License
Description: The mod_ssl module provides strong cryptography for the Apache Web
           : server via the Secure Sockets Layer (SSL) and Transport Layer
           : Security (TLS) protocols.

ServerName www.domain.com
ServerAlias www.domain.com domainr.com
DocumentRoot /usr2/www/domain/             
DirectoryIndex index.php index.html index.htm

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log

SSLEngine on


#SSLCertificateFile /usr/local/apache2/conf/ssl.crt/domain.com.crt
SSLCertificateFile /etc/pki/tls/certs/domain.com.crt

#SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/domain.key 
SSLCertificateKeyFile /etc/pki/tls/private/www.domain.com.key

#SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/gd_bundle.crt
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars     
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars

SetEnvIf User-Agent ".*MSIE.*" \          
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

SetEnvIf Request_URI "profit.cgi" profit
SetEnvIf Request_URI "disp.cgi" profit
CustomLog /usr2/www/domain/logs/webaccess combined env=!profit


Open in new window

Watch Question

Top Expert 2005
In the attached ssl.include for the VirtualHost there are spaces after ending backslash - there cannot be any character after end of line backslash.

Well, looking at things with a 'simple' mind (someone who is not a big expert in exactly this area ;-)) :

So, logically, there is no problem with the file ssl.conf but with ssl.include, so we should look at the file
ssl.include here.

Did you create that file?

As I said, no big experience with that myself, but ssl.include seems not very common for me
ssl.conf yes ... and any *.conf files are usually included by the httpd.conf file anyway, but *.include files ???
Maybe it has to be included there first.


wow thanks for this - I would have never thought of that

I copied the stuff from another file and I am not sure how the spaces ended up there, but it works fine after removing the spaces