Solved

install ssl certificate in apache

Posted on 2011-03-20
10
478 Views
Last Modified: 2012-05-11
Hi Folks,

i need help on how  to upgrade ssl certificate on apache. Currently it does have valid certificate.I tried to understand the configuration.So i checked the httpd.conf file and found this:
<IfModule mod_ssl.c>
    Include conf/ssl.conf
</IfModule>
So, i checked conf/ssl.conf and i feel only below lines are responsible for implmenting ssl:

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /apps/lions2.2.1r/deployment/apache/conf/ssl.key/server.key

SSLCertificateChainFile /apps/lions2.2.1r/deployment/apache/conf/ssl.crt/ca.crt

SSLVerifyClient none
SSLProxyEngine off

What i know is for upgrading i only need to create a new certificate using openssl and i can use the existing key.

So i tried to get more information about openssl and apache. (as i not familiar with both)
I did ps -ef | grep httpd

lionr  5876     1   0   Mar 15 ?           0:26 /apps/lions2.2.1r/deploymentbin/httpd.2.0.59-solaris/bin/httpd -f /apps

then i moved to apps/lions2.2.1r/deploymentbin/
and run :
$openssl version
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed

Got the above output.

As i am not familar with openssl, i tried
$openssl x509 -text -in server.crt
to make sure iam on right path. but still also throwing the same error.

Please help me with ssl ceritficate. Would be great if you can explain my above confugration.

Thank you,
Joe


0
Comment
Question by:jayatallen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 31

Accepted Solution

by:
farzanj earned 250 total points
ID: 35177819
Appears to me that your openssl is not properly installed.

Which OS are you using?

If you are using Fedora/CentOS/Redhat, you can see if you have it by issuing the following command
rpm -qa | grep openssl

If you have it then issue the following command
rpm -ql openssl | grep libssl

If you have other OS, way to determine would be different.
0
 

Author Comment

by:jayatallen
ID: 35180753
thank you for your reply.

I am using solaris 10.
0
 
LVL 31

Assisted Solution

by:farzanj
farzanj earned 250 total points
ID: 35181442
I am giving you some commands. Use them as per your judgement.  First find a package.  If it exists, update it.  I would try openssl and libssl.  I am not sure if libssl a part of openssl.  If it does not exist at all, install it.

pkginfo | grep -i openssl

Further, you can try
pkginfo -l openssl

pkginfo -l libssl

List available packages (uses last downloaded copy):
pkg-get -a | egrep -i "openssl|libssl"

Download and install package:
pkg-get -i openssl
pkg-get -i libssl

Upgrade package:
pkg-get -u openssl

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jayatallen
ID: 35181637
Hi Farzanj,

i tried and found this:

bash-3.00$ pkginfo | grep -i openssl
application SMCossld                         openssl
system      SUNWopenssl-commands             OpenSSL Commands (Usr)
system      SUNWopenssl-include              OpenSSL Header Files
system      SUNWopenssl-libraries            OpenSSL Libraries (Usr)
system      SUNWopenssl-man                  OpenSSL Manual Pages
system      SUNWopensslr                     OpenSSL (Root)
bash-3.00$ pkginfo -l opensll
ERROR: information for "opensll" was not found
bash-3.00$ pkginfo -l openssl
ERROR: information for "openssl" was not found
bash-3.00$ pkginfo -l libssl
ERROR: information for "libssl" was not found


Does this mean everything is OK?
One more thing,currently ssl is working fine on apache.

Thanks,
Joe
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35181828
Issue the following
openssl -l SUNWopenssl-libraries

It appears that your package is installed but some libraries are missing
0
 

Author Comment

by:jayatallen
ID: 35182218
ran and found:

bash-3.00$ openssl -l SUNWopenssl-libraries
bash: openssl: command not found
0
 

Author Comment

by:jayatallen
ID: 35182249
i tried this:
bash-3.00$ find / -name openssl 2>/dev/null
/usr/sfw/bin/openssl
/usr/sfw/include/openssl
/usr/local/ssl/bin/openssl
/usr/local/ssl/doc/openssl
/usr/local/ssl/include/openssl
/etc/sfw/openssl
/opt/boksm/lib/openssl

ash-3.00$ find /apps/aqueduct -name openssl -type f 2>/dev/null
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh2/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh3/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-amd64/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-linux-rh4-int32/ssl/bin/openssl
/apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl

Is there anyway to find which openssl is being use by apache?
0
 

Author Comment

by:jayatallen
ID: 35182263
Tried below one ..same error..


bash-3.00$ /apps/aqueduct/tigger/tigger-v1.6.0/bin/httpd.2.0.59-solaris/ssl/bin/openssl -l SUNWopenssl-libraries
ld.so.1: openssl: fatal: libssl.so.0.9.8: open failed: No such file or directory
Killed
0
 
LVL 31

Expert Comment

by:farzanj
ID: 35186014
Sorry, I meant
pkginfo -l SUNWopenssl-libraries

What do you get?

Also try this

pkg-get -u openssl
0
 

Author Comment

by:jayatallen
ID: 35192802
tried:
bash-3.00$ pkginfo -l SUNWopenssl-libraries
   PKGINST:  SUNWopenssl-libraries
      NAME:  OpenSSL Libraries (Usr)
  CATEGORY:  system
      ARCH:  sparc
   VERSION:  11.10.0,REV=2005.01.21.15.53
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  OpenSSL Libraries (Usr)
    PSTAMP:  on10-patch20081113042408
  INSTDATE:  Apr 07 2009 07:41
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:       19 installed pathnames
                   5 shared pathnames
                   4 directories
                   4 executables
               14113 blocks used (approx)

0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Convert websphere application server default chained Certificates from 1024 to 2048 keysize or higher size and also you can change signatureAlgorithm . Please make sure Websphere Application Server fixpack 7.0.0.23 or Above. The following steps a…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question