Ich habe den Apache-Webserver auf einer RHEL 7-Instanz eingerichtet
yum install mod_ssl openssl
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
In der Datei httpd.conf und den Dateien ssl.conf habe ich den virtuellen Host mit der Adresse 443 geändert, um Folgendes zu verwenden: SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Der httpd-Neustart funktioniert ohne Fehler
Wenn ich sie durch benutzerdefinierte Zertifikate ersetze, erhalte ich folgenden Fehler
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-03-08 19:36:43 UTC; 12s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 6763 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 6761 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 6761 (code=exited, status=1/FAILURE)
Mar 08 19:36:43 hostname systemd[1]: Starting The Apache HTTP Server...
Mar 08 19:36:43 hostname httpd[6761]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:36:43 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:36:43 hostname kill[6763]: kill: cannot find process ""
Mar 08 19:36:43 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:36:43 hostname systemd[1]: Failed to start The Apache HTTP Server.
Mar 08 19:36:43 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:36:43 hostname systemd[1]: httpd.service failed.
===============================================
=================================
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname polkitd[616]: Registered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 08 19:19:39 hostname systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname httpd[6687]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=AVC msg=audit(1583695179.383:732): avc: denied { read } for pid=6687 comm="httpd" name="hostname.cer" dev="nvme0n1p2" ino=539462 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SYSCALL msg=audit(1583695179.383:732): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd30429940 a1=80000 a2=0 a3=7ffd30428b60 items=0 ppid=1 pid=6687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=PROCTITLE msg=audit(1583695179.383:732): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
Mar 08 19:19:39 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:19:39 hostname kill[6689]: kill: cannot find process ""
Mar 08 19:19:39 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:19:39 hostname systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 08 19:19:39 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:19:39 hostname systemd[1]: httpd.service failed.
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SERVICE_START msg=audit(1583695179.413:733): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Mar 08 19:19:39 hostname polkitd[616]: Unregistered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 08 19:31:55 hostname adclient[1767]: INFO AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|[email protected] pid=1767 utc=1583695915114 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/[email protected]
lines 1869-1900/1900 (END)
Ich kann die Zertifikatsdetails nicht weitergeben, da sie urheberrechtlich geschützt sind. Bitte lassen Sie mich wissen, wonach ich sonst noch suchen soll. Danke, Nate
Antwort1
Musste den Eigentümer der Zertifikatsdatei in ec2-user:root ändern, damit der Prozess auf die Zertifikatsdatei zugreifen kann. Dadurch wurde das Problem behoben. Vielen Dank an Roaima.