Solved

install ssl certificate in apache

Posted on 2011-03-20
10
454 Views
Last Modified: 2012-05-11
Hi Folks,

i need help on how  to upgrade ssl certificate on apache. Currently it does have valid certificate.I tried to understand the configuration.So i checked the httpd.conf file and found this:
<IfModule mod_ssl.c>
    Include conf/ssl.conf
</IfModule>
So, i checked conf/ssl.conf and i feel only below lines are responsible for implmenting ssl:

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /apps/lions2.2.1r/deployment/apache/conf/ssl.key/server.key

SSLCertificateChainFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/ca.crt

SSLVerifyClient none
SSLProxyEngine off

What i know is for upgrading i only need to create a new certificate using openssl and i can use the existing key.

So i tried to get more information about openssl and apache. (as i not familiar with both)
I did ps -ef | grep httpd

lionr  5876     1   0   Mar 15 ?           0:26 /apps/lions2.2.1r/deploymentbin/httpd.2.0.59-solaris/bin/httpd -f /apps

then i moved to apps/lions2.2.1r/deploymentbin/
and run :
$openssl version
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed

Got the above output.

As i am not familar with openssl, i tried
$openssl x509 -text -in server.crt
to make sure iam on right path. but still also throwing the same error.

Please help me with ssl ceritficate. Would be great if you can explain my above confugration.

Thank you,
Joe


0
Comment
Question by:jayatallen
  • 6
  • 4
10 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 250 total points
ID: 35177819
Appears to me that your openssl is not properly installed.

Which OS are you using?

If you are using Fedora/CentOS/Redhat, you can see if you have it by issuing the following command
rpm -qa | grep openssl

If you have it then issue the following command
rpm -ql openssl | grep libssl

If you have other OS, way to determine would be different.
0
 

Author Comment

by:jayatallen
ID: 35180753
thank you for your reply.

I am using solaris 10.
0
 
LVL 31

Assisted Solution

by:farzanj
farzanj earned 250 total points
ID: 35181442
I am giving you some commands. Use them as per your judgement.  First find a package.  If it exists, update it.  I would try openssl and libssl.  I am not sure if libssl a part of openssl.  If it does not exist at all, install it.

pkginfo | grep -i openssl

Further, you can try
pkginfo -l openssl

pkginfo -l libssl

List available packages (uses last downloaded copy):
pkg-get -a | egrep -i "openssl|libssl"

Download and install package:
pkg-get -i openssl
pkg-get -i libssl

Upgrade package:
pkg-get -u openssl

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:jayatallen
ID: 35181637
Hi Farzanj,

i tried and found this:

bash-3.00$ pkginfo | grep -i openssl
application SMCossld                         openssl
system      SUNWopenssl-commands             OpenSSL Commands (Usr)
system      SUNWopenssl-include              OpenSSL Header Files
system      SUNWopenssl-libraries            OpenSSL Libraries (Usr)
system      SUNWopenssl-man                  OpenSSL Manual Pages
system      SUNWopensslr                     OpenSSL (Root)
bash-3.00$ pkginfo -l opensll
ERROR: information for "opensll" was not found
bash-3.00$ pkginfo -l openssl
ERROR: information for "openssl" was not found
bash-3.00$ pkginfo -l libssl
ERROR: information for "libssl" was not found


Does this mean everything is OK?
One more thing,currently ssl is working fine on apache.

Thanks,
Joe
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35181828
Issue the following
openssl -l SUNWopenssl-libraries

It appears that your package is installed but some libraries are missing
0
 

Author Comment

by:jayatallen
ID: 35182218
ran and found:

bash-3.00$ openssl -l SUNWopenssl-libraries
bash: openssl: command not found
0
 

Author Comment

by:jayatallen
ID: 35182249
i tried this:
bash-3.00$ find / -name openssl 2>/dev/null
/usr/sfw/bin/openssl
/usr/sfw/include/openssl
/usr/local/ssl/bin/openssl
/usr/local/ssl/doc/openssl
/usr/local/ssl/include/openssl
/etc/sfw/openssl
/opt/boksm/lib/openssl

ash-3.00$ find /apps/aqueduct -name openssl -type f 2>/dev/null
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh2/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh3/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-amd64/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-int32/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl

Is there anyway to find which openssl is being use by apache?
0
 

Author Comment

by:jayatallen
ID: 35182263
Tried below one ..same error..


bash-3.00$ /apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl -l SUNWopenssl-libraries
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35186014
Sorry, I meant
pkginfo -l SUNWopenssl-libraries

What do you get?

Also try this

pkg-get -u openssl
0
 

Author Comment

by:jayatallen
ID: 35192802
tried:
bash-3.00$ pkginfo -l SUNWopenssl-libraries
   PKGINST:  SUNWopenssl-libraries
      NAME:  OpenSSL Libraries (Usr)
  CATEGORY:  system
      ARCH:  sparc
   VERSION:  11.10.0,REV=2005.01.21.15.53
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  OpenSSL Libraries (Usr)
    PSTAMP:  on10-patch20081113042408
  INSTDATE:  Apr 07 2009 07:41
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       19 installed pathnames
                   5 shared pathnames
                   4 directories
                   4 executables
               14113 blocks used (approx)

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question