Add ssl_mod to existing apache server?

mod_sessio comes with mcafee, I can see all the .so files (you listed earlier) in the folder (/usr/lib64/httpd/modules). Both session and session_cookie modules are already loaded (commands in /etc/httpd/conf/httpd.conf file), I just added 'SessionCrystoCipher aes256' yesterday after 'Session On' line, then I got 'syntax error'. That's triggered all the actions like downloading and installing session packages and so on.

However, I found that only /usr/lib64/httpd/modules/ folder has so_sessiob_crypto.so, not that in /opt/NAI/LinuxShield/apache/modules/, so I wonder if the call to install 'mod_session' in kickstarts file I added yesterday resulted in /usr/lib64/httpd/modules/mod_sesison_crypto.so.

So now back to what I had yesterday, both session modules (mod_session and mod_session_cookie) are loaded by existing /etc/httpd/conf/httpd.conf, and adding 'SessionCryptoCipher aes256' threw 'Syntax error ...', so what's the problem there? Incompatible module with the entry?

I even copied /usr/lib64/httpd/modules/mod_session_crypto to /opt/NAI/LinuxShield/apache/modules/ and make 'LoadModule' call .so files from there, but no change (same error).
 


I never directly download any .so files (either ssl or session). What I did was to add 'mod_ssl' or 'mod_session' in the package list in kickstarts file, and before that I need to download the .rpm packages for ssl and session with internet connection and add the packages to 'Packages' folder, from where the kickstarts looks during installation.

I did more trials and here is what I observed -
  1. I call 'LoadModule' from /etc/httpd/conf/httpd.conf to load all 5 (auth__form/Session/Session_cookie/Session_crypto/Session_dbd) modules (.so files), either from /etc/httpd/modules (soft link to /usr/lib64/httpd/modules) or /opt/NAI/LinuxShield/apache/modules, there is no difference.
  2. httpd service can't be started
  3. In the log (journalctl -xe), I can see the warning of all modules have been loaded, EXCEPT 'session_crypto_module'
  4. If I remove 'LoadModule' call of 'session_crypto_module', the 'syntax error' (I mentioned earlier) comes back.
  5. From 3) and 4) above, I would say there is something wrong with session_crypto, either configuration or the .so file itself. BTW, I noticed two ssl conf files (/etc/httpd/conf.d/ssl.conf, and /etc/httpd/conf.modules.d/00-ssl.conf), but I didn't see any conf files for either 'session' or 'session_crypto', is that right?

Each time I modified the conf file, I run 'systemctl daemon-reload' and 'systemctl restart httpd'.

A screenshot is attached after I executed the two 'systemctl' commands above, and then 'journalctl -xe'.

Together with the 'LoadModule' commands in /etc/httpd/conf/httpd.conf file.
 

Attachments

  • httpd_issue.PNG
    httpd_issue.PNG
    261.7 KB · Views: 474
  • httpdConf.PNG
    httpdConf.PNG
    117.4 KB · Views: 485
I seriously have no idea, it's kind of hard to grasp your setup, since it seems to one big twister puzzle as in how it is setup. I thought I had an idea but then you tell me something else which makes it sound totally different than I had in my mind, so good luck with that. Hope you are able to figure it out :)
 
FYI, I figured it out on Friday that the issue was that I need to install apr-util-openssl. I found an error in the log (error_log) file and googled it.

Thanks again for all your help, really appreciated it!
 
The better way of providing systems in an isolated network with a way to install packages offline is by using an internal central repository server such as satellite. This way you avoid having to manually download packages of another system to then try to install them on another system and running into a dependency hell.
I have same issue can you help me
 

Members online


Latest posts

Top