01-29-2010 02:39 PM
Hello,
I recently upgraded from LMS 3.1 to LMS 3.2. One of our end users pointed out that I forgot to enable https in the Common Services -> Server -> Security area.
I re-enabled https and now the 'Ciscoworks Web Server' will not start up.
If I disable https using ConfigSSL.pl from <NMS root>/MDC/Apache/bin then Ciscoworks comes up fine again.
The log file in <NMS root>/MDC/Apache/logs/error.log shows the message:
Failed to configure CA certificate chain!
I have deleted and regenerated the self-signed certificate several times and this pattern repeats.
I am running LMS on Windows Server 2003 R2.
Any suggestions would be appreciated.
Thanks.
01-29-2010 02:52 PM
Delete NMSROOT/MDC/Apache/conf/ssl/server.* and chain.ser. Then run:
NMSROOT/bin/perl NMSROOT/MDC/Apache/ConfigSSL.pl -disable
NMSROOT/bin/perl NMSROOT/MDC/Apache/ConfigSSL.pl -enable
Fill out the cer values. When done, check the permissions on NMSROOT/MDC/Apache/conf/ssl/server.* and chain.ser, and make sure casuser has full control.
01-29-2010 03:00 PM
Joe,
casusers has full permissions. Do you want me to add casuser with full permission?
Thanks
01-29-2010 03:46 PM
Joe,
To update you, I gave casuser full permission to the files and nothing is working yet.
Still get the same error: "Failed to configure CA certificate chain!" when I start up Ciscoworks.
Thanks.
Bob
01-29-2010 04:29 PM
Post your server.crt, chain.cer, and httpd.conf files.
01-29-2010 04:35 PM
Joe,
As requested, here are the files.
I was able to force Apache to start using the Service control panel.
However, when I spawned a browser the error message is:
You don't have permission to access /cwhp/LiaisonServlet on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Don't know what this means either. Again, if I turn https off, everything comes up fine.
Thanks.
Bob
01-29-2010 05:06 PM
Post the server.key that was used to generate these files.
02-01-2010 09:57 AM
02-01-2010 12:02 PM
Okay. I tested your cert and key, and my Apache works fine. We saw this once before, and the solution there was to reinstall LMS from scratch, then restore the previous backup. The problem was due to a bad CS installation relating to OpenSSL. Without remote access, I cannot offer more than that. I can say that there is nothing wrong with your cert, though.
02-02-2010 12:08 AM
Joe,
Well, I was thinking I was going to have to do a complete reinstall. Thanks for your help.
Bob
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: