httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruiyuan Jiang <Ruiyuan_Ji...@liz.com>
Subject RE: [users@httpd] Apache 2.2.21 SSL on RHEL v5.7
Date Wed, 25 Jan 2012 14:59:03 GMT
Hi, Mr. Jung

It is the problem from /dev/random. Thanks.

Ryan Jiang

-----Original Message-----
From: Rainer Jung [mailto:rainer.jung@kippdata.de] 
Sent: Monday, January 23, 2012 2:43 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache 2.2.21 SSL on RHEL v5.7

On 23.01.2012 20:02, Ruiyuan Jiang wrote:
> Hi,
>
> I have two Apache 2.2.21 reverse proxy servers on Solaris 10 (SPARC) and additional modules
that not in the Apache distribution. They are running fine so far. Now we want to migrate
Apache to Redhat Enterprise server v5.7. I compiled Apache the same way and same option as
on the Solaris through a script that I saved. I copied all the modified necessary configuration
files from Solaris and certificates from Solaris to Redhat and made necessary changes such
as IP addresses. The syntax check is OK. When I start Apache on the Redhat, "apachectl start"
just sits there without giving back the shell prompt. The access log and error log are empty
so I don't know the reason. If I disable httpd-ssl.conf file which will not start https, Apache
starts fine. Does anyone know what could be for ssl problem on Redhat?

Maybe not enough entropy on /den/random or /dev/urandom whatever is used?

> Also I first compiled openssl 1.0.0f on Redhat, I then downloaded openssl 1.0.0g once
it became available and compiled it at the same location. On Solaris if I restart Apache,
the error log will show the new version of Openssl but on Redhat, Apache shows the old version
(1.0.0f) of OpenSSL. Why? Thanks.

Solaris doesn't have OpenSSL 1.0 linbs installed in the default lib 
directories, so mod_ssl will find your custom build one. RedHat comes 
with OpenSSL 1.0 installed, so you have to set LD_LIBRARY_PATH or link 
statically into mod_ssl in order to let mod_ssl find the right OpenSSL lib.

If there is other stuff in your Apache which also has dependencies to 
OpenSSL, like e.g. something doing ldaps, then things will become quite 
tricky :(

Regards,

Rainer



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended 
recipient, please notify the sender immediately by 
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message