SSL Cert problems

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

SSL Cert problems

Hi folks,

I've picked up two issues overnight. 

One of my servers died last night with no obvious reason.

2017-07-25 21:43:08 [Main_Thread] Sig TERM
2017-07-25 21:43:08 [Main_Thread] Initializing shutdown sequence

There were still active threads, no lost connections or anything so I'm not sure where the sig term came from.

My monitoring server picked this up and called ASSP to restart. The perl process started fine and it went through the normal startup procedure before exiting with no error.

I've been trying to start ASSP back up and get the same every time. The last line in the log is:

2017-07-25 21:51:52 [init] Listening for SMTP connections on ,

The process then exits immediately upon writing this line to the log.

I then attached strace to the process and looked for what is happening and it shows this:

open("path/filename.crt", O_RDONLY) = -1 ENOENT (No such file or directory)
write(1, "SSL_cert_file path/filena"..., 153) = 153
rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGILL, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTRAP, NULL, {SIG_DFL, [], 0}, 8) = 0

plus plenty more SIG lines with the process shutting down.

So,easy problem - there looks to be a line that is supposed to write an error about the SSL cert file to the log but this does not happen.

Now the actual problem. The cert file is there, it hasn't changed since March and is configured exactly the same as it has always been. It is configured the same as the other server that is up and running.

The SSL settings are encrypted in assp.cfg so I can't do much with them without being able to get ASSP to start. I've set doTLS to 0 and removed the data from SSLCertFile. This allowed ASSP to start. I've then put the path back into SSLCertFile and this was accepted without any errors.

This revealed another issue. The web admin interface switched back to TLS straight away and blocked me saying "user root is currently logged on from host x.x.x.x" so if sessions don't move between http and https when it is enabled it would be useful to have the old sessions purged during the process.

It looks like putting the details back into SSLCertFile has corrected the problem as the web interface now runs using SSL. Hopefully when I can get back in to re-enable doTLS that will accept the cert again as well but it does not explain why ASSP couldn't find the cert initially and why re-inputting exactly the same details now works without any changes to the cert file itself.

All the best,

Check out the vibrant tech community on one of the world's most
engaging tech sites,!
Assp-test mailing list
[hidden email]