Search Engine: Elastic

Article ID: 131242, created on Aug 4, 2017, last review on Oct 12, 2017

  • Applies to:
  • Operations Automation

Symptoms

OA Control Panel is unavailable.

Apache service does not start on UI node(s) with an SSL error in /var/log/httpd/error.log:

[Fri Aug 04 12:21:04 2017] [error] Unable to configure RSA server private key
[Fri Aug 04 12:21:04 2017] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Using strace during Apache service start reveals a broken brand configuration:

# strace -vvvttTfs1024 -e open service httpd start
    ...
1015390 12:43:43.416551 open("/etc/pki/tls/certs/brand_example.com.crt", O_RDONLY) = 11 <0.000046>

The failure occurs after reading the mentioned crt file. There is a certificate/key pair mismatch:

[root@linui01 ~]# openssl x509 -noout -modulus -in brand_example.com.crt  | openssl md5
(stdin)= 21bf98a442ef1129c9903c77f9cbb740
[root@linui01 ~]# openssl rsa -noout -modulus -in /etc/pki/tls/private/brand_example.com.ey  | openssl md5
(stdin)= fb433e40b6d23e511a92cc3b97b33b62

Cause

Reseller managed to upload a broken certificate, leading to the Apache service crash.

The issue is planned to be improved in scope of POA-110175 (fixed in 7.1) and POA-113379 requests.

Resolution

As a quick workaround, remove the faulty brand from Apache configuration:

# mv /etc/httpd/conf.d/brand_example.com.conf /root/

To fix the issue, make sure the correct certificate is installed for the brand.

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF