?
Solved

install ssl certificate in apache

Posted on 2011-03-20
10
Medium Priority
?
495 Views
Last Modified: 2012-05-11
Hi Folks,

i need help on how  to upgrade ssl certificate on apache. Currently it does have valid certificate.I tried to understand the configuration.So i checked the httpd.conf file and found this:
<IfModule mod_ssl.c>
    Include conf/ssl.conf
</IfModule>
So, i checked conf/ssl.conf and i feel only below lines are responsible for implmenting ssl:

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /apps/lions2.2.1r/deployment/apache/conf/ssl.key/server.key

SSLCertificateChainFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/ca.crt

SSLVerifyClient none
SSLProxyEngine off

What i know is for upgrading i only need to create a new certificate using openssl and i can use the existing key.

So i tried to get more information about openssl and apache. (as i not familiar with both)
I did ps -ef | grep httpd

lionr  5876     1   0   Mar 15 ?           0:26 /apps/lions2.2.1r/deploymentbin/httpd.2.0.59-solaris/bin/httpd -f /apps

then i moved to apps/lions2.2.1r/deploymentbin/
and run :
$openssl version
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed

Got the above output.

As i am not familar with openssl, i tried
$openssl x509 -text -in server.crt
to make sure iam on right path. but still also throwing the same error.

Please help me with ssl ceritficate. Would be great if you can explain my above confugration.

Thank you,
Joe


0
Comment
Question by:jayatallen
  • 6
  • 4
10 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 1000 total points
ID: 35177819
Appears to me that your openssl is not properly installed.

Which OS are you using?

If you are using Fedora/CentOS/Redhat, you can see if you have it by issuing the following command
rpm -qa | grep openssl

If you have it then issue the following command
rpm -ql openssl | grep libssl

If you have other OS, way to determine would be different.
0
 

Author Comment

by:jayatallen
ID: 35180753
thank you for your reply.

I am using solaris 10.
0
 
LVL 31

Assisted Solution

by:farzanj
farzanj earned 1000 total points
ID: 35181442
I am giving you some commands. Use them as per your judgement.  First find a package.  If it exists, update it.  I would try openssl and libssl.  I am not sure if libssl a part of openssl.  If it does not exist at all, install it.

pkginfo | grep -i openssl

Further, you can try
pkginfo -l openssl

pkginfo -l libssl

List available packages (uses last downloaded copy):
pkg-get -a | egrep -i "openssl|libssl"

Download and install package:
pkg-get -i openssl
pkg-get -i libssl

Upgrade package:
pkg-get -u openssl

0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 

Author Comment

by:jayatallen
ID: 35181637
Hi Farzanj,

i tried and found this:

bash-3.00$ pkginfo | grep -i openssl
application SMCossld                         openssl
system      SUNWopenssl-commands             OpenSSL Commands (Usr)
system      SUNWopenssl-include              OpenSSL Header Files
system      SUNWopenssl-libraries            OpenSSL Libraries (Usr)
system      SUNWopenssl-man                  OpenSSL Manual Pages
system      SUNWopensslr                     OpenSSL (Root)
bash-3.00$ pkginfo -l opensll
ERROR: information for "opensll" was not found
bash-3.00$ pkginfo -l openssl
ERROR: information for "openssl" was not found
bash-3.00$ pkginfo -l libssl
ERROR: information for "libssl" was not found


Does this mean everything is OK?
One more thing,currently ssl is working fine on apache.

Thanks,
Joe
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35181828
Issue the following
openssl -l SUNWopenssl-libraries

It appears that your package is installed but some libraries are missing
0
 

Author Comment

by:jayatallen
ID: 35182218
ran and found:

bash-3.00$ openssl -l SUNWopenssl-libraries
bash: openssl: command not found
0
 

Author Comment

by:jayatallen
ID: 35182249
i tried this:
bash-3.00$ find / -name openssl 2>/dev/null
/usr/sfw/bin/openssl
/usr/sfw/include/openssl
/usr/local/ssl/bin/openssl
/usr/local/ssl/doc/openssl
/usr/local/ssl/include/openssl
/etc/sfw/openssl
/opt/boksm/lib/openssl

ash-3.00$ find /apps/aqueduct -name openssl -type f 2>/dev/null
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh2/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh3/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-amd64/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-int32/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl

Is there anyway to find which openssl is being use by apache?
0
 

Author Comment

by:jayatallen
ID: 35182263
Tried below one ..same error..


bash-3.00$ /apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl -l SUNWopenssl-libraries
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35186014
Sorry, I meant
pkginfo -l SUNWopenssl-libraries

What do you get?

Also try this

pkg-get -u openssl
0
 

Author Comment

by:jayatallen
ID: 35192802
tried:
bash-3.00$ pkginfo -l SUNWopenssl-libraries
   PKGINST:  SUNWopenssl-libraries
      NAME:  OpenSSL Libraries (Usr)
  CATEGORY:  system
      ARCH:  sparc
   VERSION:  11.10.0,REV=2005.01.21.15.53
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  OpenSSL Libraries (Usr)
    PSTAMP:  on10-patch20081113042408
  INSTDATE:  Apr 07 2009 07:41
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       19 installed pathnames
                   5 shared pathnames
                   4 directories
                   4 executables
               14113 blocks used (approx)

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Integration Management Part 2
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

616 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question