You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2013/07/22 20:38:49 UTC

[jira] [Commented] (TS-1993) ATS looking for chain certificate in the wrong place

    [ https://issues.apache.org/jira/browse/TS-1993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13715510#comment-13715510 ] 

James Peach commented on TS-1993:
---------------------------------

Yup, this is a bug in the way we load the certificate chain file. Fixing.
                
> ATS looking for chain certificate in the wrong place
> ----------------------------------------------------
>
>                 Key: TS-1993
>                 URL: https://issues.apache.org/jira/browse/TS-1993
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Configuration, SSL
>            Reporter: David Carlin
>            Assignee: James Peach
>             Fix For: 3.3.5
>
>
> ATS 3.3.4 is looking for the chain certificate in the wrong location.  Here is my config:
> proxy.config.ssl.server.cert.path = conf/other/ssl
> proxy.config.ssl.server.cert_chain.filename = CA.pem
> ssl_multicert.config = dest_ip=* ssl_cert_name=website.pem
> When I start ATS I see the following message indicating the root directory:
> [TrafficServer] using root directory '/root/path'
> and the following error in /var/log/messages:
> Jul  1 19:32:15 l6 traffic_server[2167]: {0x2b7a4b3e9f60} ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:126:fopen('/root/path/conf/trafficserver/conf/other/ssl/CA.pem','r')
> It should be looking in /root/path/conf/other/ssl/CA.pem - this same config worked in ATS 3.2.0
> Instead its injecting "conf/trafficserver" in the middle of the path which happens to be the value of proxy.config.config_dir
> It appears to be loading the website certificate from the right location - /root/path/conf/other/ssl/website.pem - I know this because if I delete the file and restart ATS, I can see the ATS error where its trying to load it from the correct path:
> Jul  2 14:44:33 l6 traffic_server[53961]: {0x2ae47437a540} ERROR: SSL::0:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/root/path/conf/other/ssl/website.pem','r')

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira