Apache :: Updating From 2.4.6 To 2.4.9 Breaks OpenSSL
Jun 25, 2014
Last week I have updated the apache from 2.4.6 to 2.4.9 version in Win 2008, 64-bit server. There was no openSSL and update was successful. Later I did the update in QA with openSSL and again the updte was successfully completed. Apache services was running fine and everything looked nice.
When I did the same update in the prd where openSSL is also there, it failed to start the service.
steps to update the apache from 2.4.6 to 2.4.9
----------------------------------------------
1> stop the apache services
2> Take the backup by copying original Apache installation directory and rename it . (eg I:Program Files (x86)Apache Software FoundationApache2.2 to Apache2.2_old)
3> Unzip the latest binaries to the temp directory
4> Copy the following files apachebin , apachemodules to the Apache Inst Directory ( I:Program Files (x86)Apache Software FoundationApache2.2)
5> start the apache service
----------------------------------------------------
QA and PRD both has enabled openSSL but it was prd where we got the issue , and the apache services couldnt be started. We have had to revert the change. Find the error log in the apache directory
--------------------------
[Tue Jun 24 21:12:12.665632 2014] [ssl:emerg] [pid 3336:tid 320] AH02561: Failed to configure certificate
RGWEB58V.brotherdc.eu:443:0, check G:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/server.crt
[Tue Jun 24 21:12:12.665632 2014] [ssl:emerg] [pid 3336:tid 320] SSL Library Error: error:0906D06C:PEM
routines:PEM_read_bio:no start line (Expecting: CERTIFICATE) -- Bad file contents or format - or even just a
forgotten SSLCertificateKeyFile? [Tue Jun 24 21:12:12.665632 2014] [ssl:emerg] [pid 3336:tid 320] SSL Library Error: error:140AD009:SSL
routines:SSL_CTX_use_certificate_file:PEM lib
---------------------------------------
I read somewhere that there is bug in 2.4.9 as this version breaks the openSSL.
Also read on this forum that someone resolved the issu by changing the server certificate from DER to PEM.
View 7 Replies
ADVERTISEMENT
Feb 9, 2014
Running Apache 2.2.22 on Ubuntu 12.04...Here's (in addition to default) my papertower config in sites-available: URL....
When I restart, I get this message: [URL] ....
I'm coming from Apache on Windows and trying to set up the same workflow I had there. Basically, if I placed a folder in /www/papertower/ it would become accessible via directoryname.papertower.dev after adding the host.
I'm having a strange issue getting it going again. Oddly, when I didn't have the wordpress config set up properly and went to site.papertower.dev, it would give me the "failed to connect to database" message. This made me happy, as it meant it was pointing at the right folder. Once I fixed the database config file, however, and go to site.papertower.dev, it thinks for a moment, then goes to www.site.papertower.dev and gives me a "Oops! Google Chrome could not find www.site.papertower.dev".
I double-checked that all the appropriate mods were enabled (especially rewrite), but that hasn't made a difference.
View 4 Replies
View Related
Feb 11, 2015
Do you have plans for building Apache 2.4 with OpenSSL 1.0.2? One good reason for upgrading Apache to OpenSSL to 1.0.2 would be the ability to disable TLS session tickets, eq. when using PFS:
Code : SSLOpenSSLConfCmd Options -SessionTicket
Here are a few references:
[URL] ....
[URL] ....
I tried to experiment with replacing OpenSSL dlls and exe in apache�in directory but that did not work, because it looks like SSLOpenSSLConfCmd configuration directive is only available when Apache is compiled against OpenSSL 1.0.2.
View 3 Replies
View Related
Jul 1, 2014
Currently I am using Apache 2.4.9 OpenSSL 1.0.1g (VC10), want to migrate openSSL 1.0.1h to resolve the vulnerability issue.is there way to migrate openssl alone in my existing apache build ?
View 9 Replies
View Related
Apr 5, 2013
we need to upgrade the openssl modules, we have apache 2.2 installed and openssl version is 1.0.0,apache and openssl are in solaris9 SPARC.
View 4 Replies
View Related
Feb 24, 2015
c:Apache24bin>openssl.exe
WARNING: can't open config file: c:/openssl-1.0.1e-X64/ssl/openssl.cnf
OpenSSL>
View 1 Replies
View Related
Feb 20, 2015
I'm getting the below error message when trying to perform "configtest" after upgrading apache to 2.4.12 version with success.
