Dazed and confused about configuring Apache with SSL support.

Question

Hello everyone,

I've spent a few hours trying to configure my Apache server to use SSL with no public IP, just localhost. I've created the certificate OK, I think (it has been like a crash course on black magic for me), and when I try tro access https://localhost, the browser says "Connected to localhost..." on the status line but just keeps loading forever. Here's a snippet from error_log:

[Fri Mar 27 22:03:39 2009] [info] Loading certificate & private key of SSL-aware server
[Fri Mar 27 22:03:39 2009] [info] Configuring server for SSL protocol
[Fri Mar 27 22:03:39 2009] [info] Loading certificate & private key of SSL-aware server
[Fri Mar 27 22:03:40 2009] [info] Configuring server for SSL protocol

everything seems to be OK there, but, meanwhile, at ssl_engine_log...

[Fri Mar 27 22:03:39 2009] [info] Init: Initializing OpenSSL library
[Fri Mar 27 22:03:39 2009] [info] Init: Seeding PRNG with 136 bytes of entropy
[Fri Mar 27 22:03:39 2009] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Mar 27 22:03:39 2009] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Mar 27 22:03:39 2009] [info] Init: Initializing (virtual) servers for SSL
[Fri Mar 27 22:03:39 2009] [info] mod_ssl/2.0.61 compiled against Server: Apache/2.0.61, Library: OpenSSL/0.9.7i
[Fri Mar 27 22:03:39 2009] [warn] module php5_module is already loaded, skipping
[Fri Mar 27 22:03:39 2009] [info] Init: Initializing OpenSSL library
[Fri Mar 27 22:03:39 2009] [info] Init: Seeding PRNG with 136 bytes of entropy[Fri Mar 27 22:03:39 2009] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Mar 27 22:03:40 2009] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Mar 27 22:03:40 2009] [info] Init: Initializing (virtual) servers for SSL
[Fri Mar 27 22:03:40 2009] [info] mod_ssl/2.0.61 compiled against Server: Apache/2.0.61, Library: OpenSSL/0.9.7i
[Fri Mar 27 22:03:40 2009] [notice] Digest: generating secret for digest authentication ...
[Fri Mar 27 22:03:40 2009] [notice] Digest: done
[Fri Mar 27 22:03:40 2009] [notice] Apache/2.0.61 (Unix) mod_ssl/2.0.61 OpenSSL/0.9.7l DAV/2 PHP/5.2.5 configured -- resuming normal operations
[Fri Mar 27 22:03:40 2009] [info] Server built: Jan 17 2008 17:33:42
[Fri Mar 27 22:03:40 2009] [emerg] (13)Permission denied: apr_proc_mutex_lock failed. Attempting to shutdown process gracefully.
[Fri Mar 27 22:03:40 2009] [emerg] (13)Permission denied: apr_proc_mutex_lock failed. Attempting to shutdown process gracefully.

...many more like these last two lines, until I finally stop the server...

[Fri Mar 27 22:03:43 2009] [info] removed PID file /usr/local/apache2/logs/httpd.pid (pid=8786)
[Fri Mar 27 22:03:43 2009] [notice] caught SIGTERM, shutting down

some googling about this permission denied and the apr_proc_mutex_lock failing hasn't yielded anything useful. Only some results relating to MPM and perchild option, but as they were old (years 2002 and 2003) and I don't really can draw any conclusions after reading them, I'm asking you if there is a way to overcome this problem. Well, first: what is actually the problem? Is there any kind of incompatibility between modules? Do I have to recompile something (please, Lord, not again, no)?

Thanks in advance.

Answer 1

Just be thankful you aren't using apache 1.3--it was way harder to get SSL running on that!

mod_ssl needs write permission on a couple files for it to work. Take a look at this setting and make sure apache has write access to the directory that file is in. For example, if says (for example):

SSLMutex file:/var/run/apache/ssl.mutex

You need to verify apache can write to /var/run/apache.

Almost all of these kinds of errors are usually some kind of permission error on the filesystem.