Re: [users@httpd] Apache 2.2.21 SSL on RHEL v5.7

Mon, 23 Jan 2012 11:43:27 -0800 

On 23.01.2012 20:02, Ruiyuan Jiang wrote:

Hi,

I have two Apache 2.2.21 reverse proxy servers on Solaris 10 (SPARC) and additional 
modules that not in the Apache distribution. They are running fine so far. Now we want to 
migrate Apache to Redhat Enterprise server v5.7. I compiled Apache the same way and same 
option as on the Solaris through a script that I saved. I copied all the modified 
necessary configuration files from Solaris and certificates from Solaris to Redhat and 
made necessary changes such as IP addresses. The syntax check is OK. When I start Apache 
on the Redhat, "apachectl start" just sits there without giving back the shell 
prompt. The access log and error log are empty so I don't know the reason. If I disable 
httpd-ssl.conf file which will not start https, Apache starts fine. Does anyone know what 
could be for ssl problem on Redhat?


Maybe not enough entropy on /den/random or /dev/urandom whatever is used?


Also I first compiled openssl 1.0.0f on Redhat, I then downloaded openssl 
1.0.0g once it became available and compiled it at the same location. On 
Solaris if I restart Apache, the error log will show the new version of Openssl 
but on Redhat, Apache shows the old version (1.0.0f) of OpenSSL. Why? Thanks.
Solaris doesn't have OpenSSL 1.0 linbs installed in the default lib directories, so mod_ssl will find your custom build one. RedHat comes with OpenSSL 1.0 installed, so you have to set LD_LIBRARY_PATH or link statically into mod_ssl in order to let mod_ssl find the right OpenSSL lib.
If there is other stuff in your Apache which also has dependencies to OpenSSL, like e.g. something doing ldaps, then things will become quite tricky :( 

Regards,

Rainer



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to