Solved

Stop/Start httpd (Apache1.3) [urgent]..

Posted on 2004-10-21
404 Views
Last Modified: 2012-06-21
I need to install new SSL certificate on my apache web server on Solaris8 machine.
The server is now running with the expired SSL certificate and if I stop the server, I will never be able to start it with expired certificate if something goes wrong with any problem with the new certificate.

What is the command for restart httpd with ssl:
/usr2/apache1.3.28/bin/apachectl startssl
or
/usr2/apache1.3.28/bin/apachectl restart

Shall I stop httpd first:
/usr2/apache1.3.28/bin/apachectl stop ??

When I run /usr2/apache1.3.28/bin/apachectl configtest
it returns: syntax OK
(does it really ensure that my /usr2/apache1.3.28/conf/httpd.conf file is OK?)

In my server the /etc/rc3.d/S99httpd file is:
===============
#!/bin/sh
prefix=/usr2/apache1.3.28
exec_prefix=${prefix}
bindir=${exec_prefix}/bin
case "$1" in
'start')
                echo "Starting Apache Web Server"
                $bindir/apachectl start
        ;;
'startssl' )
                echo "Starting Apache Web Server with SSL"
                $bindir/apachectl startssl
        ;;
'restart')
                echo "Restarting Apache Web Server"
                $bindir/apachectl restart
        ;;
'stop')
                echo "Stopping Apache Web Server"
                $bindir/apachectl stop
        ;;
*)
        echo "Usage: $0 { start | restart | stop }"
        exit 1
        ;;
esac
exit 0
================================

The only part of the /usr2/apache1.3.28/conf/httpd.conf file where I made changes is:

=============
<VirtualHost 100.100.440.3:443>
        DocumentRoot "/usr2/apache1.3.28/htdocs"
        ServerName test.comp.com
        ServerAdmin root@test.comp.com
        ErrorLog /usr2/apache1.3.28/logs/error_log
        TransferLog /usr2/apache1.3.28/logs/access_log
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                SSLOptions +StdEnvVars
        </Files>
        <Directory "/usr2/apache1.3.28/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

#<VirtualHost 100.100.440.7:443>
#        DocumentRoot "/usr2/apache1.3.28/htdocs"
#        ServerName web.comp.com
#        ServerAdmin root@test.comp.com
#        ErrorLog /usr2/apache1.3.28/logs/error_log
#        TransferLog /usr2/apache1.3.28/logs/access_log
#        SSLEngine on
#        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#        SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/web.comp.com.crt
#        SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2003.key
#        SSLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt
#        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
#                SSLOptions +StdEnvVars
#        </Files>
#        <Directory "/usr2/apache1.3.28/cgi-bin">
#                SSLOptions +StdEnvVars
#        </Directory>
#        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
#        CustomLog /usr2/apache1.3.28/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#</VirtualHost>
===============
I commented out the 2nd VirtualHost block this time. And updated the files:
SSLCertificateFile /usr2/apache1.3.28/conf/ssl.crt/test.comp.com_new.crt
SSLCertificateKeyFile /usr2/apache1.3.28/conf/ssl.key/server2004.key
SLCACertificateFile /usr2/apache1.3.28/conf/ssl.crt/comp-ca.crt

What commands in sequence do I need to type to install this new SSL certificate?
Is there any way that I can verify beforhand (before I stop httpd) that httpd can be properly restarted??

0
Question by:tooki
    3 Comments
     
    LVL 15

    Accepted Solution

    by:
    After installing the new certificate, you will need to stop the server via:

    apachectl stop

    and then restart it, using startssl:

    apachectl startssl

    Why is it that you feel you won't be able to restart it if the certificate has expired?  I believe that you can.
    0
     

    Author Comment

    by:tooki
    Thanks!!I had heard that I cannot start a server with expired certificate (I'm wrong then!). As it's a production system, I wanted to know beforehand......
    I will try this stop and startssl option as you said...
    0
     
    LVL 15

    Expert Comment

    by:periwinkle
    but I understand that you are installing a new certificate, correct?  You could simply self-sign a certificate, should the need arise.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

     Java Android Coding Bundle

    Whether you're an Apple user or Android addict, learning to code for the Android platform is an extremely valuable, in-demand skill. It all starts with Java, the language behind the apps and games that make Android the top platform it is today.

    Suggested Solutions

    Title # Comments Views Activity
    dontlog Apache 2.4 2 54
    Apache to Lighttpd 9 55
    How to hide the .php  extension in URL ? 15 86
    Server specifications for web hosting 7 76
    Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
    Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
    This video discusses moving either the default database or any database to a new volume.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now