SSL Library Error: -8181 Certificate has expired

apache-2.2centos5ssl

After a yum update, there is an error when starting apache, in /var/log/httpd/error_log:

[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[error] SSL Library Error: -8181 Certificate has expired
[error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.

Now I temporary put NSSEnforceValidCerts off in nss.conf to have the site running. How can I fix the error?

Best Answer

Seems that a certificate was created when mod_nss was installed.

This certificate has expired, preventing the restarting of httpd (Apache).

Do you really use mod_nss ?

If you aren't using mod_nss then your best bet is to simply uninstall the package.

However you have some alternatives :

Remove nss.conf from /etc/httpd/conf.d (this will cause mod_nss to not be loaded).
Uninstall/re-install your nss rpm modules. On re-installation a new certificate will be generated and your problem will go away for a few more years :
```
rpm -e mod_nss
rm /etc/httpd/alias/*
yum install mod_nss
service httpd restart
```

Related Solutions

Ssl – How to troubleshoot this SSL certificate error

I think that you need to restart IIS to reload the certificate keystore.

You can also check the remote certificate with:

openssl s_client -connect SMTPserver:port|openssl x509 -text

You can find openssl at http://www.openssl.org/related/binaries.html

Centos – suexec error configuring mod_fastcgi with apache2.2.3 on centos

It's to do with the order of the directives. In conf/http.conf it includes conf.d/* before it specifies User and Group directives.

Try putting mod_fastcgi.conf in conf/ and at the end of httpd.conf append

Include conf/mod_fastcgi.conf

Best Answer

Related Solutions

Ssl – How to troubleshoot this SSL certificate error

Centos – suexec error configuring mod_fastcgi with apache2.2.3 on centos

Related Topic