Re: apache server not starting - Please help decipher an additional clue!

[David Southwell <david@xxxxxxxxxxxxxx>]

> apache22 is no longer starting after recent upgrade.

>

> I have been trying to fix this for over a week but got nowhere - thanks in

> a dvance for any help.

>

>

> I have included some information which may be relevant;

>

> Some guidance would be appreciated as I cannot get the web server to run

> and .

>

> It seems that something must have changed with the latest upgrade as there

> were no changes to the config.

> Syntax is ok:

>

> dns1# /usr/local/sbin/apachectl -t

> Syntax OK

> I have rebuilt apache22 but apache does not start as evidenced below:

> dns1# /usr/local/sbin/apachectl start

>

> Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog)

> Some of your private key files are encrypted for security reasons.

> In order to read them you have to provide the pass phrases.

> [ NOTE I am using a self issued CA certificate which has been working fine]

> Server www.vizion2000.net:443 (RSA)

> Enter pass phrase:

>

> OK: Pass Phrase Dialog successful.

>

> dns1# ps -aux |grep httpd

> root 64784 0.0 0.0 5892 1284 p1 D+ 10:42AM 0:00.00 grep

> httpd dns1# /usr/local/sbin/apachectl restart

> httpd not running, trying to start

> Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog)

> Some of your private key files are encrypted for security reasons.

> In order to read them you have to provide the pass phrases.

>

> Server www.vizion2000.net:443 (RSA)

> Enter pass phrase:

>

> OK: Pass Phrase Dialog successful.

> dns1#

> _____________________

>

> Testing openssl seems to indicate certificate is fine.

> dns1# openssl x509 -in www.vizion2000.net.crt -noout -subject

> subject= /C=UK/ST=South Gloucestershire/L=Kingswood/O=Vizion

> Communications/OU=IT/CN=www.vizion2000.net/emailAddress=david@xxxxxxxxxxxxx

> t dns1#

>

>

> Can anyone please tell me how I can find out why apache is not starting.

> Here is the entry from httpd-error.log:

>

> [Tue Oct 05 15:21:05 2010] [info] Init: Seeding PRNG with 144 bytes of

> entropy [Tue Oct 05 15:21:05 2010] [info] Loading certificate & private

> key of SSL- aware server

> [Tue Oct 05 15:21:05 2010] [info] Init: Requesting pass phrase via builtin

> terminal dialog

> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_pphrase.c(476): encrypted RSA

> private key - pass phrase requested

> [Tue Oct 05 15:21:10 2010] [info] Init: Wiped out the queried pass phrases

> from memory

> [Tue Oct 05 15:21:10 2010] [info] Init: Generating temporary RSA private

> keys (512/1024 bits)

> [Tue Oct 05 15:21:10 2010] [info] Init: Generating temporary DH parameters

> (512/1024 bits)

> [Tue Oct 05 15:21:10 2010] [info] Init: Initializing (virtual) servers for

> SSL [Tue Oct 05 15:21:10 2010] [info] Configuring server for SSL protocol

> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(465): Creating new

> SSL context (protocols: SSLv2, SSLv3, TLSv1)

> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(661): Configuring

> permitted SSL ciphers

> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL]

> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(420): Configuring TLS

> extension handling

> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(792): Configuring RSA

> server certificate

> [Tue Oct 05 15:21:10 2010] [warn] RSA server certificate is a CA

> certificate (BasicConstraints: CA == TRUE !?)

> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(831): Configuring RSA

> server private key

> [Tue Oct 05 15:21:10 2010] [info] mod_ssl/2.2.16 compiled against Server:

> Apache/2.2.16, Library: OpenSSL/1.0.0a

> [Tue Oct 05 15:21:10 2010] [info] mod_unique_id: using ip addr 62.49.197.50

> [Tue Oct 05 15:21:11 2010] [info] Init: Seeding PRNG with 144 bytes of

> entropy [Tue Oct 05 15:21:11 2010] [info] Loading certificate & private

> key of SSL- aware server

> [Tue Oct 05 15:21:11 2010] [info] www.vizion2000.net:443 reusing existing

> RSA private key on restart

> [Tue Oct 05 15:21:11 2010] [info] Init: Generating temporary RSA private

> keys (512/1024 bits)

> [Tue Oct 05 15:21:11 2010] [info] Init: Generating temporary DH parameters

> (512/1024 bits)

> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init

> allocated 512000 bytes of shared memory

> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(272): for 511920

> bytes (512000 including header), recommending 32 subcaches, 133 indexes

> each [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(306):

> shmcb_init_memory choices follow

> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(308): subcache_num =

> 32 [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(310):

> subcache_size = 15992

> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(312):

> subcache_data_offset = 3208

> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(314):

> subcache_data_size = 12784

> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133

> [Tue Oct 05 15:21:11 2010] [info] Shared memory session cache initialised

> [Tue Oct 05 15:21:11 2010] [info] Init: Initializing (virtual) servers for

> SSL [Tue Oct 05 15:21:11 2010] [info] Configuring server for SSL protocol

> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(465): Creating new

> SSL context (protocols: SSLv2, SSLv3, TLSv1)

> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(661): Configuring

> permitted SSL ciphers

> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL]

> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(420): Configuring TLS

> extension handling

> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(792): Configuring RSA

> server certificate

> [Tue Oct 05 15:21:11 2010] [warn] RSA server certificate is a CA

> certificate (BasicConstraints: CA == TRUE !?)

> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(831): Configuring RSA

> server private key

> [Tue Oct 05 15:21:11 2010] [info] mod_ssl/2.2.16 compiled against Server:

> Apache/2.2.16, Library: OpenSSL/1.0.0a

>

>

The system is freebsd 7.2 p3

I ran

# ktrace /usr/local/sbin/apachectl start

Using kdump to descipher the output I got the following at the end of ktrace.out

3568 sh CALL dup2(0xb,0x1)

3568 sh RET dup2 1

3568 sh CALL close(0xb)

3568 sh RET close 0

3568 sh CALL dup2(0xc,0x2)

3568 sh RET dup2 2

3568 sh CALL close(0xc)

3568 sh RET close 0

3568 sh CALL getrlimit(RLIMIT_NOFILE,0x7fffffffe260)

3568 sh RET getrlimit 0

3568 sh CALL setrlimit(RLIMIT_NOFILE,0x7fffffffe260)

3568 sh RET setrlimit 0

3568 sh CALL read(0xa,0x5204c0,0x3ff)

3568 sh GIO fd 10 read 380 bytes

" is no longer supported.

echo Please edit httpd.conf to include the SSL configuration settings

echo and then use "apachectl start".

ERROR=2

;;

configtest)

$HTTPD -t

ERROR=$?

;;

status)

$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '

;;

fullstatus)

$LYNX $STATUSURL

;;

*)

$HTTPD $ARGV

ERROR=$?

esac

exit $ERROR

"

3568 sh RET read 380/0x17c

3568 sh CALL fork

3568 sh RET fork 3585/0xe01

3568 sh CALL getpgrp

3568 sh RET getpgrp 3568/0xdf0

3568 sh CALL wait4(0xffffffff,0x7fffffffe1cc,WUNTRACED,0)

3568 sh RET wait4 3585/0xe01

3568 sh CALL exit(0)

dns1#

dns1# pwd

/usr/home/david/trace

dns1# ls -l

total 50

-rw------- 1 root david 49499 Oct 5 16:00 ktrace.out

dns1#

______________________

This makes it seem as though there is something wrong with the ssl configuration for apache22.

Can anyone please point me in the right direction

Thanks in advance

David

Photographic Artist

Permanent Installations & Design

Creative Imagery and Advanced Digital Techniques

High Dynamic Range Photography & Official Portraiture

Combined darkroom & digital creations

& Systems Adminstrator for the vizion2000.net network