/home/apache/bin/httpd: symbol lookup error: /home/apache/bin/httpd: undefined symbol: SSL_CONF_CTX_new
Note: I received the error after recently upgrading my openssl to 1.0.2.
Just wonder how to get rid of the error message.
Running on Ubuntu Server 12.04.05 LTS 32bit.
View 6 Replies
View Related
Aug 5, 2008
i would like to update my CentOS Linux 5 but i don't want to update mysql and apache i need to use mysql 4. When i entered yum update i can see Total download size: 245 M i can see mysql i386 5.0.45-7.el5 base 4.1 M
how can update my server without updating mysql and apache
View 5 Replies
View Related
Jun 11, 2015
In my apache conf file I redirect http to https requests like this:
Code:
# Redirect all requests to https
<VirtualHost *:80>
ServerName www.mypage.de
Redirect permanent / https://www.mypage.de/
</VirtualHost>
This worked just fine until yesterday, when I have updated to Apache 2.4 and disabled SSL 3 by doing this:
Code:
# Disable SSL 3 due to the POODLE vulnerability
SSLProtocol all -SSLv2 -SSLv3
Now, if I call any http URL, the server does not respond. If I explicitly call a https URL it works.
View 3 Replies
View Related
Aug 13, 2007
I had the sysadmin install SuPHP - so that my upload script would work properly, however now my mod_rewrite is broken.
You can view the problem here: [url]
It is supposed to show the item with id 29, as you can see. However it shows the gallery index (As if /gallery/ was typed in without the view-29)
The .htaccess file:
Code:
#.htaccess
RewriteEngine On
#This will force trailing slashes
RewriteCond %{SCRIPT_FILENAME} -f [OR]
RewriteCond %{SCRIPT_FILENAME} -d
RewriteRule .* - [L]
#RewriteCond %{REQUEST_URI} !^*(css|png|jpe?g|gif)
RewriteRule ^(.+)/(.+)/?$ $1.php?args=$2 [QSA,L]
RewriteRule ^(.+)$ $1.php [QSA,L,NC]
My very framework relies on the .htaccess working this way... I can turn it off, however I would really rather not - so if you have any idea how I can fix this, please do tell.
And on a related note, is it possible to run PHP under a user and not use cgi_php?
View 14 Replies
View Related
Jan 12, 2015
I am running phpbb 3.0.12 installed from Plesk. In Plesk it is showing me that there is an upgrade available to version 3.1.2-15 however when I Re-Check the version in phpbb it says that I already have the latest version 3.0.12. That's a little weird.
The problem is when I upgrade to 3.1.2-15 in Plesk, it will mess with the whole installation. The forum page will redirect in circles to /install/index.php which doesn't even exist and I can't do anything except revert to before the upgrade.
So my questions are: Why does Plesk show a version 3.1.2-15 but phpbb says the latest one is 3.0.12? How does the upgrade process from Plesk work? I expect it to automatically do everything, or why else would I want to let Plesk upgrade?
View 3 Replies
View Related
Jul 2, 2008
RHEL4 Box
No Control Panel
Current Version of OpenSSL = OpenSSL 0.9.7a Feb 19 2003
which is the most current version available via 'up2date'.
Need to update to 0.9.8.
I have download the source for 0.9.8h and have:
#./config --prefix=/usr/local --openssldir=/usr/local/openssl
#make
#make test
#make install
All commands ran without errors.
When I run:
# openssl version
OpenSSL 0.9.7a Feb 19 2003
# whereis openssl
openssl: /usr/bin/openssl /usr/local/bin/openssl /usr/include/openssl /usr/local/openssl /usr/share/man/man1/openssl.1ssl.gz
# rpm -qa | grep openssl
openssl-devel-0.9.7a-43.17.el4_6.1
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
openssl096b-0.9.6b-22.46
How can I get the version updated?
View 7 Replies
View Related
Mar 21, 2008
what is the best way to upgrade Openssl
to the latest version
openssl-0.9.8g
in my cpanel server
openssl version
OpenSSL 0.9.7a Feb 19 2003
View 9 Replies
View Related
Apr 21, 2009
SameerHosting has been the biggest mistake I have ever made as far as purchasing a service online is concerned. This fake company and more importantly their Owner/Employee/[Insert Job Title Here] Jordan has been the most nasty, hard to work with, and distasteful person I have ever dealt with in my life. I recommend anyone to stay as far away from this company and child as possible. Below are parts of an initial post of mine at DP Forums. There are so many posts, threads, reviews and this kid and his fake company out there that you shouldn't have any trouble finding out everything that has occurred in the past 1-2 months. Thanks for your time:
I had purchased a dedicated server with this guy not realizing he was a 14 year old kid with a bad temper and poor spelling. I paid for the server and he managed to get into an argument with my tech about something (its in that thread). He then got mad at me and took out his anger on me even though I had no idea anything had happened until after the fact. He involved me in something I had no part in.
I have discussed this guy so many times that I am tired of talking about it but will give you a summary of what recently happened. Jordan pmed me through this forum through one of his other (now banned) accounts. This kid knows he will be banned from most forums and makes a handful of accounts to fall back on. He offered to give me a refund if I tell my tech to stop posting about him. Of course I did what he had asked me to do.
I have been honest and given him far to many chances to make right. Well, he ended up telling me I am no longer getting a refund from him because my tech keeps messing with his servers (which I doubt is actually happening). I am being punished again for something that does not have anything to do with my actions. He has now block me from yahoo messenger,msn messenger, his live chat.
Since I posted this on DP I have been in contact with his legal guardians and they have been no help.
Jordan has messaged my Personal Billing details to many of his customers and others along with edited defamatory pictures of someone that is supposed to be myself. That is totally illegal and childish. He did this because I spoke against his scam company and illegal wrongdoings.
If anyone has had bad dealings with this company please post everything that has happened in this thread and also PM me and I can give you the e-mail of the people who take care of him and you can tell them what he has done. He needs to be stopped.
Again, it is very important to post in this thread with information about what he has done to you, the more info the better as these people will possibly listen to me and others.
View 14 Replies
View Related
Feb 22, 2008
I might still be a bit too close to the newbie level to be trying this
but I wanted upgrade various components of my cpanel install for security issues.
So I got openssl to update to 0.9.8g and that seemed to be working correctly.
Quote:
openssl version
OpenSSL 0.9.8g 19 Oct 2007
So now I am trying to build PHP 4.4.8 like this:
Quote:
./configure --with-litespeed --with-config-file-path=../php --with-mysql=/usr --with-zlib --with-zlib-dir=.. --with-gd --with-jpeg-dir=.. --with-png-dir=.. --enable-shmop --enable-track-vars --enable-sockets --enable-sysvsem --enable-sysvshm --enable-magic-quotes --with-openssl
And it fails because of the openssl:
Quote:
Make
...
In function `zif_openssl_seal':
/php-4.4.8/ext/openssl/openssl.c:2885: undefined reference to `EVP_CIPHER_CTX_block_size'
collect2: ld returned 1 exit status
(I tried --with-openssl=/usr with no change)
View 4 Replies
View Related
Apr 14, 2009
so I got OpenSSL 0.9.8k up and installed, no issued:
Quote:
# openssl
OpenSSL> version
OpenSSL 0.9.8k 25 Mar 2009
OpenSSL>
Rebuilt cURL (and then php), httpd and proftpd but all of them are still linking to the older libraries for some reason
Quote:
# curl -V
curl 7.19.4 (x86_64-unknown-linux-gnu) libcurl/7.19.4 OpenSSL/0.9.8g zlib/1.2.3
Protocols: tftp ftp telnet dict ldap http https ftps
Features: IPv6 Largefile NTLM SSL libz
Quote:
[Tue Apr 14 00:11:03 2009] [notice] Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8g DAV/2 PHP/5.2.9 Apache configured -- resuming normal operations
Quote:
Starting proftpd: - mod_tls/2.2.1: compiled using OpenSSL version 'OpenSSL 0.9.8i 15 Sep 2008' headers, but linked to OpenSSL version 'OpenSSL 0.9.8g 19 Oct 2007' library
proftpd has its own set of issues obviously built with i headers and linked to g headers. Any ideas wtf I did? I recomplined and restarted everything. I removed the g and i libraries completely. OpenSSH seems happy and nothing is actually "wrong", the server is working fine but I'm really anal retentive this way...it's kinda how I feel "safer" at the OS level.
View 3 Replies
View Related
Jun 13, 2007
I'm trying to connect to the server via SFTP but when I check the box to do that in Total Commanders settings box it says I need the OpenSSL dll's. I downloaded the must current file from [url] but I can't find any dll files in it and I'm unsure how to proceed.
View 1 Replies
View Related
Jun 20, 2009
We're having problems with the Roundcube webmail spell check, and upon checking the log we get the error 'Unable to find the socket transport SSL'. From what I can find out this is normally due to Open SSL not being enabled, but it is, you can check our php config here.
View 3 Replies
View Related
Apr 14, 2015
Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.
The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.
The bad news: visitors land on the default web site of the service node, with the default SSL certificate.
Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]
After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.
However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.
If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.
Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.
View 6 Replies
View Related
Jan 29, 2015
On a clean install of CentOS 6.6 (Final) I did the following:
1. updated the /etc/hosts file to point my ip to the hostname
2. Open the ports in the iptables file.
3. ran the ppa_installer per the instructions on [URL] ....
The ppa_installer log says installed Successfully. However the following occurs:
1. Cannot browse to the url:8443, or any of the other variations (8080, 8880, https/http)
2. Yum installer is now broken (I replicated this twice). Yum will not run at all with the following error:
There was a problem importing one of the Python modules required to run yum. The error leading to this problem was: /usr/lib64/libcurl.so.4: file too short
Please install a package which provides this module, or verify that the module is installed correctly.It's possible that the above module doesn't match the
current version of Python, which is:
2.6.6 (r266:84292, Jan 22 2014, 09:42:36)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-4)]
I am now going to try Cent OS 6.4.. will report back.
View 8 Replies
View Related
Jun 12, 2008
I recently had Fantastico update issues, my fantistico was giving me errors such as "This feature is currently not availabel, please contact your host." lol
I tried lodging a CRON job to do the update ...but waited 72 hours and nothing ! lol
Later i found our that the Fantastico licensing server was down for a while lol
Any one had this issue lately ... ?
View 6 Replies
View Related
Feb 10, 2009
i just installed rpmforge repo and updated the my vps everything went fine now every thing is fine exept ftp i have tried both pure-ftp and pro-ftp both are not workingh the port 21 is used by xinetd i am not able to find out what to due the ftp installs successfully but after installations is done it give Failed on restarting stopping or starting
WHat can i do to remove this i used the status command to
/etc/init.d/pureftpd status
Pureftpd is dead
this is what i got
Pro-ftpd gives error unable to bind ip at port 21
View 6 Replies
View Related
Jul 26, 2008
I'm trying to figure out which security measures to apply to my new server. I last tweaked security on a web server four years ago, and it seems like these days cPanel does automatically much that I did manually before. CSF seems to help with a lot of the rest.
I know chrooted BIND was all the rage, for example, four years ago, but now I can hardly find mention of it. Is it still worth it?
also, thoughts on changing the SSH port? Is that really worth it? I presume that means users would manually have to specify the SSH port every time they wished to connect...
View 0 Replies
View Related
Feb 2, 2007
I have just got the new server adn I tried to check bandwidth usage via 'Bandmin' but it seems like not updating because its all 0,
Last updated Fri Feb 2 21:00:04 2007
Ip Possible Domain(s) Transfer in gig Transfer in meg Transfer in kbit/s Transfer in kb/s Transfer in mbit/s
Total in 0.000000 0 0.000000 0.000000 0.000000
View 2 Replies
View Related
May 25, 2007
What exactly is a kernel and when will we need to ask the server management to update it? Read quite a few posts here indicating that kernel's were vulnerable to security issues. Still trying to learn all the to do's for hosting websites on a dedicated server.
View 5 Replies
View Related
Jul 11, 2007
root@server [/scripts]# ./runweblogs username
Log checker loaded ok..
==> WARNING: The configured processor count does not match the
==> actual processor count (4)! Running log analysis programs
==> on this system may cause excessive load! You should set "extracpus"
==> to "0" in /var/cpanel/cpanel.config if this is not ok.
==> cPanel Log Daemon version 22.2
==> Shared RRDTOOL support enabled
==> Starting cpbandwd (bandwidth monitoring for IMAP/POP)
cpbandwd is already running.
Processing eldred...
Run Logs domain: domain.com BW Limit: 262144000000 Domains: [save.domain.com save.info store.domain.com]
Stats are not updating for this account. I ran this twice, keeps getting stuck at this line forever..
Run Logs domain: domain.com BW Limit: 262144000000 Domains: [save.domain.com save.info store.domain.com]
View 11 Replies
View Related
Jan 11, 2009
My Awstats is updating every other day and I would like it to up date daily.
I am in my third month of hosting and in about first 2 months, Awstats would update every day.
I have searched and read where it is possible to get Awstats to update manualy but it seems that my scenario isn't the same as everyone else's.
I am accessing my Awstats through CPanel and there is no way that I see to modify when Awstats updates.
View 7 Replies
View Related
