Can not access web admin interface. Certificate problem.

[karakoram]

Hi !

I can’t access Web Admin Interface because the httpd daemon does not start.

When booting I have this error :

Starting httpd daemon…
Syntax error on line 113 of /etc/httpd/conf/ssl.conf:
SSLCertificateFile: file ‘/etc/httpd/conf/ssl.crt/server.crt’ does not exist or is empty [FAILED]
Starting OpenVPN Host-to-LAN VPN…. [FAILED]

I have this error since I recreated the CA certificate through the X509 panel and then reboot Zeroshell.

I use Zeroshell 1.0 beta 12 on ESX 4.0

How to correct this error ? We have no backup before the error. I did manage to deactivate the broken profile and get back the web interface but my configuration is empty…

Thanks a lot !

[ppalias]

Does this file exist in the folder, or is the folder empty? You could try to copy the file from another profile into the one you want to use.

root@zeroshell /> ls /etc/httpd/ssl.crt/server.crt -lh

lrwxrwxrwx    1 root     root           39 May 26  2009 /etc/httpd/ssl.crt/server.crt -> /var/register/system/httpd/TLS/cert.pem

Most likely you will find the file in the folder but the cert.pem will be missing.
I suggest you search for file

cacert.pem

in folder

/Database/etc/ssl/certs

. If it is missing copy from another profile the one there and reboot.

[karakoram]

Every files are existing :

I am rather a newbie with Linux. Could you explain me precisely wich files to restore from where ?

Thanks !

[ppalias]

If you run the command

cat /Database/etc/ssl/certs/cacert.pem

do you see anything like this

BEGIN CERTIFICATE

MIIEqjCsdCA5KgAwIBAgIJAJth5zS2YgZ9MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYfsdD

VQQGcvbvE nvbwJHUjsfsdEPMA0GA1UECBMGQXR0aWtpMRcwFQYDVQQHEw5BZ2lhIFBhcmvbnFza2V2

aTEUMBIGA1UEChMLVHJlbmR5LmF3bW4xDDAKBgNVBAsTA05ldDEVMBMGA1UEAxnvmMM

WmVyb1NobnZWxsIENBMSAwHgYJKoZIhvcNAQkBFhFwYWxpYXNwQHlhaG9vLmNvbTAembn

Fw0wOTA0MjcwOmbDExMTJaFw0xOTA0MjUwODExMTJaMIGUMQswCQYDVQQGEwJHUjEPdsffsd,

MA0GA1UECBMGdQXklR0aWtpMRcwFQYDVQQHEw5BZ2lhIFBhcmFza2V2aTEUMBIGA1UEfsd

ChMLVHJlbmR5fLmF3bklpW4xDDAKBgNVBAsTA05ldDEVMBMGA1UEAxMMWmVyb1NoZWxsdsf

IENBMSAwHgYJsdfKoZIhvgfhcNAQkBFhFwYWxpYXNwQHlhaG9vLmNvbTCCASIwDQYJKoZIddsdfy

hvcNAQEBBQAfDggEPADCCAQoCggEBAN+bPgnXKrZNnqeI9PnkLt4Z02HTWf+zS1Efsdf

HSw8I3ZM1BdXa/oayPVcdlxzoBjR1CARWjYwie06QPsbKf/quUPtzObrC2sd7NlBD85

nuS1tPzn6B0dsdffWSc+199Fu5TV7Hw9x/MmkJruzklqSNtUuX9RFPeJeiHuEIFjyTKky

AnoIxpIyPjdS+cvsdfdsfsdfyS3EqbG8UzYiMH4MusKkAw11g8sJkJNQmtYt4ns4QTZ5q9pmh

BfVo7e7/UE+ksCG+UhSrjfsdfsdfsfZKCH6TjsveLXJunlct2JWJcJPYqp0jmDYfx6N14rr

WOtvMpjzdsfG2zn0jCDu0keIOYUa/XAI4tDZ3g4IuZ8mfCKyKENaVUCAwEAAaOB/DCBsd

+TAdBgNVHQ4EFgQUdsfdsfUOgPgGbcG4gVqyNA9T2S5QUdJyIwgckGA1UdIwSBwTCBvoAU

UOgPgGbcG4gVqyNA9T2S5sdfdsfsQUdJyKhgZqkgZcwgZQxCzAJBgNVBAYTAkdSMQ8wDQYD

VQQIEwZBdHRdsfsdfspa2kxFzAVBgNVBAcTDkFnaWEgUGFyYXNrZXZpMRQwEgYDVQQKEwtU

cmVuZHkudfsfsYXdtbjEMMAoGA1UECxMDTmV0MRUwEwYDVQQDEwxaZXJvU2hlbGwgQ0rtt

IDAeBgkqhkiG9rteterEXBhbGlhc3BAeWFob28uY29tggkAm2HnNLZiBn0wDAYD

VR0TBAUwAwEB/zgfhfghfkiG9w0BAQUFAAOCAQEAKbw7m8P7LTZn3q1wNs6FU9O2

y4uV/eivFif+e5C8Qe16WuCuUw6ThXqIeA15R6FWvFqjolI2V08kauTezbGguciG

WYiwDRwYqo2ATie7tm9ZCv/isdfsfd/mwBwWdznLIwUg6KmgrCmwQlJ6hdsfdsftURiwjUQow+27

PVpcLlWx037UxIfbQpE4555ZrPwqxNnkvHdfsLLTs6kQbRhx+i38AGxp3ePvZZpdf

tXh7sR0HB6+cMKG3WqX4365h87VwcEiFRlMOYyzGPghp61oS1ycKu5kWj04tyoD4oxLpC1

ktF7tjMBR/lL7SQ/oh+BSss8QuKqARlhUmI6+df77X3GdDLh7R5cLx1Zte1crojQsdf==

END CERTIFICATE

[karakoram]

It works !

I did manage to get the Web Interface back by recreating the SSL Apache certficate, then I could create a new CA, a new Zeroshell host certificate and affect it to the HTTPS server. It’s a painfull workarround because we have to regenerate every OpenVPN user certificate but it works…

My 1st mistake was to revoke and renew the Zeroshell host certificate without affecting it to the HTTPS service and then reboot.

Thanks a lot for your help.

😀

[Author]

Posts