HPE Community
Operating System - HP-UX
1823063 Members
3197 Online
109645 Solutions
New Discussion юеВ

errors in hp apache 2.0.53 on hpux

 
SOLVED
Go to solution
Shivkumar
Super Advisor

тАО10-12-2005 04:50 AM

тАО10-12-2005 04:50 AM

errors in hp apache 2.0.53 on hpux

Dear Sirs;

We are running hp apache 2.0.53 on hpux.
We are seeing the below mentioned errors in the error log of hp apache:

[Fri Oct 07 11:05:23 2005] [warn] child process 14863 still did not exit, sending a SIGTERM
[Fri Oct 07 11:05:23 2005] [warn] child process 14864 still did not exit, sending a SIGTERM
[Fri Oct 07 11:05:23 2005] [warn] child process 14865 still did not exit, sending a SIGTERM
[Fri Oct 07 11:05:23 2005] [notice] caught SIGTERM, shutting down
-----
[Fri Oct 07 11:46:49 2005] [error] Init: Failed to generate temporary 1024 bit RSA private key
[Fri Oct 07 11:46:52 2005] [error] Init: Failed to generate temporary 512 bit RSA private key

Appreciate if anyone can suggest some workaround.

Thanks,
Shiv
0 Kudos
Reply
5 REPLIES 5
Florian Heigl (new acc)
Honored Contributor

тАО10-12-2005 11:31 AM

тАО10-12-2005 11:31 AM

Re: errors in hp apache 2.0.53 on hpux

does it work with SSL disabled in /etc/rc.config/hpwsapacheconf ?

Do You have HP-UX KRNG installed?

Florian
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО10-12-2005 01:36 PM

тАО10-12-2005 01:36 PM

Re: errors in hp apache 2.0.53 on hpux

what are your sslrandomseed directives set to? Chances are that the configs didn't change, but maybe something w/ rng failed after a reboot. A problem with rng or /dev/random and /dev/urandom could cause the mod_ssl failure.

Is the rng module loaded?

kmadmin -S

look for rng to be loaded, also verify that the major# returned by kmadmin matches the major# of /dev/random and /dev/urandom. If rng is loaded but major# doesn't match /dev/random, recreate /dev/random and urandom w/ the matching major number from the loaded rng mod.

hope this helps,
-denver

Reply
Arunvijai_4
Honored Contributor

тАО10-12-2005 03:39 PM

тАО10-12-2005 03:39 PM

Re: errors in hp apache 2.0.53 on hpux

It seems to be SSL related problem. Do you have
HP's SRNG installed and configured properly ? Or do you have PRNGD installed on your server ?

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
http://hpux.connect.org.uk/hppd/hpux/Maths/Misc/prngd-0.9.29/
or you can install OpenSSL for 11.11, it has got PRNGD part of the bundle..

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=OPENSSL11I

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Reply
Ranjith_5
Honored Contributor

тАО10-12-2005 03:53 PM

тАО10-12-2005 03:53 PM

Solution

Re: errors in hp apache 2.0.53 on hpux

Hi Shiva,

Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" that serves this purpose (usually named /dev/random). On other systems, applications have to seed the OpenSSL Pseudo Random Number Generator (PRNG) manually with appropriate data before generating keys or performing public key encryption. As of version 0.9.5, the OpenSSL functions that need randomness report an error if the PRNG has not been seeded with at least 128 bits of randomness. So mod_ssl has to provide enough entropy to the PRNG to work correctly. For this one has to use the SSLRandomSeed directives

The solution:
================================
Open etc/ssl.conf in your favourite text editor.
Find the following lines:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Cut&Paste these line to the very begining of the file.
(above the line )

Please let me know what is your finding.

Regards,
Syam
Reply
Ranjith_5
Honored Contributor

тАО10-12-2005 03:58 PM

тАО10-12-2005 03:58 PM

Re: errors in hp apache 2.0.53 on hpux

One more thing..create a $HOME/.rnd file to make sure enough entropy is available also for the "make certificate" step (in case the "make certificate" procedure is not able to gather enough entropy theirself by searching for system files).


Regards,
Syam
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.