View Single Post
  #38  
Old 8th November 2011, 01:01
zenny zenny is offline
Senior Member
 
Join Date: Nov 2006
Posts: 176
Thanks: 20
Thanked 6 Times in 6 Posts
Default

@Till: I upgraded the httpd as well as the openssl manually and also ran the ISPConfig3's update.php script and all went well. But when I tried to create a ssl certificate from the ISPCOnfig3 panel, it goes well but nothing seems to have been created as the SSL Certificate field not only remained blank, but the webserver died. Or I just missed something.

The error log follows:

Quote:
# tail -n 50 /var/log/httpd/error_log
[Mon Nov 07 03:27:07 2011] [notice] Digest: done
[Mon Nov 07 03:27:08 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 03:27:08 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 03:27:08 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Mon Nov 07 04:04:20 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Mon Nov 07 10:10:35 2011] [notice] caught SIGTERM, shutting down
[Mon Nov 07 10:10:35 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(26991) exit(shutting down), terminated by calling exit(), return code: 0
[Mon Nov 07 10:10:36 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Nov 07 10:10:36 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 10:10:36 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 10:10:36 2011] [notice] Digest: generating secret for digest authentication ...
[Mon Nov 07 10:10:36 2011] [notice] Digest: done
[Mon Nov 07 10:10:37 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Nov 07 10:10:37 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Mon Nov 07 10:10:37 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
[Mon Nov 07 10:34:42 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 00:36:44 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:36:44 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(19240) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 00:36:45 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:36:46 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:36:46 2011] [notice] Digest: done
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:36:46 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:36:47 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:37:50 2011] [notice] mod_fcgid: call /var/www/MYDOMAIN.TLD/web/index.php with wrapper /var/www/php-fcgi-scripts/web11/.php-fcgi-starter
[Tue Nov 08 00:42:43 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:42:43 2011] [notice] mod_fcgid: process /var/www/MYDOMAIN.TLD/web/index.php(11177) exit(shutting down), terminated by calling exit(), return code: 0
[Tue Nov 08 00:42:44 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
Use of uninitialized value in alarm at /usr/local/ispconfig/server/scripts/vlogger line 538.
[Tue Nov 08 00:42:45 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:42:45 2011] [notice] Digest: done
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:42:45 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:42:45 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:51:02 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:51:03 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:51:04 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:51:04 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:51:04 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 08 00:51:04 2011] [notice] Digest: done
[Tue Nov 08 00:51:05 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 08 00:51:05 2011] [warn] RSA server certificate CommonName (CN) `HOSTDOMAIN.TLD' does NOT match server name!?
[Tue Nov 08 00:51:05 2011] [notice] Apache/2.2.21 (Unix) DAV/2 PHP/5.3.8 mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 configured -- resuming normal operations
[Tue Nov 08 00:52:06 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 08 00:52:07 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 08 00:52:10 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
Please note that in Centos5, I patched the libraries from Version 6 openssl.

Quote:
# openssl version -a
OpenSSL 1.0.0d-fips 8 Feb 2011
built on: Mon Nov 7 23:51:57 CET 2011
platform: linux-elf
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORT$
OPENSSLDIR: "/etc/pki/tls"
engines: dynamic



@szucsati: I checked with the repository on several servers and it worked very well including mysql (but about three months back). Or you can just upgrade the packages that you need manually without using apt, but dpkg without upgrading mysql. I had to use dotdeb repository that needs to run some applications developed in YII framework which has a minimum requirement of php-5.3 which is not part of the upstream provider. ;-)

Last edited by zenny; 8th November 2011 at 01:10.
Reply With Quote