We have an SSL Certificate for our website from Network Solutions. After upgrading Apache/OpenSSL to version 2.4.9, I now get the following warning when starting HTTPD:
AH02559: The SSLCertificateChainFile directive (/etc/httpd/conf.d/ssl.conf:105) is deprecated, SSLCertificateFile should be used instead
According to the Apache manual for mod_ssl this is indeed the case:
SSLCertificateChainFile is deprecated
SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.
Looking up the documentation for SSLCertificateFile, it looked like I just needed to replace my call to SSLCertificateChainFile with SSLCertificateFile.
This change turned my ssl.conf from this:
SSLCertificateFile /etc/ssl/STAR.EXAMPLE.COM.crt
SSLCertificateKeyFile /etc/ssl/server.key
SSLCertificateChainFile /etc/ssl/Apache_Plesk_Install.txt
to this:
SSLCertificateFile /etc/ssl/STAR.EXAMPLE.COM.crt
SSLCertificateFile /etc/ssl/Apache_Plesk_Install.txt
SSLCertificateKeyFile /etc/ssl/server.key
… but this doesn't work. Apache simply refuses to start without any error message.
I'm not sure what else to try here, as I'm not that familiar with mod_ssl or SSL certificates in general. I do remember we needed to add the Apache_Plesk_Install.txt file for Internet Explorer to not have an SSL warning on our site, but other than this I have no clue.
Any help would be greatly appreciated. Thanks.
Best Answer
I had the same issue. I just replaced these lines in
/etc/apache2/site-enabled/default-ssl.confAs you see, I just commented out the
SSLCertificateChainFile. Then, seeing the same error as you, I concatenated the content of mychain.crtat the end of thedomain.crt, like so:And it worked like a charm.