You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Paul <yd...@yahoo.com> on 2001/02/09 00:54:13 UTC

mod_ssl: Init: Failed to generate temporary 512 bit RSA private key

Hi, all.

I've been trying to add a couple of modules to my Apache, and just
can't seem to get it to do it's thing.  Forgive me if I tell you too
much, but I'm just trying to be thorough.

STEP 1:
=======
perl Makefile.PL USE_APACI=1 USE_DSO=0 EVERYTHING=1      \
  DO_HTTPD=1 SSL_BASE=/usr/local/ssl                     \
  APACHE_SRC=../apache_1.3.12/src                        \
 
APACI_ARGS=--enable-module=ssl,--enable-module=auth_dbm,--enable-modul
e=info,--enable-module=rewrite,--enable-module=usertrack

This runs smoothly.
====================
STEP 2: make
This, too, runs smoothly.
==========================
STEP 3: make test
Here's the problem. It runs fine till t/TEST tries to spawn a server
and hit it.  The server fails at init because it can't generate a
temporary 512 bit RSA private key. I've moved to the apache directory
and run "make certificate" before the "make test", but it doesn't help.


If I'm not mistaken, I had this problem when I was first installing the
server, and ended up skipping the test. It installed and has been
working fine. I'd just rather have a clean test before I try installing
and using the new binary now that it's in production.....

Anybody got a suggestion?

[ROOT] /dart26/mod_perl-1.23: uname -a
HP-UX uap5 B.10.20 C 9000/891 373319211 32-user license
[ROOT] /dart26/mod_perl-1.23: ../apache_1.3.12/src/httpd -V
Server version: Apache/1.3.12 (Unix)
Server built:   Feb  8 2001 16:04:39
Server's Module Magic Number: 19990320:7
Server compiled with....
 -D EAPI
 -D HAVE_SHMGET
 -D USE_SHMGET_SCOREBOARD
 -D USE_FCNTL_SERIALIZED_ACCEPT
 -D HTTPD_ROOT="/usr/local/apache"
 -D SUEXEC_BIN="/usr/local/apache/bin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
 -D DEFAULT_LOCKFILE="logs/httpd.lock"
 -D DEFAULT_XFERLOG="logs/access_log"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
 -D ACCESS_CONFIG_FILE="conf/access.conf"
 -D RESOURCE_CONFIG_FILE="conf/srm.conf"
[ROOT] /dart26/mod_perl-1.23: ../apache_1.3.12/src/httpd -l
Compiled-in modules:
  http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_info.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_access.c
  mod_auth.c
  mod_auth_dbm.c
  mod_usertrack.c
  mod_setenvif.c
  mod_ssl.c
  mod_perl.c
suexec: disabled; invalid wrapper /usr/local/apache/bin/suexec

(Also, anybody got an idea why this suexec message? is it something to
worry about?)

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

Re: mod_ssl: Init: Failed to generate temporary 512 bit RSA private key

Posted by Paul <yd...@yahoo.com>.

