Message details

allocate error

Memory allocation necessary for SSL processing failed.

Error level: error

(S) Cannot connect via SSL.

(O) Check system resource usage.

[client client-address] [port client-port-number] allocate error

Memory allocation necessary for SSL processing failed.

Error level: error

(S) Cannot connect via SSL.

(O) Check system resource usage.

Attempt to reinitialise SSL for server host-name

An attempt was made to re-initialize the host setting.

Error level: crit

(S) Does not start the Web server.

(O) Check the SSL settings in the virtual host. (At least one SSL-related directive must be set.)

Bad password for the private key

No correct password could be read from the password file specified in the SSLCertificateKeyPassword directive.

Error level: crit

(S) Does not start the Web server.

(O) Set the correct password in the password file.

Can't open certificate file Web-server-certificate-file

No certificate can be read.

Error level: crit

(S) Does not start the Web server.

(O) Check the value set in the SSLCertificateFile directive.

Could not get lastUpdate field in CRL: file-name

The CRL issuance date could not be obtained.

Error level: crit

(S) Does not start the Web server.

(O) Check to see whether the CRL was created or downloaded correctly.

Could not load the certificate file.

The server certificate file failed to load.

Error level: crit

(S) Does not start the Web server.

(O) Check the value set in the SSLCertificateFile directive.

Could not read the private key file.

The server private key file could not be read.

Error level: None

(S) Stops the processing.

(O) Check the value set in the SSLCertificateKeyFile directive.

Could not set up a new lock.

Initialization of lock processing failed.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

CRL expired, but CRL check passed: issuer=issuer-name, serial=serial-number

Because the SSLCRLAuthoritative directive was set to Off, client access was permitted, even though the next CRL issuance date was passed and the CRL contained no serial number information for the client certificate.

Error level: warn

(S) Continues processing.

(O) Update the CRL.

CRL expired, but serial number was found in CRL: issuer=issuer-name, serial=serial-number

Because the CRL contained serial number information for the client certificate, an SSL handshake failed even though the next CRL issuance date was passed.

Error level: error

(S) Denies access due to the SSL handshake failure.

(O) Update the CRL.

CRL expired: issuer=issuer-name

An SSL handshake failed because the next CRL issuance date was passed.

Error level: error

(S) Denies access due to the SSL handshake failure.

(O) Update the CRL.

CRL expired: file-name

A CRL for which the next issuance date had been passed was read.

Error level: warn

(S) Continues processing. When authenticating a client, the system performs processing according to the value set in the SSLCRLAuthoritative directive.

(O) Obtain a new CRL.

CRL is a duplicate: file-name will not be used in server host-name:port-number

Two or more CRLs that were issued by a single CA (so had the same subject) were read. The displayed CRLs will not be used.

Error level: warn

(S) Continues processing.

(O) If two or more CRLs with the same subject are issued, store only one of them in the directory.

CRL is not a valid type: file-name

An unexpected file was read from the directory specified in the SSLCRLDERPath or SSLCRLPEMPath directive.

Error level: crit

(S) Does not start the Web server.

(O) A non-CRL file cannot be stored in the directory. Check the CRL file format. If necessary, convert the file format and store the file in the appropriate directory.

CRL is not valid: issuer=issuer-name

Invalid CRL.

Error level: error

(S) Denies access due to the SSL handshake failure.

(O) Check to see whether the CRL is created correctly.

CRL is not yet valid: issuer=issuer-name

Authentication of the client certificate failed because the CRL issuance date was earlier than the current time.

Error level: error

(S) Denies access due to the SSL handshake failure.

(O) Check the time settings of the system.

CRL is not yet valid: file-name

The time set in the CRL issuance date is later than the current time.

Error level: warn

(S) Continues processing.

(O) Check the system time settings.

CRL verify error: issuer=issuer-name

Verification of the CRL signature failed.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check whether the correct CRL has been read.

data set error

SSL initialization failed.

Error level: error

(S) Cannot connect via SSL.

(O) Check system resource usage.

[client client-address] [port client-port-number] data set error

SSL initialization failed.

Error level: error

(S) Cannot connect via SSL.

(O) Check system resource usage.

