Apache will not start if ssl is enabled

Unanswered Question
Jan 29th, 2010


I recently upgraded from LMS 3.1 to LMS 3.2.  One of our end users pointed out that I forgot to enable https in the Common Services -> Server -> Security area.

I re-enabled https and now the 'Ciscoworks Web Server' will not start up.

If I disable https using ConfigSSL.pl from <NMS root>/MDC/Apache/bin then Ciscoworks comes up fine again.

The log file in <NMS root>/MDC/Apache/logs/error.log shows the message:

Failed to configure CA certificate chain!

I have deleted and regenerated the self-signed certificate several times and this pattern repeats.

I am running LMS on Windows Server 2003 R2.

Any suggestions would be appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Fri, 01/29/2010 - 14:52

Delete NMSROOT/MDC/Apache/conf/ssl/server.* and chain.ser.  Then run:

NMSROOT/bin/perl NMSROOT/MDC/Apache/ConfigSSL.pl -disable

NMSROOT/bin/perl NMSROOT/MDC/Apache/ConfigSSL.pl -enable

Fill out the cer values.  When done, check the permissions on NMSROOT/MDC/Apache/conf/ssl/server.* and chain.ser, and make sure casuser has full control.

lusbyr Fri, 01/29/2010 - 15:00


casusers has full permissions.  Do you want me to add casuser with full permission?


lusbyr Fri, 01/29/2010 - 15:46


To update you, I gave casuser full permission to the files and nothing is working yet.

Still get the same error: "Failed to configure CA certificate chain!" when I start up Ciscoworks.



lusbyr Fri, 01/29/2010 - 16:35


As requested, here are the files.

I was able to force Apache to start using the Service control panel.

However, when I spawned a browser the error message is:


You don't have permission to access /cwhp/LiaisonServlet on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Don't know what this means either.  Again, if I turn https off, everything comes up fine.



Joe Clarke Mon, 02/01/2010 - 12:02

Okay.  I tested your cert and key, and my Apache works fine.  We saw this once before, and the solution there was to reinstall LMS from scratch, then restore the previous backup.  The problem was due to a bad CS installation relating to OpenSSL.  Without remote access, I cannot offer more than that.  I can say that there is nothing wrong with your cert, though.

lusbyr Tue, 02/02/2010 - 00:08


Well, I was thinking I was going to have to do a complete reinstall.  Thanks for your help.



This Discussion