You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2013/07/22 20:38:49 UTC
[jira] [Commented] (TS-1993) ATS looking for chain certificate in
the wrong place
[ https://issues.apache.org/jira/browse/TS-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13715510#comment-13715510 ]
James Peach commented on TS-1993:
---------------------------------
Yup, this is a bug in the way we load the certificate chain file. Fixing.
> ATS looking for chain certificate in the wrong place
> ----------------------------------------------------
>
> Key: TS-1993
> URL: https://issues.apache.org/jira/browse/TS-1993
> Project: Traffic Server
> Issue Type: Bug
> Components: Configuration, SSL
> Reporter: David Carlin
> Assignee: James Peach
> Fix For: 3.3.5
>
>
> ATS 3.3.4 is looking for the chain certificate in the wrong location. Here is my config:
> proxy.config.ssl.server.cert.path = conf/other/ssl
> proxy.config.ssl.server.cert_chain.filename = CA.pem
> ssl_multicert.config = dest_ip=* ssl_cert_name=website.pem
> When I start ATS I see the following message indicating the root directory:
> [TrafficServer] using root directory '/root/path'
> and the following error in /var/log/messages:
> Jul 1 19:32:15 l6 traffic_server[2167]: {0x2b7a4b3e9f60} ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('/root/path/conf/trafficserver/conf/other/ssl/CA.pem','r')
> It should be looking in /root/path/conf/other/ssl/CA.pem - this same config worked in ATS 3.2.0
> Instead its injecting "conf/trafficserver" in the middle of the path which happens to be the value of proxy.config.config_dir
> It appears to be loading the website certificate from the right location - /root/path/conf/other/ssl/website.pem - I know this because if I delete the file and restart ATS, I can see the ATS error where its trying to load it from the correct path:
> Jul 2 14:44:33 l6 traffic_server[53961]: {0x2ae47437a540} ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/root/path/conf/other/ssl/website.pem','r')
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira