Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Stop/Start httpd (Apache1.3) [urgent]..

Posted on 2004-10-21
6
Medium Priority
?
449 Views
Last Modified: 2012-06-21
I need to install new SSL certificate on my apache web server on Solaris8 machine.
The server is now running with the expired SSL certificate and if I stop the server, I will never be able to start it with expired certificate if something goes wrong with any problem with the new certificate.

What is the command for restart httpd with ssl:
/usr2/apache1.3.28/bin/apachectl startssl
or
/usr2/apache1.3.28/bin/apachectl restart

Shall I stop httpd first:
/usr2/apache1.3.28/bin/apachectl stop ??

When I run /usr2/apache1.3.28/bin/apachectl configtest
it returns: syntax OK
(does it really ensure that my /usr2/apache1.3.28/conf/httpd.conf file is OK?)

In my server the /etc/rc3.d/S99httpd file is:
===============
#!/bin/sh
prefix=/usr2/apache1.3.28
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
case "$1" in
'start')
                echo "Starting Apache Web Server"
                $bindir/apachectl start
        ;;
'startssl' )
                echo "Starting Apache Web Server with SSL"
                $bindir/apachectl startssl
        ;;
'restart')
                echo "Restarting Apache Web Server"
                $bindir/apachectl restart
        ;;
'stop')
                echo "Stopping Apache Web Server"
                $bindir/apachectl stop
        ;;
*)
        echo "Usage: $0 { start | restart | stop }"
        exit 1
        ;;
esac
exit 0
================================

The only part of the /usr2/apache1.3.28/conf/httpd.conf file where I made changes is:

=============
<VirtualHost 100.100.440.3:443>
        DocumentRoot "/usr2/apache1.3.28/htdocs"
        ServerName test.comp.com
        ServerAdmin root@test.comp.com
        ErrorLog /usr2/apache1.3.28/logs/error_log
        TransferLog /usr2/apache1.3.28/logs/access_log
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                SSLOptions +StdEnvVars
        </Files>
        <Directory "/usr2/apache1.3.28/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

#<VirtualHost 100.100.440.7:443>
#        DocumentRoot "/usr2/apache1.3.28/htdocs"
#        ServerName web.comp.com
#        ServerAdmin root@test.comp.com
#        ErrorLog /usr2/apache1.3.28/logs/error_log
#        TransferLog /usr2/apache1.3.28/logs/access_log
#        SSLEngine on
#        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/web.comp.com.crt
#        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2003.key
#        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
#        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
#                SSLOptions +StdEnvVars
#        </Files>
#        <Directory "/usr2/apache1.3.28/cgi-bin">
#                SSLOptions +StdEnvVars
#        </Directory>
#        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#</VirtualHost>
===============
I commented out the 2nd VirtualHost block this time. And updated the files:
SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
SLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt

What commands in sequence do I need to type to install this new SSL certificate?
Is there any way that I can verify beforhand (before I stop httpd) that httpd can be properly restarted??

0
Comment
Question by:tooki
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 15

Accepted Solution

by:
periwinkle earned 800 total points
ID: 12375933
After installing the new certificate, you will need to stop the server via:

apachectl stop

and then restart it, using startssl:

apachectl startssl

Why is it that you feel you won't be able to restart it if the certificate has expired?  I believe that you can.
0
 

Author Comment

by:tooki
ID: 12376913
Thanks!!I had heard that I cannot start a server with expired certificate (I'm wrong then!). As it's a production system, I wanted to know beforehand......
I will try this stop and startssl option as you said...
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12381144
but I understand that you are installing a new certificate, correct?  You could simply self-sign a certificate, should the need arise.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses
Course of the Month8 days, 7 hours left to enroll

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question