The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache openSSL issue

Discussion in 'EasyApache' started by techteen, Nov 10, 2007.

  1. techteen

    techteen Active Member

    Joined:
    Jul 31, 2004
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Can someone explain this to me on how to apply the patch?
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    What patch are you referring? Are you needing to install openssl module? You can do that in Easy Apache.
     
  3. Bruce

    Bruce Well-Known Member

    Joined:
    Oct 4, 2001
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
  4. ShaneV

    ShaneV Registered

    Joined:
    Aug 15, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Same problem here
     
  5. fuzioneer

    fuzioneer Well-Known Member

    Joined:
    Dec 12, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    same here
    WHM 11.11.0 cPanel 11.15.0-R17853
    CENTOS Enterprise 4.5 i686 on standard - WHM X v3.1.0
     
  6. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    I have down graded apache from 2.2 to 1.32 but still problem persists.

    Hello,

    I have the same problem with my set up as follow:

    WHM 11.11.0 cPanel 11.15.0-C17853
    CENTOS Enterprise 4.5 i686 on standard - WHM X v3.1.0

    I guess this problem is occuring to Centos 4.5 version.

    I have to down grade to apache 1.32 again.

    But SSL problem continues.

    I have read the article on Open SSL bug, but even when I changed back to apache 1.32, I still get the same error.

    A domain from my server has geotrust premium certificate.

    I set up /opt/openssl, but it did not work for me.

    Any solution for this?

    Thanks.

    asiams
     
  7. techteen

    techteen Active Member

    Joined:
    Jul 31, 2004
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Can a cPanel staff member respond to this, and please help us cPanel users!
     
  8. asiams

    asiams Well-Known Member

    Joined:
    May 28, 2003
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokkaido, JAPAN
    Problem solved

    hi all,

    After I down graded apache to version 1.32, there were some set up problem on httpd.conf. Somehow, the SSL certificate was written as domain.com where as the SSL was for www.domain.com. Hence, by manually updating the setup on the httpd.conf fixed the problem.

    This made everything go well.

    asiams
     
  9. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just a friendly reminder that these are community forums, not routinely monitored by the support staff. If you wish to acquire support, please contact your cPanel licensing provider or submit a support ticket.
     
  10. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    A little more information regarding this openssl issue.

    It only affects openssl versions earlier than 0.9.7k and 0.9.8g.
    It only affects apache 2.0 and 2.2.
    You will encounter this bug if you have a large amount of vhosts, 650+ seems to be the average number in which the bug begins to occur.

    There have been a couple reports of it occurring in 1.3, but this has turned out to be a different openssl issue each time.

    There a 2 ways to resolve this:

    a. Use apache 1.3 (easiest workaround)
    b. Download openssl 0.9.8g from http://www.openssl.org/ and compile it using '--prefix=/opt/openssl shared'. Once 0.9.8g is built in /opt/openssl, rebuild apache 2.x using easyapache and it will automatically use openssl from /opt/openssl for that and all future builds.
     
  11. arhs

    arhs Well-Known Member

    Joined:
    Jul 4, 2003
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    Can you post an how to compile openssl to run from /opt/openssl


    Thanks.
     
  12. ToddShipway

    ToddShipway Well-Known Member

    Joined:
    Nov 13, 2006
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, TX
    Below are the basic steps to compiling a base setup of openssl into /opt/openssl on your server. Please keep in mind that this will compile openssl with the default options and isn't supported by cPanel support. If you have problems with this process, contact your datacenter or a qualified admin to help with custom installation of openssl.

    Code:
    Run these commands as root
    
    cd /root
    wget http://www.openssl.org/source/openssl-0.9.8g.tar.gz
    tar -xvzf openssl-0.9.8g.tar.gz
    cd openssl-0.9.8g
    ./config --prefix=/opt/openssl shared
    *I recommend reading INSTALL for a full list of config options if needed*
    make
    make test
    *look at the output of the test to be sure no errors have occurred, if the test results in errors, resolve the errors BEFORE moving to the next and final step*
    make install
    
    If 'make install' finishes without error, openssl should be installed in /opt/openssl. You can verify this by running:

    Code:
    /opt/openssl/bin/openssl version
    The correct output should be:

    Code:
    root@server [~]# /opt/openssl/bin/openssl version
    OpenSSL 0.9.8g 19 Oct 2007
    
    If openssl is working properly from /opt, you can now rebuild apache using easyapache/Apache Update. All easyapache builds will build against /opt/openssl automatically which will subsequently resolve this bug.
     
Loading...

Share This Page