--- Ges Seger <se...@aisgadm4.wpafb.af.mil> wrote:
> Paul wrote:
> 
> > Hi, all.
> > 
> > I've been trying to add a couple of modules to my Apache, and just
> > can't seem to get it to do it's thing.  Forgive me if I tell you
> too
> > much, but I'm just trying to be thorough.
> > 
> > STEP 1:
> > =======
> > perl Makefile.PL USE_APACI=1 USE_DSO=0 EVERYTHING=1      \
> >   DO_HTTPD=1 SSL_BASE=/usr/local/ssl                     \
> >   APACHE_SRC=../apache_1.3.12/src                        \
> >  
> >
>
APACI_ARGS=--enable-module=ssl,--enable-module=auth_dbm,--enable-modul
> > e=info,--enable-module=rewrite,--enable-module=usertrack
> > 
> > This runs smoothly.
> > ====================
> > STEP 2: make
> > This, too, runs smoothly.
> > ==========================
> > STEP 3: make test
> > Here's the problem. It runs fine till t/TEST tries to spawn a
> server
> > and hit it.  The server fails at init because it can't generate a
> > temporary 512 bit RSA private key. I've moved to the apache
> directory
> > and run "make certificate" before the "make test", but it doesn't
> help.
> > 
> > 
> > If I'm not mistaken, I had this problem when I was first installing
> the
> > server, and ended up skipping the test. It installed and has been
> > working fine. I'd just rather have a clean test before I try
> installing
> > and using the new binary now that it's in production.....
> > 
> > Anybody got a suggestion?
> 
> Recent versions of mod_ssl compiled for HPUX require an equivalent to
> Linux's /dev/random.  You can get this by downloading and installing
> an Entropy Gathering Daemon (egd), which can be found at:
> 
> http://www.lothar.com/tech/crypto/
> 
> I ran into the same problem last month upgrading my team's website, 
> until trawling through various mailing list archives pointed me to
> egd.  
> If 10.20 is anything like 11.x, this should get you through "make
> test"  with flying colors.
> 
> Apologies for being sort of off-topic here...
> 
> Ges
> Senior Perl Hacker
> Ingenium Corporation

EGD is great -- thanks for the suggestion -- but the "make test" is
still no go. The OpenSSL manpage for RAND_egd (to which egd.pl docs
pointed me) says if the socket is /dev/egd-pool it'll use it
automatically, but it's a no-go so far.

I'm at wit's end. Could it be something in the test httpd.conf? 

As a test I backed up the old httpd and replaced it with the new one,
and it seems to be working fine. All that took less than a minute, and
we're a small enough server that it was a tolerable interruption even
if it hadn't worked, but I'd still like to do the install, just to
update everything. Is that safe? What else does it change?


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

Re: mod_ssl: Init: Failed to generate temporary 512 bit RSA private key

Posted by Ges Seger <se...@aisgadm4.wpafb.af.mil>.

Paul wrote:

> Hi, all.
> 
> I've been trying to add a couple of modules to my Apache, and just
> can't seem to get it to do it's thing.  Forgive me if I tell you too
> much, but I'm just trying to be thorough.
> 
> STEP 1:
> =======
> perl Makefile.PL USE_APACI=1 USE_DSO=0 EVERYTHING=1      \
>   DO_HTTPD=1 SSL_BASE=/usr/local/ssl                     \
>   APACHE_SRC=../apache_1.3.12/src                        \
>  
> APACI_ARGS=--enable-module=ssl,--enable-module=auth_dbm,--enable-modul
> e=info,--enable-module=rewrite,--enable-module=usertrack
> 
> This runs smoothly.
> ====================
> STEP 2: make
> This, too, runs smoothly.
> ==========================
> STEP 3: make test
> Here's the problem. It runs fine till t/TEST tries to spawn a server
> and hit it.  The server fails at init because it can't generate a
> temporary 512 bit RSA private key. I've moved to the apache directory
> and run "make certificate" before the "make test", but it doesn't help.
> 
> 
> If I'm not mistaken, I had this problem when I was first installing the
> server, and ended up skipping the test. It installed and has been
> working fine. I'd just rather have a clean test before I try installing
> and using the new binary now that it's in production.....
> 
> Anybody got a suggestion?

Recent versions of mod_ssl compiled for HPUX require an equivalent to 
Linux's /dev/random.  You can get this by downloading and installing an 
Entropy Gathering Daemon (egd), which can be found at:

http://www.lothar.com/tech/crypto/

I ran into the same problem last month upgrading my team's website, 
until trawling through various mailing list archives pointed me to egd.  
If 10.20 is anything like 11.x, this should get you through "make test" 
with flying colors.

Apologies for being sort of off-topic here...

Ges
Senior Perl Hacker
Ingenium Corporation