• We did not send an email asking for donations - please read this post.

Add ssl_mod to existing apache server?

OP
P

PeterBSD

New Member
Joined
Jul 8, 2020
Messages
14
Reaction score
1
Credits
173
mod_sessio comes with mcafee, I can see all the .so files (you listed earlier) in the folder (/usr/lib64/httpd/modules). Both session and session_cookie modules are already loaded (commands in /etc/httpd/conf/httpd.conf file), I just added 'SessionCrystoCipher aes256' yesterday after 'Session On' line, then I got 'syntax error'. That's triggered all the actions like downloading and installing session packages and so on.

However, I found that only /usr/lib64/httpd/modules/ folder has so_sessiob_crypto.so, not that in /opt/NAI/LinuxShield/apache/modules/, so I wonder if the call to install 'mod_session' in kickstarts file I added yesterday resulted in /usr/lib64/httpd/modules/mod_sesison_crypto.so.

So now back to what I had yesterday, both session modules (mod_session and mod_session_cookie) are loaded by existing /etc/httpd/conf/httpd.conf, and adding 'SessionCryptoCipher aes256' threw 'Syntax error ...', so what's the problem there? Incompatible module with the entry?

I even copied /usr/lib64/httpd/modules/mod_session_crypto to /opt/NAI/LinuxShield/apache/modules/ and make 'LoadModule' call .so files from there, but no change (same error).
 


OP
P

PeterBSD

New Member
Joined
Jul 8, 2020
Messages
14
Reaction score
1
Credits
173
I never directly download any .so files (either ssl or session). What I did was to add 'mod_ssl' or 'mod_session' in the package list in kickstarts file, and before that I need to download the .rpm packages for ssl and session with internet connection and add the packages to 'Packages' folder, from where the kickstarts looks during installation.

I did more trials and here is what I observed -
  1. I call 'LoadModule' from /etc/httpd/conf/httpd.conf to load all 5 (auth__form/Session/Session_cookie/Session_crypto/Session_dbd) modules (.so files), either from /etc/httpd/modules (soft link to /usr/lib64/httpd/modules) or /opt/NAI/LinuxShield/apache/modules, there is no difference.
  2. httpd service can't be started
  3. In the log (journalctl -xe), I can see the warning of all modules have been loaded, EXCEPT 'session_crypto_module'
  4. If I remove 'LoadModule' call of 'session_crypto_module', the 'syntax error' (I mentioned earlier) comes back.
  5. From 3) and 4) above, I would say there is something wrong with session_crypto, either configuration or the .so file itself. BTW, I noticed two ssl conf files (/etc/httpd/conf.d/ssl.conf, and /etc/httpd/conf.modules.d/00-ssl.conf), but I didn't see any conf files for either 'session' or 'session_crypto', is that right?

Each time I modified the conf file, I run 'systemctl daemon-reload' and 'systemctl restart httpd'.

A screenshot is attached after I executed the two 'systemctl' commands above, and then 'journalctl -xe'.

Together with the 'LoadModule' commands in /etc/httpd/conf/httpd.conf file.
 

Attachments

  • httpd_issue.PNG
    httpd_issue.PNG
    261.7 KB · Views: 338
  • httpdConf.PNG
    httpdConf.PNG
    117.4 KB · Views: 339

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,976
Reaction score
3,618
Credits
36,260
I seriously have no idea, it's kind of hard to grasp your setup, since it seems to one big twister puzzle as in how it is setup. I thought I had an idea but then you tell me something else which makes it sound totally different than I had in my mind, so good luck with that. Hope you are able to figure it out :)
 
OP
P

PeterBSD

New Member
Joined
Jul 8, 2020
Messages
14
Reaction score
1
Credits
173
FYI, I figured it out on Friday that the issue was that I need to install apr-util-openssl. I found an error in the log (error_log) file and googled it.

Thanks again for all your help, really appreciated it!
 

durai

New Member
Joined
Feb 24, 2022
Messages
3
Reaction score
0
Credits
23
The better way of providing systems in an isolated network with a way to install packages offline is by using an internal central repository server such as satellite. This way you avoid having to manually download packages of another system to then try to install them on another system and running into a dependency hell.
I have same issue can you help me
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,976
Reaction score
3,618
Credits
36,260
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Latest posts

Top