Bug 80133 - apacheconf SSL hard to debug requires manual editing of config file
apacheconf SSL hard to debug requires manual editing of config file
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: redhat-config-httpd (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-12-20 07:34 EST by Edward J. Huff
Modified: 2015-03-04 20:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-07-30 11:56:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Edward J. Huff 2002-12-20 07:34:27 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
Ok, I see I should upgrade to 8.0 and use redhat-config-httpd.
Maybe all this is fixed there...  If not,

* apacheconf doesn't have a way to start over from scratch.
  (other than erasing and reinstalling the rpm).

* It doesn't have a way to switch between various configurations.

* Documents (except the man page) don't mention the alchemist files
  or explain _where_ the configuration data is remembered or even
  state clearly that the config file is _not_ parsed.

* loglevel changes didn't appear in the config file.

I tried to set up a webserver serving SSL with a locally generated
certificate.  It took a _LONG_ time (8 hours), because I ran into
two unilluminating error messages.

First, I got failure to start apache, and the log said
Hint: SSLCertificateFile.  There was such an entry, in
the <VirtualHost _default_:443> section (right after
  ##
  ## SSL Virtual Host Context
  ##
), but I needed one farther down, after the
  # Virtual hosts
  <IfDefine HAVE_SSL>
section.  I also needed a SSLCertificateKeyFile entry.
This was not easy to figure out.  I did it by googling for
the error message, and by reading the source code.

After I got that fixed (by editing the config file), apache
would start up, but immediately exited with

[crit] (98)Address already in use: make_sock: could not bind to port 443

This was caused by the presence of two "Listen 443" statements
in the file.  The one after the comment "Apache will only listen on port 80 by
default" needed to be removed.  This was also not easy to figure out.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. clear apacheconf by erasing and reinstalling it (how else?)
2. rpm -e apacheconf; rpm -ivh apacheconf-0.8.2-2.noarch.rpm 
3. run apacheconf (Is there a way to make it record everthing
   that was done?).  It comes up with default settings.
4. Select virtual server, SSL, enable SSL, OK, Ok (alert
server name cannot be blank), enter server name, Ok, Ok to exit,
Ok to overwrite config.
5. start httpd. (it fails)
6. edit config file to insert second set of SSLCertificate... entries.
7. it comes up and runs.  But if I do what the customization guide
says, I get two Listen 443 statements and it fails.
8. stop httpd, run apacheconf, select "all available addresses on port 80",
click "edit", change 80 to 443, click Ok, Ok, Ok save and exit, Ok overwrite,
edit the conf file again to add the missing SSLCertificate entries.
9. start httpd, get status:  "httpd dead but subsys locked"
examine log: [crit] (98)Address already in use: make_sock: could not bind to
port 443


Actual Results:  Only one "SSLCertificateFile" and "...KeyFile" entry.

Two "Listen 443" entries. (well, with the above instructions,
I got only one, because I didn't change the default from 80
to 443 -- but the RedHat customization guide said I should
add a port 443.)


Expected Results:  Two "SSLCertificateFile" and "...KeyFile" entries.  Is the
first one
needed?

Only one "Listen 443" entry.


Additional info:

*** httpd.conf	Fri Dec 20 07:27:53 2002
--- httpd.conf~	Fri Dec 20 07:24:59 2002
***************
*** 732,739 ****
  	
   	ServerSignature email
   	SSLEngine on
- SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
- SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Comment 1 Phil Knirsch 2003-11-27 06:25:47 EST
Reassinging to r-c-h and myself.

Read ya, Phil
Comment 2 Phil Knirsch 2004-07-30 11:56:28 EDT
Most of the SSL stuff should be fixed in the lastest rawhide version.

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.