The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Does OpenSSL need to be updated?

Discussion in 'General Discussion' started by TogaDave, Jul 22, 2004.

  1. TogaDave

    TogaDave Well-Known Member

    Joined:
    Apr 13, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    In my WHM there are "lock" icons next to everything except OpenSSL in my Apache Security/Version Table.

    It says my installed version of OpenSSL is 0.9.6b

    Do I need to update this, and if so, how?

    Thanks very much!
    Dave
     
  2. TogaDave

    TogaDave Well-Known Member

    Joined:
    Apr 13, 2003
    Messages:
    135
    Likes Received:
    0
    Trophy Points:
    16
    Thanks again for the fast reply!

    Unfortunately, I'm scared to update Apache through WHM. Every time I have ever used the "Update Apache" link withint WHM instead of using /scripts/easyapache from SSH, it has wreaked havoc on my server and I end up with downtime.

    Can this be done another way, or do I have to use the Update Apache link from within WHM?

    Thanks very much!
     
  3. Sinewy

    Sinewy Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney, Australia
    cPanel Access Level:
    DataCenter Provider
    I don't think easyapache/buildapache updates OpenSSL. to manually do it:

    wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz
    tar zxf openssl-0.9.7d.tar.gz
    cd openssl-0.9.7d
    ./configure --prefix=/usr
    make
    make test
    make install
    ./configure
    make
    make test
    make install

    reason im saying to do it twice is because some things look in /usr/ssl and some look in /usr/local/ssl
     
  4. Sinewy

    Sinewy Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney, Australia
    cPanel Access Level:
    DataCenter Provider
    Easyapache doesn't do it. sysup does or rpmup. i cant remember which one does it.
     
  5. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar

    After i do your howto my https did not work anymore. When i check in on shell give me : OpenSSL 0.9.6m [engine] 17 Mar 2004

    But when i check on WHM i have openssl-0.9.7d and my rkhunter show me :
    - OpenSSL 0.9.6m [ OK ]
    - OpenSSL 0.9.7d [ OK ]

    How to get https work ? Or maybe how to uninstall openssl-0.9.7d and work with OpenSSL 0.9.6m again ?
     
  6. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Have you tried it from RPM Package Installer in WHM?

    Anup
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That is why you shouldn't update things as important from source if you're already using an rpm based update system under an OS such as RHE - and don't let anyone tell you otherwise.

    I would suggest that you download the latest rpm for your distro and rpm install it using --force to get it back to how it should be.

    Knowng which OS and version you are running would help in helping you fix it.
     
  8. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    OK, now https works but i have another problem.

    When i go to https my windows shows up about SSL information so i click "yes" to see my website under https and my browser only show "The page cannot be displayed"

    I check on my httpd.conf and here is the info :

    <IfDefine SSL>
    ##
    ## SSL Virtual Host Context
    ##
    NameVirtualHost xx.xx.xx.xx:443

    <VirtualHost xx.xx.xx.xx:443>
    ServerAdmin webmaster@mydomain.com
    DocumentRoot /home/mydomain/public_html
    BytesLog domlogs/mydomain.com-bytes_log
    ServerName www.mydomain.com
    CustomLog /usr/local/apache/domlogs/mydomain.com-ssl_log "%t %{version}c %{cipher}c %{clientcert}c"
    User mydomain
    Group mydomain
    SSLEngine on
    SSLEnable
    SSLCertificateFile /usr/local/apache/conf/ssl.key/mydomain.com.crt
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mydomain.com.key
    SSLLogFile /var/log/mydomain.com
    ServerAlias mydomain.com www.mydomain.com
    ScriptAlias /cgi-bin/ /home/mydomain/public_html/cgi-bin/
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>

    If i go to http://www.mydomain.com my website show normal but if i use https i can't see my website. I think this is not about SSL problem because when Security Alert appear and i click View Certificate all information about certificate is right.

    Please any advise to fix this ?
     
  9. DigiCrime

    DigiCrime Well-Known Member

    Joined:
    Nov 27, 2002
    Messages:
    399
    Likes Received:
    0
    Trophy Points:
    16
    Unless your using Redhat 9 or higher, I wouldnt suggest updating it unless you need to. It breaks some other SSL stuff Like CurlSSL I know I tried several times and havent found a way around it on 7.3 and lower.

    When you do it manually, you need to rebuild apache afterwards just leave openssl out

    My config

    wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz;tar zxf openssl*;/cd openssl*;./config --prefix=/usr --openssldir=/usr/include/openssl

    make test to see if it errors out any and then fish the rest of the make install, recompile apache afterwards and youll have it updated in WHM as well

    isputra,

    If you have a window poping up to ask yes/no verify cert then its not correct unless its a shared cert.
     
  10. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar

    I use RH 9 and WHM 9.7.2 cPanel 9.7.7-R15.

    I already install easyapache again without OpenSSL and SSL Support.
    Now what should i do ?

    Can i do like yours above :

    wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz;tar zxf openssl*;/cd openssl*;./config --prefix=/usr --openssldir=/usr/include/openssl

    make test
    make install

    /scripts easyapache (if i do easyapache should i leave SSL Support and OpenSSL again or i must install it too on easyapache option ?)
     
  11. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    My problem solved :D

    Thank you all for your help
     
Loading...

Share This Page