Apache2 ssl problems
in [Suse]
|
Prev: wireless and the concept of camera
Next: Packman
From: jamesromeongmail.com on 7 Apr 2010 18:46 I think I set apache up properly (I have done so in the past). But it is not working. It claims that the ports are in use, but they are not: jarfx:/var/log/apache2 # netstat -tan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:9092 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3483 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN tcp 38 0 192.168.1.9:43503 208.43.223.179:443 CLOSE_WAIT tcp 0 0 127.0.0.1:9092 127.0.0.1:43189 ESTABLISHED tcp 0 0 192.168.1.9:22 192.168.1.11:50218 ESTABLISHED tcp 0 0 192.168.1.9:36559 174.36.30.48:80 ESTABLISHED tcp 38 0 192.168.1.9:57342 204.236.220.71:443 CLOSE_WAIT tcp 0 0 192.168.1.9:3483 192.168.1.20:45622 ESTABLISHED tcp 0 0 127.0.0.1:43189 127.0.0.1:9092 ESTABLISHED tcp 38 0 192.168.1.9:59716 174.36.30.90:443 CLOSE_WAIT tcp 0 0 192.168.1.9:3483 192.168.1.6:23337 ESTABLISHED tcp 0 0 192.168.1.9:58324 174.36.30.70:443 ESTABLISHED tcp 0 0 :::139 :::* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 ::1:6010 :::* LISTEN tcp 0 0 :::445 :::* LISTEN tcp 0 0 192.168.1.9:445 192.168.1.11:50132 ESTABLISHED And then jarfx:/var/log/apache2 # rcapache2 start Starting httpd2 (prefork) (98)Address already in use: make_sock: could not bind to address [::]:443 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs startproc: exit status of parent of /usr/sbin/httpd2-prefork: 1 The unable to open logs points to a permissions issue. I uninstalled apache, deleted /etc/apache2, and /etc/sysconfig/ apache2, and reinstalled and reconfigured, and it still will not work. I would love some sugestions. Thanks, Jim
From: jamesromeongmail.com on 11 Apr 2010 13:45 > > I uninstalled apache, deleted /etc/apache2, and /etc/sysconfig/ > apache2, and reinstalled and reconfigured, and it still will not work. > I would love some sugestions. > > Thanks, > Jim After a reboot, I can get a log file. error_log says: [Thu Mar 18 11:51:24 2010] [error] Init: Unable to read server certificate from file /etc/apache2/ssl.crt/server.crt [Thu Mar 18 11:51:24 2010] [error] SSL Library Error: 218542222 error: 0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data [Thu Mar 18 11:52:34 2010] [error] Init: Unable to read server certificate from file /etc/apache2/ssl.crt/server.crt [Thu Mar 18 11:52:34 2010] [error] SSL Library Error: 218542222 error: 0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data [Tue Mar 23 08:53:29 2010] [error] Init: Unable to read server certificate from file /etc/apache2/ssl.crt/server.crt [Tue Mar 23 08:53:29 2010] [error] SSL Library Error: 218542222 error: 0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data [Wed Apr 07 13:06:36 2010] [error] Init: Unable to read server certificate from file /etc/apache2/ssl.crt/server.crt [Wed Apr 07 13:06:36 2010] [error] SSL Library Error: 218542222 error: 0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data [Wed Apr 07 12:33:19 2010] [error] Init: Unable to read server certificate from file /etc/apache2/ssl.crt/server.crt [Wed Apr 07 12:33:19 2010] [error] SSL Library Error: 218542222 error: 0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data [Wed Apr 07 14:14:00 2010] [error] Init: Unable to read server certificate from file /etc/apache2/ssl.crt/server.crt [Wed Apr 07 14:14:00 2010] [error] SSL Library Error: 218542222 error: 0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data [Wed Apr 07 15:11:48 2010] [notice] Apache/2.2.13 (Linux/SUSE) mod_ssl/ 2.2.13 OpenSSL/0.9.8k PHP/5.3.1 configured -- resuming normal operations [Wed Apr 07 15:11:57 2010] [error] [client ::1] Invalid method in request \x16\x03\x01 [Wed Apr 07 15:12:03 2010] [error] [client ::1] Invalid method in request \x16\x03\x01 [Wed Apr 07 15:14:04 2010] [error] [client ::1] Invalid method in request \x16\x03\x01 [Wed Apr 07 15:15:41 2010] [notice] caught SIGTERM, shutting down [Wed Apr 07 15:19:25 2010] [notice] Apache/2.2.13 (Linux/SUSE) mod_ssl/ 2.2.13 OpenSSL/0.9.8k PHP/5.3.1 configured -- resuming normal operations [Wed Apr 07 15:19:34 2010] [error] [client ::1] Invalid method in request \x16\x03\x01 [Wed Apr 07 15:19:41 2010] [error] [client ::1] Invalid method in request \x16\x03\x01 [Wed Apr 07 15:19:49 2010] [error] [client ::1] Invalid method in request \x16\x03\x01 [Wed Apr 07 15:22:39 2010] [notice] caught SIGTERM, shutting down [Sat Apr 10 13:57:47 2010] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Sat Apr 10 13:57:47 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) [Sat Apr 10 13:57:48 2010] [notice] Apache/2.2.13 (Linux/SUSE) mod_ssl/ 2.2.13 OpenSSL/0.9.8k PHP/5.3.1 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations [Sat Apr 10 13:58:18 2010] [notice] caught SIGTERM, shutting down But, I made the certificate by entering # 'cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. This has always worked before. And the cert is there: jarfx:/etc/apache2/ssl.crt # ls -l total 32 -rw-r--r-- 1 root root 1338 2010-04-07 17:14 ca.crt lrwxrwxrwx 1 root root 19 2010-04-10 14:01 e52d41d0.0 -> snakeoil-ca- rsa.crt -rw-r--r-- 1 root root 1522 2002-10-24 06:06 Makefile -rw-r--r-- 1 root root 1386 2002-10-24 06:06 README.CRT -r-------- 1 root root 1168 2010-04-11 13:34 server.crt -r-------- 1 root root 1472 2002-10-24 06:06 snakeoil-ca-dsa.crt -r-------- 1 root root 1192 2002-10-24 06:06 snakeoil-ca-rsa.crt -r-------- 1 root root 1452 2002-10-24 06:06 snakeoil-dsa.crt -r-------- 1 root root 1176 2002-10-24 06:06 snakeoil-rsa.crt And, the above process leaves the two ports hung, so I cannot try it again. If I do not load the ssl module, the usual http server will start. What am I doing wrong? Thanks, Jim
From: Eef Hartman on 13 Apr 2010 05:09 jamesromeongmail.com <jamesrome(a)gmail.com> wrote: > But, I made the certificate by entering > # 'cd /usr/share/doc/packages/apache2; ./certificate.sh' as root. > This has always worked before. Normally the "newer" apache's do NOT run as root anymore (I don't know what the default user is in openSUSE, but it mostly is something like "httpd" or apache) and thus do NOT have a root override, files must be owned by that user OR hace read rights for "others" to be able to be read by the web server. This is a security feature, it makes it impossible for a hacked web server to read sensitive system files (like the shadow password file). -- ******************************************************************* ** Eef Hartman, Delft University of Technology, dept. SSC/ICT ** ** e-mail: E.J.M.Hartman(a)tudelft.nl - phone: +31-15-278 82525 ** *******************************************************************
|
Pages: 1 Prev: wireless and the concept of camera Next: Packman |