From owner-freebsd-apache@FreeBSD.ORG Wed Oct 7 23:33:41 2009 Return-Path: Delivered-To: apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EDD01106568B for ; Wed, 7 Oct 2009 23:33:41 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: from exhub015-2.exch015.msoutlookonline.net (exhub015-2.exch015.msoutlookonline.net [207.5.72.94]) by mx1.freebsd.org (Postfix) with ESMTP id DB1DC8FC23 for ; Wed, 7 Oct 2009 23:33:41 +0000 (UTC) Received: from philip.hq.rws (174.79.184.239) by smtpx15.msoutlookonline.net (207.5.72.103) with Microsoft SMTP Server (TLS) id 8.1.375.2; Wed, 7 Oct 2009 16:33:40 -0700 Message-ID: <4ACD2552.2030706@p6m7g8.com> Date: Wed, 7 Oct 2009 19:33:38 -0400 From: "Philip M. Gollucci" Organization: P6M&7G8 Inc. User-Agent: Thunderbird 2.0.0.22 (X11/20090709) MIME-Version: 1.0 To: David Southwell References: <200910071607.15617.david@vizion2000.net> In-Reply-To: <200910071607.15617.david@vizion2000.net> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit Cc: apache@freebsd.org Subject: Re: ssl onceonlyinit problem X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2009 23:33:42 -0000 David Southwell wrote: > Hi > > NOt used to this one. > > Can anyone tell me how to fix this error? > > [Wed Oct 07 16:03:17 2009] [warn] RSA server certificate is a CA certificate > (BasicConstraints: CA == TRUE !?) > [Wed Oct 07 16:03:18 2009] [warn] RSA server certificate is a CA certificate > (BasicConstraints: CA == TRUE !?) > /libexec/ld-elf.so.1: /usr/local/lib/php/20060613/imap.so: Undefined symbol > "ssl_onceonlyinit" This is actually a common one, but I forget what causes it off the top of my head. Some things to check, I'm sure google will know this one. 1) Do you have the following configs -- at the vhost level ? ### SSL (PCI-compliant) SSLEngine On # SSLProxyEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCACertificateFile %%CERTS%%/vs_intermediate_bundle.crt SSLCertificateChainFile %%CERTS%%/gd_intermediate_bundle.crt SSLCertificateFile %%CERTS%%/%%H%%.crt SSLCertificateKeyFile %%CERTS%%/%%H%%.key 2) httpd -l |grep ssl its there 3) you started the server with -DSSL if you used the 4) the key files exist, are readable, don't have ^Ms in them 5) you're using http 2.2.1[34] 6) The certificates are not expired -- ------------------------------------------------------------------------ 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 Consultant - P6M7G8 Inc. http://p6m7g8.net Senior Sys Admin - RideCharge, Inc. http://ridecharge.com ASF Member - Apache Software Foundation http://apache.org FreeBSD Committer - FreeBSD Foundation http://freebsd.org Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching.