On Wed, Aug 23, 2000 at 09:02:50AM -0400, Duane Gran wrote:
> > > I have compiled and setup mod_ssl with open_ssl on a few systems in the
> > > past, but I'm having some trouble today. I'm using the latest stable
> > > version of mod_ssl, open_ssl and apache on Solaris 2.7.
> > >
> > > Apache is unable to start, via a the "apachectl startssl" or the regular
> > > "apachectl start" commands. I see the following entry in the error_log:
> > >
> > > [Mon Aug 21 11:01:04 2000] [error] mod_ssl: Init: Failed to generate
> > > temporary 512 bit RSA private key
> > >
> > > Has anyone else encountered this error, and if so, could you give some
> > > hints about how to resolve it? Many thanks in advance.
>
> > It's a FAQ: http://www.modssl.org/docs/2.6/ssl_faq.html#ToC15 and
> > http://www.openssl.org/support/faq.html#6
>
> I just wanted to give an update. I was able to solve this problem with
> a free third party /dev/random and /dev/urandom implementation:
>
> http://www.cosy.sbg.ac.at/~andi/
>
> I hope this helps some others.
>
I tried to use the random.c, I compiled it but didnt attached:
devfsadm: driver failed to attach: random
Warning: Driver (random) successfully added to system but failed to attach
It says something about creating a script so at startup it gets
initialized:
* The random pool can be initialized at system startup by
* a script containing a line simmilar to:
* dd if=$random_seed_file of=/dev/urandom
which is this script ? a /etc/init.d/startup_random ?
what's $random_seed_file ?
I have read the FAQ and the docs but still have the same problem, I
tried with apache 1.3.9 and apache 1.3.12 (with the corresponding
openssl source, 0.9.4 and 0.9.5a) but for some reason I still cannot
get it to work with ssl, it works fine without -DSSL,
I posted this in the bug page in the modssl site .. I have just entering
this list so I dont know the posting got here, but I'm posting it anyway:
I read the FAQ and did the what it said there, created a .rnd under
/usr/local/apache (the serverroot) and under /home/WWW (the document
root), the one that make certificate filled is the one I copied to
the other places ... I have compiled apache with and without other
modules but the problem still persists ... I did a truss and this is
what I got:
[ big part cut, if needed let me know]
brk(0x003BFDA0) = 0
brk(0x003C1DA0) = 0
brk(0x003C1DA0) = 0
brk(0x003C3DA0) = 0
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(186, " [ 1 9 / A u g / 2 0 0 0".., 124) = 124
open64("/opt/SSL/certs/admcuentas.crt", O_RDONLY) = 3
fstat64(3, 0xFFBECCF8) = 0
brk(0x003C3DA0) = 0
brk(0x003C5DA0) = 0
ioctl(3, TCGETA, 0xFFBECC84) Err#25 ENOTTY
read(3, " - - - - - B E G I N C".., 8192) = 1204
llseek(3, 0, SEEK_CUR) = 1204
close(3) = 0
open64("/opt/SSL/certs/admcuentas.key", O_RDONLY) = 3
fstat64(3, 0xFFBECCF8) = 0
ioctl(3, TCGETA, 0xFFBECC84) Err#25 ENOTTY
read(3, " - - - - - B E G I N R".., 8192) = 891
llseek(3, 0, SEEK_CUR) = 891
close(3) = 0
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(186, " [ 1 9 / A u g / 2 0 0 0".., 127) = 127
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(187, " [ 1 9 / A u g / 2 0 0 0".., 129) = 129
open64("/opt/SSL/certs/cambiar-passwd2.crt", O_RDONLY) = 3
fstat64(3, 0xFFBECCF8) = 0
ioctl(3, TCGETA, 0xFFBECC84) Err#25 ENOTTY
read(3, " - - - - - B E G I N C".., 8192) = 1013
llseek(3, 0, SEEK_CUR) = 1013
close(3) = 0
open64("/opt/SSL/certs/cambiar-passwd2.key", O_RDONLY) = 3
fstat64(3, 0xFFBECCF8) = 0
ioctl(3, TCGETA, 0xFFBECC84) Err#25 ENOTTY
read(3, " - - - - - B E G I N R".., 8192) = 887
llseek(3, 0, SEEK_CUR) = 887
close(3) = 0
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(187, " [ 1 9 / A u g / 2 0 0 0".., 132) = 132
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(185, " [ 1 9 / A u g / 2 0 0 0".., 117) = 117
open64("/opt/apache/conf/ssl.crt/webserver.crt", O_RDONLY) = 3
fstat64(3, 0xFFBECCF8) = 0
ioctl(3, TCGETA, 0xFFBECC84) Err#25 ENOTTY
read(3, " - - - - - B E G I N C".., 8192) = 1188
llseek(3, 0, SEEK_CUR) = 1188
close(3) = 0
brk(0x003C5DA0) = 0
brk(0x003CFDA0) = 0
open64("/opt/apache/conf/ssl.key/webserver.key", O_RDONLY) = 3
fstat64(3, 0xFFBECCF8) = 0
ioctl(3, TCGETA, 0xFFBECC84) Err#25 ENOTTY
read(3, " - - - - - B E G I N R".., 8192) = 887
llseek(3, 0, SEEK_CUR) = 887
close(3) = 0
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(185, " [ 1 9 / A u g / 2 0 0 0".., 120) = 120
brk(0x003CFDA0) = 0
brk(0x003D7DA0) = 0
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(185, " [ 1 9 / A u g / 2 0 0 0".., 97) = 97
time() = 966717467
getpid() = 15758 [15757]
getpid() = 15758 [15757]
getuid() = 0 [0]
time() = 966717467
open("/dev/urandom", O_RDONLY) Err#2 ENOENT
getpid() = 15758 [15757]
getpid() = 15758 [15757]
time() = 966717467
time() = 966717467
getpid() = 15758 [15757]
write(185, " [ 1 9 / A u g / 2 0 0 0".., 96) = 96
time() = 966717467
fstat64(15, 0xFFBECBB8) = 0
ioctl(15, TCGETA, 0xFFBECB44) Err#25 ENOTTY
write(15, " [ S a t A u g 1 9 ".., 103) = 103
llseek(0, 0, SEEK_CUR) = 181503
_exit(1)
in the logfile:
[Fri Aug 18 17:18:28 2000] [notice] Apache/1.3.12 (Unix) configured -- resuming
normal operations
[Fri Aug 18 17:22:43 2000] [error] mod_ssl: Init: Failed to generate temporary 512
bit RSA private key
I put debug and trace in the SSLLogLevel, but it gives no more info :-/
apache runs well without -DSSL, of course ...
this is my last configure:
./configure --add-module=src/modules/extra/mod_auth_msql.c \
--prefix=/usr/local/apache --enable-shared=ssl --enable-module=ssl \
--activate-module=src/modules/perl/libperl.a \
--activate-module=src/modules/fastcgi/libfastcgi.a
but I tried it without the mod_* but made no difference ...
I'm using openssl-0.9.5a.
I read about the randon device and left it to default in the
Configuration.tmpl..
I noticed there are other report about the same problem:
354
384
395
396
407
We really need the SSL working here, so please respond ASAP.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
! __ __ _ ______ __ _ _ _ _(@)| The opinions here are expressed !
! /__) /_ /_\/ / / / / /| / | "as is", with no warranty of any!
! / \ /__/ /\__\___/_ /_/ _/ |/ | kind. Use them at your own risk.!
! | !
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\ Oswaldo E. Aguirre M. \
/ Computer Science Engineer /
\ Internet Services Coordinator \
/ [EMAIL PROTECTED] /
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
