Like every other admin, I"m working through the Logjam fix.
I've upgraded to Apache 2.4.12 and openssl 1.0.2a on my centos 6.6 box.
When I start apache, I'm seeing this error message returned:
Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
Here is my apache build info:
Server version: Apache/2.4.12 (Unix)
Server built: Jun 8 2015 22:04:38
Server's Module Magic Number: 20120211:41
Server loaded: APR 1.4.5, APR-UTIL 1.3.12
Compiled using: APR 1.4.5, APR-UTIL 1.3.12
Architecture: 64-bit
Server MPM: worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/opt/installs/apache/2_4_12"
-D SUEXEC_BIN="/opt/installs/apache/2_4_12/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
mod_ssl is included in my httpd.conf:
LoadModule ssl_module modules/mod_ssl.so
What am I missing?
Best Answer
The SSLOpenSSLConfCmd is only available on httpd 2.4.8 later.
However, you may still generate and use your own DH params on earlier versions, as explained well here:
Just use cat to append the dhparams.pem to your certificate file: