Solved

install ssl certificate in apache

Posted on 2011-03-20
10
460 Views
Last Modified: 2012-05-11
Hi Folks,

i need help on how  to upgrade ssl certificate on apache. Currently it does have valid certificate.I tried to understand the configuration.So i checked the httpd.conf file and found this:
<IfModule mod_ssl.c>
    Include conf/ssl.conf
</IfModule>
So, i checked conf/ssl.conf and i feel only below lines are responsible for implmenting ssl:

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /apps/lions2.2.1r/deployment/apache/conf/ssl.key/server.key

SSLCertificateChainFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/ca.crt

SSLVerifyClient none
SSLProxyEngine off

What i know is for upgrading i only need to create a new certificate using openssl and i can use the existing key.

So i tried to get more information about openssl and apache. (as i not familiar with both)
I did ps -ef | grep httpd

lionr  5876     1   0   Mar 15 ?           0:26 /apps/lions2.2.1r/deploymentbin/httpd.2.0.59-solaris/bin/httpd -f /apps

then i moved to apps/lions2.2.1r/deploymentbin/
and run :
$openssl version
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed

Got the above output.

As i am not familar with openssl, i tried
$openssl x509 -text -in server.crt
to make sure iam on right path. but still also throwing the same error.

Please help me with ssl ceritficate. Would be great if you can explain my above confugration.

Thank you,
Joe


0
Comment
Question by:jayatallen
  • 6
  • 4
10 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 250 total points
ID: 35177819
Appears to me that your openssl is not properly installed.

Which OS are you using?

If you are using Fedora/CentOS/Redhat, you can see if you have it by issuing the following command
rpm -qa | grep openssl

If you have it then issue the following command
rpm -ql openssl | grep libssl

If you have other OS, way to determine would be different.
0
 

Author Comment

by:jayatallen
ID: 35180753
thank you for your reply.

I am using solaris 10.
0
 
LVL 31

Assisted Solution

by:farzanj
farzanj earned 250 total points
ID: 35181442
I am giving you some commands. Use them as per your judgement.  First find a package.  If it exists, update it.  I would try openssl and libssl.  I am not sure if libssl a part of openssl.  If it does not exist at all, install it.

pkginfo | grep -i openssl

Further, you can try
pkginfo -l openssl

pkginfo -l libssl

List available packages (uses last downloaded copy):
pkg-get -a | egrep -i "openssl|libssl"

Download and install package:
pkg-get -i openssl
pkg-get -i libssl

Upgrade package:
pkg-get -u openssl

0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:jayatallen
ID: 35181637
Hi Farzanj,

i tried and found this:

bash-3.00$ pkginfo | grep -i openssl
application SMCossld                         openssl
system      SUNWopenssl-commands             OpenSSL Commands (Usr)
system      SUNWopenssl-include              OpenSSL Header Files
system      SUNWopenssl-libraries            OpenSSL Libraries (Usr)
system      SUNWopenssl-man                  OpenSSL Manual Pages
system      SUNWopensslr                     OpenSSL (Root)
bash-3.00$ pkginfo -l opensll
ERROR: information for "opensll" was not found
bash-3.00$ pkginfo -l openssl
ERROR: information for "openssl" was not found
bash-3.00$ pkginfo -l libssl
ERROR: information for "libssl" was not found


Does this mean everything is OK?
One more thing,currently ssl is working fine on apache.

Thanks,
Joe
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35181828
Issue the following
openssl -l SUNWopenssl-libraries

It appears that your package is installed but some libraries are missing
0
 

Author Comment

by:jayatallen
ID: 35182218
ran and found:

bash-3.00$ openssl -l SUNWopenssl-libraries
bash: openssl: command not found
0
 

Author Comment

by:jayatallen
ID: 35182249
i tried this:
bash-3.00$ find / -name openssl 2>/dev/null
/usr/sfw/bin/openssl
/usr/sfw/include/openssl
/usr/local/ssl/bin/openssl
/usr/local/ssl/doc/openssl
/usr/local/ssl/include/openssl
/etc/sfw/openssl
/opt/boksm/lib/openssl

ash-3.00$ find /apps/aqueduct -name openssl -type f 2>/dev/null
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh2/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh3/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-amd64/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-int32/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl

Is there anyway to find which openssl is being use by apache?
0
 

Author Comment

by:jayatallen
ID: 35182263
Tried below one ..same error..


bash-3.00$ /apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl -l SUNWopenssl-libraries
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35186014
Sorry, I meant
pkginfo -l SUNWopenssl-libraries

What do you get?

Also try this

pkg-get -u openssl
0
 

Author Comment

by:jayatallen
ID: 35192802
tried:
bash-3.00$ pkginfo -l SUNWopenssl-libraries
   PKGINST:  SUNWopenssl-libraries
      NAME:  OpenSSL Libraries (Usr)
  CATEGORY:  system
      ARCH:  sparc
   VERSION:  11.10.0,REV=2005.01.21.15.53
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  OpenSSL Libraries (Usr)
    PSTAMP:  on10-patch20081113042408
  INSTDATE:  Apr 07 2009 07:41
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       19 installed pathnames
                   5 shared pathnames
                   4 directories
                   4 executables
               14113 blocks used (approx)

0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question