In message <320E1FC3-AA47-456B-9C1B-9930992C9B40@xxxxxxxxxx> on Sat, 2 Jun 2018 07:39:35 +0200, "sampei02@xxxxxxxxxx" <sampei02@xxxxxxxxxx> said: sampei02> I think It¢s installed 2 version OpenSSL; the former by rpm package while the latter by source tar infact I see following files into /usr/local/openssl-0.9.7e : sampei02> sampei02> drwxr-xr-x 21 root root 4096 Feb 4 2005 . sampei02> drwxr-xr-x 19 root root 4096 Jan 20 2011 .. sampei02> drwxr-xr-x 4 root root 4096 May 31 11:51 apps sampei02> drwxr-xr-x 2 root root 4096 Oct 25 2004 bugs sampei02> drwxr-xr-x 3 root root 4096 Oct 25 2004 certs sampei02> -rw-rw-r-- 1 root root 287307 Oct 25 2004 CHANGES sampei02> -rw-rw-r-- 1 root root 42751 Dec 23 1998 CHANGES.SSLeay ... This is not an *installation* per se, it's a source tree. As far as I can see from your listing, that's all it is, it hasn't even been built (or you would see a libcrypto.a and a libssl.a) In all likelyhood, you can ignore this directory tree, entirely. sampei02> Here my cnf files list : sampei02> sampei02> /usr/local/openssl-0.9.7e/apps/oid.cnf sampei02> /usr/local/openssl-0.9.7e/apps/openssl.cnf sampei02> /usr/local/openssl-0.9.7e/apps/openssl-vms.cnf sampei02> /usr/local/openssl-0.9.7e/crypto/conf/ssleay.cnf sampei02> /usr/local/openssl-0.9.7e/test/CAss.cnf sampei02> /usr/local/openssl-0.9.7e/test/CAssdh.cnf sampei02> /usr/local/openssl-0.9.7e/test/CAssdsa.cnf sampei02> /usr/local/openssl-0.9.7e/test/CAssrsa.cnf sampei02> /usr/local/openssl-0.9.7e/test/Sssdsa.cnf sampei02> /usr/local/openssl-0.9.7e/test/Sssrsa.cnf sampei02> /usr/local/openssl-0.9.7e/test/test.cnf sampei02> /usr/local/openssl-0.9.7e/test/Uss.cnf The above are standard distribution configuration files, most of them used for testing. Unless you can see that they are modified (i.e. have been updated after Feb 4 2005, which is when /usr/local/openssl-0.9.7e was created), you can ignore them. sampei02> /usr/share/ssl/openssl.cnf This one is part of your installation and is the most likely to represent your database. You might want to look if you have a index.txt somewhere within /usr/share/ssl. That's the index file for your cert database. If you don't have one, or if it's empty (it's a text file, you can display it), then you have no database on that machine. Cheers, Richard sampei02> sampei02> thanks sampei02> sampei02> sampei02> sampei02> sampei02> sampei02> > On 31 May 2018, at 17:40, Jan Just Keijser <janjust@xxxxxxxxx> wrote: sampei02> > sampei02> > Hi, sampei02> > sampei02> > On 31/05/18 13:23, Sampei wrote: sampei02> >> Oh, It's a good starter point. sampei02> >> Openssl, installed in old server, is 0.9.7e version. sampei02> > smells like RHEL 3 ?!?!?!? sampei02> >> Openssl, installed in new server, is -0.9.8e verson. sampei02> > smells like RHEL 5, which is out of support; you should upgrade to RHEL or CentOS 6 (which lasts until 2020) or preferably 7 sampei02> >> In old server I searched .cnf files and I found several files which are /usr/local/openssl-0.9.7e/xxx/yyyyy.cnf sampei02> >> where sampei02> >> xxx= is directory, sampei02> >> yyyy = name of .cnf file sampei02> >> I queried to /var/cache/yum/updates-released/packages/openssl-0.9.7a-33.10.i686.rpm in old server, I got: sampei02> >> /lib/libcrypto.so.0.9.7a sampei02> >> /lib/libssl.so.0.9.7a sampei02> >> /usr/bin/openssl sampei02> >> /usr/share/doc/openssl-0.9.7a sampei02> >> /usr/share/doc/openssl-0.9.7a/CHANGES sampei02> >> /usr/share/doc/openssl-0.9.7a/FAQ sampei02> >> /usr/share/doc/openssl-0.9.7a/INSTALL sampei02> >> /usr/share/doc/openssl-0.9.7a/LICENSE