Add ssl_mod to existing apache server?

PeterBSD

New Member
Credits
173
mod_sessio comes with mcafee, I can see all the .so files (you listed earlier) in the folder (/usr/lib64/httpd/modules). Both session and session_cookie modules are already loaded (commands in /etc/httpd/conf/httpd.conf file), I just added 'SessionCrystoCipher aes256' yesterday after 'Session On' line, then I got 'syntax error'. That's triggered all the actions like downloading and installing session packages and so on.

However, I found that only /usr/lib64/httpd/modules/ folder has so_sessiob_crypto.so, not that in /opt/NAI/LinuxShield/apache/modules/, so I wonder if the call to install 'mod_session' in kickstarts file I added yesterday resulted in /usr/lib64/httpd/modules/mod_sesison_crypto.so.

So now back to what I had yesterday, both session modules (mod_session and mod_session_cookie) are loaded by existing /etc/httpd/conf/httpd.conf, and adding 'SessionCryptoCipher aes256' threw 'Syntax error ...', so what's the problem there? Incompatible module with the entry?

I even copied /usr/lib64/httpd/modules/mod_session_crypto to /opt/NAI/LinuxShield/apache/modules/ and make 'LoadModule' call .so files from there, but no change (same error).
 


PeterBSD

New Member
Credits
173
I never directly download any .so files (either ssl or session). What I did was to add 'mod_ssl' or 'mod_session' in the package list in kickstarts file, and before that I need to download the .rpm packages for ssl and session with internet connection and add the packages to 'Packages' folder, from where the kickstarts looks during installation.

I did more trials and here is what I observed -
  1. I call 'LoadModule' from /etc/httpd/conf/httpd.conf to load all 5 (auth__form/Session/Session_cookie/Session_crypto/Session_dbd) modules (.so files), either from /etc/httpd/modules (soft link to /usr/lib64/httpd/modules) or /opt/NAI/LinuxShield/apache/modules, there is no difference.
  2. httpd service can't be started
  3. In the log (journalctl -xe), I can see the warning of all modules have been loaded, EXCEPT 'session_crypto_module'
  4. If I remove 'LoadModule' call of 'session_crypto_module', the 'syntax error' (I mentioned earlier) comes back.
  5. From 3) and 4) above, I would say there is something wrong with session_crypto, either configuration or the .so file itself. BTW, I noticed two ssl conf files (/etc/httpd/conf.d/ssl.conf, and /etc/httpd/conf.modules.d/00-ssl.conf), but I didn't see any conf files for either 'session' or 'session_crypto', is that right?

Each time I modified the conf file, I run 'systemctl daemon-reload' and 'systemctl restart httpd'.

A screenshot is attached after I executed the two 'systemctl' commands above, and then 'journalctl -xe'.

Together with the 'LoadModule' commands in /etc/httpd/conf/httpd.conf file.
 

Attachments

f33dm3bits

Gold Member
Gold Supporter
Credits
3,452
I seriously have no idea, it's kind of hard to grasp your setup, since it seems to one big twister puzzle as in how it is setup. I thought I had an idea but then you tell me something else which makes it sound totally different than I had in my mind, so good luck with that. Hope you are able to figure it out :)
 

PeterBSD

New Member
Credits
173
FYI, I figured it out on Friday that the issue was that I need to install apr-util-openssl. I found an error in the log (error_log) file and googled it.

Thanks again for all your help, really appreciated it!
 


Members online


Latest posts

Top