Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Apache will not start if ssl is enabled

Hello,

I recently upgraded from LMS 3.1 to LMS 3.2.  One of our end users pointed out that I forgot to enable https in the Common Services -> Server -> Security area.

I re-enabled https and now the 'Ciscoworks Web Server' will not start up.

If I disable https using ConfigSSL.pl from <NMS root>/MDC/Apache/bin then Ciscoworks comes up fine again.

The log file in <NMS root>/MDC/Apache/logs/error.log shows the message:

Failed to configure CA certificate chain!

I have deleted and regenerated the self-signed certificate several times and this pattern repeats.

I am running LMS on Windows Server 2003 R2.

Any suggestions would be appreciated.

Thanks.

9 REPLIES
Cisco Employee

Re: Apache will not start if ssl is enabled

Delete NMSROOT/MDC/Apache/conf/ssl/server.* and chain.ser.  Then run:

NMSROOT/bin/perl NMSROOT/MDC/Apache/ConfigSSL.pl -disable

NMSROOT/bin/perl NMSROOT/MDC/Apache/ConfigSSL.pl -enable

Fill out the cer values.  When done, check the permissions on NMSROOT/MDC/Apache/conf/ssl/server.* and chain.ser, and make sure casuser has full control.

New Member

Re: Apache will not start if ssl is enabled

Joe,

casusers has full permissions.  Do you want me to add casuser with full permission?

Thanks

New Member

Re: Apache will not start if ssl is enabled

Joe,

To update you, I gave casuser full permission to the files and nothing is working yet.

Still get the same error: "Failed to configure CA certificate chain!" when I start up Ciscoworks.

Thanks.

Bob

Cisco Employee

Re: Apache will not start if ssl is enabled

Post your server.crt, chain.cer, and httpd.conf files.

New Member

Re: Apache will not start if ssl is enabled

Joe,

As requested, here are the files.

I was able to force Apache to start using the Service control panel.

However, when I spawned a browser the error message is:

Forbidden

You don't have permission to access /cwhp/LiaisonServlet on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Don't know what this means either.  Again, if I turn https off, everything comes up fine.

Thanks.

Bob

Cisco Employee

Re: Apache will not start if ssl is enabled

Post the server.key that was used to generate these files.

New Member

Re: Apache will not start if ssl is enabled

Joe,

OK, here you go.

Bob

Cisco Employee

Re: Apache will not start if ssl is enabled

Okay.  I tested your cert and key, and my Apache works fine.  We saw this once before, and the solution there was to reinstall LMS from scratch, then restore the previous backup.  The problem was due to a bad CS installation relating to OpenSSL.  Without remote access, I cannot offer more than that.  I can say that there is nothing wrong with your cert, though.

New Member

Re: Apache will not start if ssl is enabled

Joe,

Well, I was thinking I was going to have to do a complete reinstall.  Thanks for your help.

Bob

1182
Views
0
Helpful
9
Replies
CreatePlease to create content