Can not access web admin interface. Certificate problem.

Home Page Forums Network Management ZeroShell Can not access web admin interface. Certificate problem.

This topic contains 3 replies, has 0 voices, and was last updated by  karakoram 8 years, 9 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #42664

    karakoram
    Member

    Hi !

    I can’t access Web Admin Interface because the httpd daemon does not start.

    When booting I have this error :

    Starting httpd daemon…
    Syntax error on line 113 of /etc/httpd/conf/ssl.conf:
    SSLCertificateFile: file ‘/etc/httpd/conf/ssl.crt/server.crt’ does not exist or is empty [FAILED]
    Starting OpenVPN Host-to-LAN VPN…. [FAILED]

    I have this error since I recreated the CA certificate through the X509 panel and then reboot Zeroshell.

    I use Zeroshell 1.0 beta 12 on ESX 4.0

    How to correct this error ? We have no backup before the error. I did manage to deactivate the broken profile and get back the web interface but my configuration is empty…

    Thanks a lot !

    #51134

    ppalias
    Member

    Does this file exist in the folder, or is the folder empty? You could try to copy the file from another profile into the one you want to use.

    root@zeroshell /> ls /etc/httpd/ssl.crt/server.crt -lh
    lrwxrwxrwx 1 root root 39 May 26 2009 /etc/httpd/ssl.crt/server.crt -> /var/register/system/httpd/TLS/cert.pem

    Most likely you will find the file in the folder but the cert.pem will be missing.
    I suggest you search for file

    cacert.pem

    in folder

    /Database/etc/ssl/certs

    . If it is missing copy from another profile the one there and reboot.

    #51135

    karakoram
    Member

    Every files are existing :

    I am rather a newbie with Linux. Could you explain me precisely wich files to restore from where ?

    Thanks !

    #51136

    ppalias
    Member

    If you run the command

    cat /Database/etc/ssl/certs/cacert.pem

    do you see anything like this

    
    
    BEGIN CERTIFICATE
    MIIEqjCsdCA5KgAwIBAgIJAJth5zS2YgZ9MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYfsdD
    VQQGcvbvE nvbwJHUjsfsdEPMA0GA1UECBMGQXR0aWtpMRcwFQYDVQQHEw5BZ2lhIFBhcmvbnFza2V2
    aTEUMBIGA1UEChMLVHJlbmR5LmF3bW4xDDAKBgNVBAsTA05ldDEVMBMGA1UEAxnvmMM
    WmVyb1NobnZWxsIENBMSAwHgYJKoZIhvcNAQkBFhFwYWxpYXNwQHlhaG9vLmNvbTAembn
    Fw0wOTA0MjcwOmbDExMTJaFw0xOTA0MjUwODExMTJaMIGUMQswCQYDVQQGEwJHUjEPdsffsd,
    MA0GA1UECBMGdQXklR0aWtpMRcwFQYDVQQHEw5BZ2lhIFBhcmFza2V2aTEUMBIGA1UEfsd
    ChMLVHJlbmR5fLmF3bklpW4xDDAKBgNVBAsTA05ldDEVMBMGA1UEAxMMWmVyb1NoZWxsdsf
    IENBMSAwHgYJsdfKoZIhvgfhcNAQkBFhFwYWxpYXNwQHlhaG9vLmNvbTCCASIwDQYJKoZIddsdfy
    hvcNAQEBBQAfDggEPADCCAQoCggEBAN+bPgnXKrZNnqeI9PnkLt4Z02HTWf+zS1Efsdf
    HSw8I3ZM1BdXa/oayPVcdlxzoBjR1CARWjYwie06QPsbKf/quUPtzObrC2sd7NlBD85
    nuS1tPzn6B0dsdffWSc+199Fu5TV7Hw9x/MmkJruzklqSNtUuX9RFPeJeiHuEIFjyTKky
    AnoIxpIyPjdS+cvsdfdsfsdfyS3EqbG8UzYiMH4MusKkAw11g8sJkJNQmtYt4ns4QTZ5q9pmh
    BfVo7e7/UE+ksCG+UhSrjfsdfsdfsfZKCH6TjsveLXJunlct2JWJcJPYqp0jmDYfx6N14rr
    WOtvMpjzdsfG2zn0jCDu0keIOYUa/XAI4tDZ3g4IuZ8mfCKyKENaVUCAwEAAaOB/DCBsd
    +TAdBgNVHQ4EFgQUdsfdsfUOgPgGbcG4gVqyNA9T2S5QUdJyIwgckGA1UdIwSBwTCBvoAU
    UOgPgGbcG4gVqyNA9T2S5sdfdsfsQUdJyKhgZqkgZcwgZQxCzAJBgNVBAYTAkdSMQ8wDQYD
    VQQIEwZBdHRdsfsdfspa2kxFzAVBgNVBAcTDkFnaWEgUGFyYXNrZXZpMRQwEgYDVQQKEwtU
    cmVuZHkudfsfsYXdtbjEMMAoGA1UECxMDTmV0MRUwEwYDVQQDEwxaZXJvU2hlbGwgQ0rtt
    IDAeBgkqhkiG9rteterEXBhbGlhc3BAeWFob28uY29tggkAm2HnNLZiBn0wDAYD
    VR0TBAUwAwEB/zgfhfghfkiG9w0BAQUFAAOCAQEAKbw7m8P7LTZn3q1wNs6FU9O2
    y4uV/eivFif+e5C8Qe16WuCuUw6ThXqIeA15R6FWvFqjolI2V08kauTezbGguciG
    WYiwDRwYqo2ATie7tm9ZCv/isdfsfd/mwBwWdznLIwUg6KmgrCmwQlJ6hdsfdsftURiwjUQow+27
    PVpcLlWx037UxIfbQpE4555ZrPwqxNnkvHdfsLLTs6kQbRhx+i38AGxp3ePvZZpdf
    tXh7sR0HB6+cMKG3WqX4365h87VwcEiFRlMOYyzGPghp61oS1ycKu5kWj04tyoD4oxLpC1
    ktF7tjMBR/lL7SQ/oh+BSss8QuKqARlhUmI6+df77X3GdDLh7R5cLx1Zte1crojQsdf==
    END CERTIFICATE
    #51137

    karakoram
    Member

    It works !

    I did manage to get the Web Interface back by recreating the SSL Apache certficate, then I could create a new CA, a new Zeroshell host certificate and affect it to the HTTPS server. It’s a painfull workarround because we have to regenerate every OpenVPN user certificate but it works…

    My 1st mistake was to revoke and renew the Zeroshell host certificate without affecting it to the HTTPS service and then reboot.

    Thanks a lot for your help.

    😀

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.