You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by martin olivera <mo...@ucsd.edu> on 2011/01/19 01:01:47 UTC
problem w/ apache 2.2.3 under redhat 5.6 (kernel 2.6.18)
Good day --
We have three Redhat 5.6 servers running Apache 2.2.3. After our last week
software update (directly from Redhat), the three Apache servers became
unaccessible from any browser.
A simple "service httpd restart" gives no errors, and we can see the daemon
running. Put the list of processes just shows [httpd] <defunct>. It appears
to be an SSL/NSS problem. A status check yields: "httpd (pid ...) is running
...". But the services manages indicates: "httpd dead but subsys locked".
The messages log shows:
SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED
NSS_Initialized failed. Certificate database:/etc/.httpd/alias
The ssl error log says (both are warnings):
RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?
RSA server certificate CommonName (CN) 'localhost.local.domain' does NOT
match server name!?
I've obvioulsy missed creating certificates somewhere. It's the first time I
find errors after an Apache upgrade. I thought the upgrades were automatic.
Nothing else (firewall, httpd.conf) has been changed from the time we had
apache working w/o problems. Any clue as to how to proceed to fix this
problem? I don't subscribe to the list, so answers by direct mail is
preferred.
Thank you,
Martin
Re: problem w/ apache 2.2.3 under redhat 5.6 (kernel 2.6.18)
Posted by martin olivera <mo...@ucsd.edu>.
Thank you. I just renamed nss.conf nss.conf.not and that prevented nss from
load up.
Martin
On Tue, Jan 18, 2011 at 4:49 PM, Sander Temme <sc...@apache.org> wrote:
> On 01/18/11 16:01, martin olivera wrote:
>
>>
>> Good day --
>>
>
> Hey Martin,
>
>
> We have three Redhat 5.6 servers running Apache 2.2.3. After our last week
>> software update (directly from Redhat), the three Apache servers became
>> unaccessible from any browser.
>>
>> A simple "service httpd restart" gives no errors, and we can see the
>> daemon
>> running. Put the list of processes just shows [httpd] <defunct>. It
>> appears
>> to be an SSL/NSS problem. A status check yields: "httpd (pid ...) is
>> running
>> ...". But the services manages indicates: "httpd dead but subsys locked".
>>
>
> You might consider taking this to users@httpd.apache.org: maybe someone
> there has seen a similar problem.
>
> mod_nss is not apache.org code: it was done by Red Hat so you should
> probably open a ticket with them.
>
> S.
>
>
> The messages log shows:
>>
>> SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED
>> NSS_Initialized failed. Certificate database:/etc/.httpd/alias
>>
>> The ssl error log says (both are warnings):
>>
>> RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE
>> !?
>> RSA server certificate CommonName (CN) 'localhost.local.domain' does NOT
>> match server name!?
>>
>> I've obvioulsy missed creating certificates somewhere. It's the first time
>> I
>> find errors after an Apache upgrade. I thought the upgrades were
>> automatic.
>> Nothing else (firewall, httpd.conf) has been changed from the time we had
>> apache working w/o problems. Any clue as to how to proceed to fix this
>> problem? I don't subscribe to the list, so answers by direct mail is
>> preferred.
>>
>> Thank you,
>>
>> Martin
>>
>
>
> --
> Sander Temme sctemme@apache.org
> PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
>
> View my availability: http://tungle.me/sctemme
>
>
>
>
Re: problem w/ apache 2.2.3 under redhat 5.6 (kernel 2.6.18)
Posted by Sander Temme <sc...@apache.org>.
On 01/18/11 16:01, martin olivera wrote:
>
> Good day --
Hey Martin,
> We have three Redhat 5.6 servers running Apache 2.2.3. After our last week
> software update (directly from Redhat), the three Apache servers became
> unaccessible from any browser.
>
> A simple "service httpd restart" gives no errors, and we can see the daemon
> running. Put the list of processes just shows [httpd] <defunct>. It appears
> to be an SSL/NSS problem. A status check yields: "httpd (pid ...) is running
> ...". But the services manages indicates: "httpd dead but subsys locked".
You might consider taking this to users@httpd.apache.org: maybe someone
there has seen a similar problem.
mod_nss is not apache.org code: it was done by Red Hat so you should
probably open a ticket with them.
S.
> The messages log shows:
>
> SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED
> NSS_Initialized failed. Certificate database:/etc/.httpd/alias
>
> The ssl error log says (both are warnings):
>
> RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?
> RSA server certificate CommonName (CN) 'localhost.local.domain' does NOT
> match server name!?
>
> I've obvioulsy missed creating certificates somewhere. It's the first time I
> find errors after an Apache upgrade. I thought the upgrades were automatic.
> Nothing else (firewall, httpd.conf) has been changed from the time we had
> apache working w/o problems. Any clue as to how to proceed to fix this
> problem? I don't subscribe to the list, so answers by direct mail is
> preferred.
>
> Thank you,
>
> Martin
--
Sander Temme sctemme@apache.org
PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
View my availability: http://tungle.me/sctemme