Depth of certificate chain (CA-certificate-depth) exceeded SSLExportCertChainDepth limit: subject=(CA-certificate-subject)

Certificate verification succeeded, but setting and storing of the environment variable with the value set in the SSLExportCertChainDepth directive was canceled because the value set in the directive was 1 or higher and a certificate chain exceeding the set value was sent from the client.
This error message is output for each CA certificate exceeding the set value.

Example: If a certificate chain (exceeding a client certificate) has three levels and the value set in the SSLExportCertChainDepth directive is 1, the above error message will be output twice.

Error level: warn

(S) Continues processing.

Error reading server certificate file file-name

No certificate can be read.

Error level: crit

(S) Does not start the Web server.

(O) Check to see whether the certificate format is correct.

error setting verify locations

The path name specified in the SSLCACertificateFile or SSLCACertificatePath directive cannot be set.

Error level: crit

(S) Does not start the Web server.

(O) Check the setting of the SSLCACertificateFile or SSLCACertificatePath directive.

Failed to stack CRL in ReadCRL()

Failed to store data.

Error level: crit

(S) Does not start the Web server.

(O) Restart the Web server.

Malloc error in GetCertificateAndKey()

Memory allocation failed.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Malloc error in GetPrivateKey()

Memory allocation failed.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Malloc error in SetupLock()

Memory allocation failed.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

malloc failed in CRLCheck()

Memory allocation necessary for processing failed.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check the amount of memory used by the system.

malloc failed in GetCRL()

Memory allocation necessary for processing failed.

Error level: crit

(S) Does not start the Web server.

(O) Check the amount of memory used by the system.

malloc failed in ReadCRL()

Memory allocation necessary for processing failed.

Error level: crit

(S) Does not start the Web server.

(O) Check the amount of memory used by the system.

No client certificate

No client certificate was sent.

Error level: error

(S) Stops the SSL request processing.

[client client-address] [port client-port-number] No client certificate

No client certificate was sent.

Error level: error

(S) Stops the SSL request processing.

No SSL Certificate set for server host-name:port

No Web server certificate is set.

Error level: crit

(S) Does not start the Web server.

(O) Set the SSLCertificateFile directive.

Required SSLCacheServerPath missing. gcache will not be started.

No gcache server can be started, because no SSLCacheServerPath directive is specified.

Error level: error

(S) Does not start a gcache server.

(O) To use the session management functionality, specify a SSLCacheServerPath directive.

Required SSLCacheServerPort missing. gcache will not be started.

The gcache server cannot be started because no SSLCacheServerPort directive is specified.

Error level: error

(S) Does not start the gcache server.

(O) To use the session management functionality, specify an SSLCacheServerPort directive.

Required SSLCertificateKeyPassword missing.

No SSLCertificateKeyPassword directive is set.

Error level: crit

(S) Does not start the Web server.

(O) Set the SSLCertificateKeyPassword directive.

Serial number was found in CRL: issuer=issuer-name, serial=serial-number

An SSL handshake failed because the CRL contained serial number information for a client certificate.

Error level: error

(S) Denies access due to the SSL handshake failure.

Set error in GetCertificateAndKey()

SSL initialization failed.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

SSLExportCertChainDepth is outside the appropriate range

The SSLExportCertChainDepth directive has an invalid value that is not allowed to be specified.

Error level: None

(S) Does not start the Web server.

(O) Check the value specified in the directive.

[client client-address] details: SSL handshake interrupted by system: client port port-number

SSL handshake processing did not end normally.

Error level: info

(S) Stops the SSL request processing.

[client client-address] details: SSL handshake interrupted by system: client port port-number (SSL-handshaking-time) (error-number) (server-process-ID):SSL-handshake-status

SSL handshake processing did not end normally.

Error level: info

(S) Stops the SSL request processing.

[client client-address] SSL library error error-number in handshake

SSL handshake processing did not end normally.

Error level: error

(S) Stops the SSL request processing.

[client client-address] [port client-port-number] SSL library error error-number in handshake (SSL-handshaking-time) (error-number) (server-process-ID):SSL-handshake-status

SSL handshake processing did not end normally.

Error level: error

(S) Stops the SSL request processing.

SSL Library Error: details

An error occurred in the SSL library.

Error level: crit or error

(S) If the Web server is starting, the system stops the start processing. If an SSL request is being processed, the system stops the SSL request processing.

(O) Check the details.

SSLSessionCacheSize is outside the appropriate range

The SSLSessionCacheSize directive has an invalid value that is not allowed to be specified.

Error level: None

(S) Does not start the Web server.

(O) Check the value specified in the directive.

SSLSessionCacheSizePerChild is outside the appropriate range

The SSLSessionCacheSizePerChild directive has an invalid value that is not allowed to be specified.

Error level: None

(S) Does not start the Web server.

(O) Check the value specified in the directive.

SSLSessionCacheTimeout not set

No value is set in the SSLSessionCacheTimeout directive.

Error level: crit

(S) Does not start the Web server.

(O) Set the SSLSessionCacheTimeout directive.

The private key doesn't match the public key

The Web server private key and Web server certificate specified in the SSLCertificateFile and SSLCertificateKeyFile directives respectively do not match correctly.

Error level: crit

(S) Does not start the Web server.

(O) Check to see whether the set private key and certificate form a correct pair.

unable to set certificate

The Web server certificate specified in the SSLCertificateFile directive cannot be set correctly.

Error level: crit

(S) Does not start the server.

(O) Check to see whether the Web server certificate specified in the SSLCertificateFile directive has the correct format.

unable to set ciphers

The cipher type specified in the SSLRequiredCiphers directive cannot be set.

Error level: crit

(S) Does not start the Web server.

(O) Check the value specified in the SSLRequiredCiphers directive.

unable to set private key

The Web server private key specified in the SSLCertificateKeyFile or SSLCertificateFile directive cannot be set correctly.

Error level: crit

(S) Does not start the Web server.

(O) Check to see whether the format of the private key is correct and whether the set private key and certificate form a correct pair.

Verify depth exceeded

Verification failed because the sent client certificate was at a lower hierarchical level than the value set in the SSLVerifyDepth directive.

Error level: error

(S) Stops the SSL request processing.

(O) Check the value set in the SSLVerifyDepth directive. If the client certificate is not accepted, no action is required.

[client client-address] [port client-port-number] Verify depth exceeded

Verification failed, because the sent client certificate was at a lower hierarchical level than the value set in the SSLVerifyDepth directive.

Error level: error

(S) Stops the SSL request processing.

(O) Check the value set in the SSLVerifyDepth directive. If the client certificate is not accepted, no action is required.

verify error

Verification of a client certificate failed and the issuer of the certificate cannot be obtained.

Error level: error

(S) Stops the SSL request processing.

(O) Check the CA certificate set in the SSLCertificateFile and SSLCertificatePath directives. If the client certificate is not accepted, no action is required.

[client client-address] [port client-port number] verify error

Verification of a client certificate failed and the issuer of the certificate cannot be obtained.

Error level: error

(S) Stops the SSL request processing.

(O) Check the CA certificate set in the SSLCertificateFile and SSLCertificatePath directives. If the client certificate is not accepted, no action is required.

verify error:num=value:error-message

Signature verification failed.

Error level: error

(S) Stops the SSL request processing.

(O) Read the corresponding CA certificate. If the client certificate is not accepted, no action is required.

[client client-address] [port client-port-number] verify error:num=value:error-message

Signature verification failed.

Error level: error

(S) Stops the SSL request processing.

(O) Read the corresponding CA certificate. If the client certificate is not accepted, no action is required.

details: Can't open directory directory-name

The directory specified in the SSLCACertificatePath directive cannot be opened.

Error level: error

(S) Does not start the Web server.

(O) Check to see whether the cause indicated in details exists, such as existence of the directory or sufficient permissions.

details: Can't open key file file-name

The private key file cannot be read.

Error level: crit

(S) Does not start the Web server.

(O) Check the value specified in the SSLCertificateKeyFile directive according to the cause indicated in details.

access to file-name failed for host-name, reason: Cipher cipher-type is not on the permitted list

The cipher type used for access is not specified in the SSLRequireCipher directive.

Error level: error

(S) Returns the status code "403 Forbidden" and stops processing the request.

access to file-name failed for host-name, reason: Cipher cipher-type is forbidden

The cipher-type used for access is specified in the SSLBanCipher directive.

Error level: error

(S) Returns the status code "403 Forbidden" and stops processing the request.

details: Could not create a new mutex

Initialization of lock processing failed.

Error level: crit

(S) Does not start the Web server.

(O) Take appropriate action according to the information in details.

details: Could not open CRL directory for DER format: directory-name

The directory specified in the SSLCRLDERPath directive cannot be opened.

Error level: crit

(S) Does not start the Web server.

(O) Take an appropriate action to resolve the cause of the issue indicated in details.

details: Could not open CRL directory for PEM format: directory-name

The directory specified in the SSLCRLPEMPath directive cannot be opened.

Error level: crit

(S) Does not start the Web server.

(O) Take an appropriate action to resolve the cause of the issue indicated in details.

details: Could not open CRL file: file-name

The CRL file cannot be opened.

Error level: crit

(S) Does not start the Web server.

(O) Take an appropriate action to resolve the cause of the issue indicated in details.

details: Could not Read password file.

The password file specified in the SSLCertificateKeyPassword directive cannot be loaded.

Error level: crit

(S) Does not start the Web server.

(O) Take appropriate action according to the information in details.

details: couldn't change working directory: directory

Setting of directory running a gcache server failed.

Error level: None

(S) Does not start the gcache server, but Continues processing to start the Web server.

(O) Check the setting of the SSLCacheServerRunDir directive according to details returned by the chdir() function.

details: Error reading private key file file-name:

The private key cannot be read.

Error level: crit

(S) Does not start the Web server.

(O) Check the value specified in the SSLCertificateKeyFile directive according to the cause indicated in details.

access to file-name failed for host-name, reason: SSL denied

A directory specified in the SSLDenySSL directive was accessed via SSL.

Error level: error

(S) Returns the status code "403 Forbidden" and stops processing the request.

access to file-name failed for host-name, reason: SSL required

A directory specified in the SSLRequireSSL directive was accessed without using SSL.

Error level: error

(S) Returns the status code "403 Forbidden" and stops processing the request.

details: unable to exec gcache: file-name

Failed to start the gcache server specified by file-name.

Error level: None

(S) Does not start the gcache server, but continues processing to start the Web server.

(O) Check the setting of the SSLCacheServerPath directive according to details returned by the execl() function.

details: unable to spawn gcache process

Faile to start the gcache server.

Error level: crit

(S) Does not start the gcache server, but continues processing to start the Web server.

(O) Check details returned by the fork() function.

Could not get the certificate issuer name

The name of the certificate's issuer could not be obtained.

Error level: error

(S) Fails to authenticate the client certificate.

Could not get the issuer in CRLCheck()

The CRL's issuer could not be obtained.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check to see whether the CRL was created correctly.

Could not get the issuer name from the CRL

The name of the CRL's issuer could not be obtained.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check to see whether the CRL was created correctly.

Unable to create a time object in CRLCheck()

A time object could not be created.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check system resource usage.

Could not get the current time in CRLCheck()

The current time could not be obtained.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check system resource usage.

Unable to compare the times in CRLCheck()

The time comparison could not be performed.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check system resource usage.

Could not get the serial number from the certificate

No serial number could be obtained from the certificate.

Error level: error

(S) Fails to authenticate the client certificate.

Unable to create a certificate store object

No certificate store object could be created.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check system resource usage.

Error while trying to find certificate in CRL

An error occurred while searching for a certificate.

Error level: error

(S) Fails to authenticate the client certificate.

(O) Check system resource usage.

Unable to create a library context

A library context could not be created.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Unable to create a key context

A key context could not be created.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Unable to create a time context

A time context could not be created.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Unable to create a time object in ReadCRL()

A time object could not be created.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Unable to create a time object in GetCRL()

A time object could not be created.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Could not get the issuer in GetCRL()

The CRL's issuer could not be obtained.

Error level: crit

(S) Does not start the Web server.

(O) Check to see whether the CRL was created correctly.

Unable to compare the times in GetCRL()

The time comparison could not be performed.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Unable to create a time object in CheckCRLs()

A time object could not be created.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Could not get lastUpdate field in CheckCRLs()

The issuance date of the CRL could not be obtained.

Error level: crit

(S) Does not start the Web server.

(O) Check to see whether the CRL was created correctly.

Could not get the current time in CheckCRLs()

The current time could not be obtained.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Unable to compare the times in CheckCRLs()

The time comparison could not be performed.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

Unable to create a certificate context

No certificate context could be obtained.

Error level: crit

(S) Does not start the Web server.

(O) Check system resource usage.

19.8.3 Message details