sampei02> >> /usr/share/doc/openssl-0.9.7a/NEWS sampei02> >> /usr/share/doc/openssl-0.9.7a/README sampei02> >> /usr/share/doc/openssl-0.9.7a/c-indentation.el sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl.txt sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl_button.gif sampei02> >> /usr/share/doc/openssl-0.9.7a/openssl_button.html sampei02> >> /usr/share/doc/openssl-0.9.7a/ssleay.txt sampei02> >> /usr/share/man/man1/asn1parse.1ssl.gz sampei02> >> /usr/share/man/man1/ca.1ssl.gz sampei02> >> /usr/share/man/man1/ciphers.1ssl.gz sampei02> >> /usr/share/man/man1/crl.1ssl.gz sampei02> >> /usr/share/man/man1/crl2pkcs7.1ssl.gz sampei02> >> /usr/share/man/man1/dgst.1ssl.gz sampei02> >> /usr/share/man/man1/dhparam.1ssl.gz sampei02> >> /usr/share/man/man1/dsa.1ssl.gz sampei02> >> /usr/share/man/man1/dsaparam.1ssl.gz sampei02> >> /usr/share/man/man1/enc.1ssl.gz sampei02> >> /usr/share/man/man1/gendsa.1ssl.gz sampei02> >> /usr/share/man/man1/genrsa.1ssl.gz sampei02> >> /usr/share/man/man1/md2.1ssl.gz sampei02> >> /usr/share/man/man1/md4.1ssl.gz sampei02> >> /usr/share/man/man1/md5.1ssl.gz sampei02> >> /usr/share/man/man1/mdc2.1ssl.gz sampei02> >> /usr/share/man/man1/nseq.1ssl.gz sampei02> >> /usr/share/man/man1/ocsp.1ssl.gz sampei02> >> /usr/share/man/man1/openssl.1ssl.gz sampei02> >> /usr/share/man/man1/pkcs12.1ssl.gz sampei02> >> /usr/share/man/man1/pkcs7.1ssl.gz sampei02> >> /usr/share/man/man1/pkcs8.1ssl.gz sampei02> >> /usr/share/man/man1/req.1ssl.gz sampei02> >> /usr/share/man/man1/ripemd160.1ssl.gz sampei02> >> /usr/share/man/man1/rsa.1ssl.gz sampei02> >> /usr/share/man/man1/rsautl.1ssl.gz sampei02> >> /usr/share/man/man1/s_client.1ssl.gz sampei02> >> /usr/share/man/man1/s_server.1ssl.gz sampei02> >> /usr/share/man/man1/sess_id.1ssl.gz sampei02> >> /usr/share/man/man1/sha.1ssl.gz sampei02> >> /usr/share/man/man1/sha1.1ssl.gz sampei02> >> /usr/share/man/man1/smime.1ssl.gz sampei02> >> /usr/share/man/man1/speed.1ssl.gz sampei02> >> /usr/share/man/man1/spkac.1ssl.gz sampei02> >> /usr/share/man/man1/sslpasswd.1ssl.gz sampei02> >> /usr/share/man/man1/sslrand.1ssl.gz sampei02> >> /usr/share/man/man1/verify.1ssl.gz sampei02> >> /usr/share/man/man1/version.1ssl.gz sampei02> >> /usr/share/man/man1/x509.1ssl.gz sampei02> >> /usr/share/man/man5/config.5ssl.gz sampei02> >> /usr/share/man/man7/DES.7ssl.gz sampei02> >> /usr/share/man/man7/Modes.7ssl.gz sampei02> >> /usr/share/man/man7/des_modes.7ssl.gz sampei02> >> /usr/share/man/man7/of.7ssl.gz sampei02> > sampei02> > ****** sampei02> >> /usr/share/ssl sampei02> >> /usr/share/ssl/CA sampei02> >> /usr/share/ssl/CA/private sampei02> >> /usr/share/ssl/cert.pem sampei02> >> /usr/share/ssl/certs sampei02> >> /usr/share/ssl/certs/Makefile sampei02> >> /usr/share/ssl/certs/ca-bundle.crt sampei02> >> /usr/share/ssl/certs/make-dummy-cert sampei02> >> /usr/share/ssl/lib sampei02> >> /usr/share/ssl/misc sampei02> >> /usr/share/ssl/misc/CA sampei02> >> /usr/share/ssl/misc/c_hash sampei02> >> /usr/share/ssl/misc/c_info sampei02> >> /usr/share/ssl/misc/c_issuer sampei02> >> /usr/share/ssl/misc/c_name sampei02> >> /usr/share/ssl/openssl.cnf sampei02> >> /usr/share/ssl/private sampei02> > ******* sampei02> > that's the location to look for the openssl.cnf file and thus the old files; simply do a sampei02> > find /usr/share/ssl -mtime -200 sampei02> > to find any recent files - that should point you in the right direction. sampei02> > sampei02> > sampei02> > HTH, sampei02> > sampei02> > JJK sampei02> > sampei02> sampei02> -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
