Results 1 to 8 of 8
  1. #1
    Join Date
    Jan 2007
    Location
    Tennessee
    Posts
    7

    SSL broken on raq550

    I recently upgraded my raq550 using the following packages from www,elandsys,com/resources/cobalt/index,html:
    1. Apache 1.3.37-2
    2. mySQL 4.0.26
    3. PHP 4.3.11-1
    Somehow in the process I managed to botch my SSL; I'm not even sure it was caused by the packages. When I do a httpd restart, I get the following error: httpdmod_perl: Invalid command 'SSLengine', perhaps misspelled or defined by a module not included in the server configuration.

    SSL is active in the admin panel and I have created a certificate for the site I'm working on, but whenever I try to access a page using https I get a page not found error.

    I'd greatly appreciate it if someone could point me in the right direction.

  2. #2
    Join Date
    Aug 2006
    Posts
    275
    You've created a botch, most likely in your httpd.conf. Grep around in /etc/httpd for the string 'SSLengine', and you'll probably find the source of the error. if you get desperate, try:

    $ find / -mount -type f -exec grep 'SSLengine' /dev/null {} \;

    You won't be able to access your site through https until you fix this, so that isn't a reliable indicator of anything.

  3. #3
    Join Date
    Jan 2007
    Location
    Tennessee
    Posts
    7
    Excuse me for being a noob, but I used vi to look into httpd.conf since I assumed that's what you meant. Here's what I found:

    if (/^<\/Virtual/ && (-f "$vsite->{basedir}/certs/certificate") && (-f "$vsite->{basedir}/certs/key"))
    {
    $PerlConfig .= "Listen $ip:443\n";
    $PerlConfig .= "<VirtualHost $ip:443>\n";
    $PerlConfig .= "SSLengine on\n";
    if (-f "$vsite->{basedir}/certs/ca-certs")
    {
    $PerlConfig .= "SSLCACertificateFile $vsite->{basedir}/certs/ca-certs\n";
    }
    $PerlConfig .= "SSLCertificateFile $vsite->{basedir}/certs/certificate\n";
    $PerlConfig .= "SSLCertificateKeyFile $vsite->{basedir}/certs/key\n";
    $PerlConfig .= join('', @ssl_conf);
    }
    }
    close HTTPD_CONF;
    }
    $cce->bye('SUCCESS');

    It means nothing to me

  4. #4
    Join Date
    Jan 2007
    Location
    Tennessee
    Posts
    7
    I found an old copy of my httpd.conf and went line by line to see if I could find any changes and I did notice one significant difference. In the old httpd.conf the following line was not commented out by was in the new:
    LoadModule ssl_module modules/libssl.so
    I activated this line but got the following error on httpd restart:
    httpdSyntax error on line 103 of /etc/httpd/conf/httpd.conf: module ssl_module is built-in and can't be loaded
    httpd failed to start so I was forced to comment the command out. Any suggestions?

    TIA,
    Greggory

  5. #5
    Join Date
    Jan 2007
    Location
    Tennessee
    Posts
    7
    After four days of pulling out my hair I finally fixed the SSL problem. Since I've seen so many other people throughout the net with the same problem, I'm going to post the fix as soon as I can gather up the information. Thanks to gnetwerker for trying to help!

  6. #6
    Join Date
    Jan 2007
    Location
    Tennessee
    Posts
    7

    *

    All praises must go to Eland Systems on this fix because they gave me free support after providing the packages for free as well. Five minutes after I received this email my SSL was working again.

    mod_ssl is built into the httpd binary we provide as the OpenSSL
    version running on the RaQ550 has some security vulnerabilities. You
    should comment out the LoadModule ssl_modules/libssl.so line. from
    your httpd.conf

    Please also comment out the ClearModuleList line from the
    httpd.conf. That should allow the built-in SSL module to work.

    You also have to comment out these two lines from the configuration
    file for the Cobalt GUI (admserv).

    The above should solve the problem. There is no cost involved unless
    we are required to log into your RaQ550 to fix the problem.

    Regards,
    S. Moonesamy

    Eland Systems
    http://www.elandsys.com
    408-627-4149

  7. #7
    Join Date
    Nov 2003
    Location
    Northville, Michigan
    Posts
    325
    I recently upgraded my raq550 using the following packages from www,elandsys,com/resources/cobalt/index,html:
    sounds like they didn't build apache right... I know they didn't want to use the system openssl because it has security holes, so they must of just compiled a seprate version into apache and not as a module for some strange reason? I don't know why they didnt' just make the module though...

    The way the 550 used openssl for to many things causes a lot of problems when you try to build things for it...

  8. #8
    I am still having this problem.

    I recently reinstalled my RAQ550
    and therefore installed the latest apache pack.

    I am therefore now missing my SSL

    any ideas??

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •