View Single Post
Old 17th February 2007, 18:13
martinfst martinfst is offline
Senior Member
Join Date: Dec 2006
Location: Hilversum, The Netherlands
Posts: 880
Thanks: 1
Thanked 18 Times in 17 Posts
Send a message via MSN to martinfst Send a message via Skype™ to martinfst
Exclamation Found !

The problem is due to the fact that cron does not support the $ENV shell variable. Let me explain.

The script /root/ispconfig/scripts/lib/config.lib.php uses the 'openssl.cnf.master' file to create the openssl.cnf file. This file contains on line 1 the statement:
RANDFILE               = $ENV::HOME/.rnd
According to the documentation this should point to the HOME directory of the user. But (I assume on most distributions) cron does not allow environment variables, or at least $HOME for cron is empty. Why this has ever worked before is a mystery for me. I have had it working on my systems previously. Even during testing today, ISPConfig created once a certificate request!

The solution is to replace the master template
with this
        RANDFILE               = /root/ispconfig/isp/.rnd

        [ req ]
        default_bits           = 1024
        default_keyfile        = keyfile.pem
        distinguished_name     = req_distinguished_name
        attributes             = req_attributes
        prompt                 = no
        output_password        = {SSL_PASSWORD}

        [ req_distinguished_name ]
        C                      = {SSL_COUNTRY}
        L                      = {SSL_LOCALITY}
        O                      = {SSL_ORGANIZATION}
        CN                     = {SSL_COMMON_NAME}
        emailAddress           = {SSL_EMAIL}

        [ req_attributes ]
        challengePassword              = A challenge password
I have only changed line 1. Be sure to make this change with a Unix editor (I prefer 'vi'). After this, certificates will be generated smoothly. I hope Till or Falko can add this change in the next release.
Reply With Quote