Apache fails to configure CA certificate chain
The other day I configured Apache with internally signed SSL certificates. The certificates were stored in /etc/httpd/certs directory. The permissions and ownership on certificate files was correct as well. Everything seemed in order, however upon httpd start Apache logged the following error message:
[Mon May 03 17:54:329.964829 2021] [ssl:emerg] [pid 2619] AH01903: Failed to configure CA certificate chain!
Usually one of the first steps for me is to see if SELinux is interfering. So I temporarily turned it off:
[root@prdnb0048 ~]# setenforce 0
… and I restarted httpd. That worked, so most likely SELinux context on the certificate files needs to be fixed:
[root@prdnb0048 ~]# chcon -Rt cert_t /etc/httpd/certs/*
… The next startup of Apache was successful. The following command makes the new contexts survive filesystem relabel:
[root@prdnb0048 ~]# semanage fcontext -a -t cert_t '/etc/httpd/certs(/.*)?'