Many thanks Nuxwin.
Upgrade to 1.1.7 - SSL Error RebuidCustomerFiles
-
- solved
- FlyingMike
- Closed
- Thread is marked as Resolved.
-
Your log is:
Display MoreCode- [Fri May 23 22:50:23 2014] [debug] iMSCP::Dir::make: Creating directory /var/www/imscp/gui/data/certs
- [Fri May 23 22:50:23 2014] [debug] iMSCP::Dir::mode: Changing mode for /var/www/imscp/gui/data/certs to 750
- [Fri May 23 22:50:23 2014] [debug] iMSCP::Dir::owner: Changing owner and group for /var/www/imscp/gui/data/certs to 0:0
- [Fri May 23 22:50:23 2014] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl rsa -in '/tmp/bmegTSyYnA' -noout
- [Fri May 23 22:50:23 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 0
- [Fri May 23 22:50:23 2014] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl verify -CAfile '/tmp/k69YX3790Q' '/tmp/VKF87daFyw'
- [Fri May 23 22:50:23 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 1
- [Fri May 23 22:50:23 2014] [error] iMSCP::OpenSSL::validateCertificate: Error loading file /tmp/k69YX3790Q
- usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-attime timestamp] [-engine e] cert1 cert2 ...
- recognized usages:
- sslclient SSL client
- sslserver SSL server
- nssslserver Netscape SSL server
- smimesign S/MIME signing
- smimeencrypt S/MIME encryption
- crlsign CRL signing
- any Any Purpose
- ocsphelper OCSP helper
- timestampsign Time Stamp signing
I'll now check and fix the issue on your server...
-
-
Re;
Problem solved. This was due to the fact that your customers's certificates (self-signed certificates) don't have any CA bundle and to the fact that I've forgot to skip the normalization in such case. To resume, your ca_bundle fields in the database were corrupted with a line feed instead of be simply empty... I'll fix that in next release so..
To solve the problem I've executed the following SQL query
Note: For other: don't do that without be sure that the ca_bundle must be empty
And resulting log is:
Display MoreCode- [Fri May 23 23:02:14 2014] [debug] iMSCP::Dir::make: Directory /var/www/imscp/gui/data/certs already exists. Setting its permissions...
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Dir::mode: Changing mode for /var/www/imscp/gui/data/certs to 750
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Dir::owner: Changing owner and group for /var/www/imscp/gui/data/certs to 0:0
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl rsa -in '/tmp/TFuleVYz1s' -noout
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 0
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl verify '/tmp/JCpwOGrZNl'
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 0
- [Fri May 23 23:02:14 2014] [debug] iMSCP::OpenSSL::validateCertificate: /tmp/JCpwOGrZNl: C = AT, ST = Austria, L = Vienna, O = InTime-iT, OU = Internet Technologies, CN = www.intime-it.eu, emailAddress = admin$
- error 18 at 0 depth lookup:self signed certificate
- OK
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl rsa -in '/tmp/TFuleVYz1s' -out '/var/www/imscp/gui/data/certs/intime-it.eu.pem'
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 0
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::execute: Executing command: /bin/cat '/tmp/JCpwOGrZNl' >> '/var/www/imscp/gui/data/certs/intime-it.eu.pem'
- [Fri May 23 23:02:14 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 0
Which is really better...
-
-
Please open another thread... Does our posting rules are so hard to follow?
Edit:
To re-enable SSL for the panel and/or the imscp services (ftp, mail...) run the following command:
and then answer the questions. The certificate for the panel and the services is no longer the same in version 1.1.7. Parameter names for SSL were changed in the imscp.conf file and this explain why you must do so...
BTW: Next time, I'll not answer if you do not open a thread per problem.
Thank you for using i-MSCP.