Apache Not Loading Pages

249 views
Skip to first unread message

Brandon Wright

unread,
Jun 17, 2016, 4:05:30 PM6/17/16
to security-onion
Hello,

I have a fresh Ubuntu install and proceeded to install Security Onion. However, when I attempt to open Elsa for instanc, I get a connection refused message. All ports from sostat show success. I attempted to restart Apache and was given the following:

administrator@Snort-Saint-Appliance:~$ sudo service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/securityonion.conf:
SSLCertificateFile: file '/etc/ssl/certs/ssl-cert-snakeoil.pem' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.


Thoughts?

Wes

unread,
Jun 17, 2016, 4:08:17 PM6/17/16
to security-onion

Brandon,

Does the file exist (/etc/ssl/private/ssl-cert-snakeoil.key)?

Have you tried rebooting?

Thanks,
Wes

Wes

unread,
Jun 17, 2016, 5:59:59 PM6/17/16
to security-onion

***Should be:

Does the file exist (/etc/ssl/certs/ssl-cert-snakeoil.pem)?

That's what I get for copying and pasting without performing my due diligence. :)

Thanks,
Wes

Message has been deleted

Brandon Wright

unread,
Jun 20, 2016, 7:45:42 AM6/20/16
to security-onion
Thanks for the reply Wes. I looked through the folder and don't see any files in the private folder. In fact, my user account didn't even have permissions to the folder (to be honest I didn't try accessing the folder with root, I just changed folder permissions).

EDIT: Just noticed the second post saying it should be in the certs folder. I checked there and don't see the file either.

Wes

unread,
Jun 20, 2016, 8:48:03 AM6/20/16
to security-onion

Brandon,

You could try regenerating the cert (in /etc/ssl/certs/) and referencing it in /etc/apache2/sites-available/securityonion.conf (in place of the snakeoil cert/key)

Ex:

# Create new cert

sudo openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/mynewcert.key -out /etc/ssl/certs/mynewcert.crt

#Reference the new cert in /etc/apache2/sites-available/securityonion.conf:

SSLCertificateFile /etc/ssl/certs/mynewcert.crt
SSLCertificateKeyFile /etc/ssl/private/mynewcert.key

#Then, restart Apache
sudo service apache2 restart

/etc/apache2/sites-available should be symlinked to /etc/apache2/sites-enabled.

Thanks,
Wes

Brandon Wright

unread,
Jun 20, 2016, 9:12:35 AM6/20/16
to security-onion

That certainly did it Wes. Thank you so much for the clear direction!

Валентин Ким

unread,
Jun 23, 2016, 6:15:44 PM6/23/16
to security-onion
суббота, 18 июня 2016 г., 2:05:30 UTC+6 пользователь Brandon Wright написал:
суббота, 18 июня 2016 г., 2:05:30 UTC+6 пользователь Brandon Wright написал:
Hey

You need to check if your SSL cert file exists at the path specified at the config file: /etc/ssl/certs/ssl-cert-snakeoil.pem
You also need to check if Apache have read permissions on that file too.

If you didn't have such a file you need to create a new SSL certificate or use an existing one.
Reply all
Reply to author
Forward
0 new messages