David Carlin created TS-1993:
--------------------------------
Summary: ATS looking for chain certificate in the wrong place
Key: TS-1993
URL: https://issues.apache.org/jira/browse/TS-1993
Project: Traffic Server
Issue Type: Bug
Components: Configuration, SSL
Reporter: David Carlin
ATS 3.3.4 is looking for the chain certificate in the wrong location. Here is
my config:
proxy.config.ssl.server.cert.path = conf/other/ssl
proxy.config.ssl.server.cert_chain.filename = CA.pem
ssl_multicert.config = dest_ip=* ssl_cert_name=website.pem
When I start ATS I see the following message indicating the root directory:
[TrafficServer] using root directory '/root/path'
and the following error in /var/log/messages:
Jul 1 19:32:15 l6 traffic_server[2167]: {0x2b7a4b3e9f60} ERROR:
SSL::0:error:02001002:system library:fopen:No such file or
directory:bss_file.c:126:fopen('/root/path/conf/trafficserver/conf/other/ssl/CA.pem','r')
It should be looking in /root/path/conf/other/ssl/CA.pem - this same config
worked in ATS 3.2.0
Instead its injecting "conf/trafficserver" in the middle of the path which
happens to be the value of proxy.config.config_dir
It appears to be loading the website certificate from the right location -
/root/path/conf/other/ssl/website.pem - I know this because if I delete the
file and restart ATS, I can see the ATS error where its trying to load it from
the correct path:
Jul 2 14:44:33 l6 traffic_server[53961]: {0x2ae47437a540} ERROR:
SSL::0:error:02001002:system library:fopen:No such file or
directory:bss_file.c:355:fopen('/root/path/conf/other/ssl/website.pem','r')
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
