Slackware 15.0+ openssl upgraded and now httpd will not start
by rocknrobin from LinuxQuestions.org on (#6GQTQ)
Hell-o again. I am running a Slackware 15.0+ distro and in performing updates this last weekend openssl was upgraded. I noticed after reboot the httpd did not start.
Code:
root@robrutrm:/etc/ssl/certs# ps -ef | grep httpd
root 12713 2600 0 16:11 pts/6 00:00:00 grep httpdI then tried /etc/rc.d/rc.httpd start and it still would not start. I checked the http error log and each time I tried to start it here is what shows up in the log.
Code:
[Mon Nov 27 18:31:21.028930 2023] [ssl:emerg] [pid 3302:tid 139857554073536] AH02561: Failed to configure certificate www.example.com:443:0, check /etc/ssl/certs/server.crt
[Mon Nov 27 18:31:21.028956 2023] [ssl:emerg] [pid 3302:tid 139857554073536] SSL Library Error: error:0A00018F:SSL routines::ee key too small
AH00016: Configuration FailedIf I am interpreting the log correctly it is telling me that the rsa key in /etc/ssl/certs/server.crt is too small. Checking the certificate I do indeed see
Code:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)Therefore I am assuming that I just need to regenerate this certificate with a 2048 or 4096 key. Unfortunately I set up openssl for httpd several years ago and I can't find my notes. Also online I can't find anything that specifically details the commands to generate this particular certificate. Can someone advise the command(s) to regenerate this certificate with a larger key or if I have misinterpreted what the log is telling me advise what I can do to fix this. I have been able to start httpd every time I reboot, after updates usually, because I check it each time I reboot. Therefore I know this just happened with the upgrade to openssl--perhaps the 1024 key is not acceptable anymore? Thanks for any and all help.
Code:
root@robrutrm:/etc/ssl/certs# ps -ef | grep httpd
root 12713 2600 0 16:11 pts/6 00:00:00 grep httpdI then tried /etc/rc.d/rc.httpd start and it still would not start. I checked the http error log and each time I tried to start it here is what shows up in the log.
Code:
[Mon Nov 27 18:31:21.028930 2023] [ssl:emerg] [pid 3302:tid 139857554073536] AH02561: Failed to configure certificate www.example.com:443:0, check /etc/ssl/certs/server.crt
[Mon Nov 27 18:31:21.028956 2023] [ssl:emerg] [pid 3302:tid 139857554073536] SSL Library Error: error:0A00018F:SSL routines::ee key too small
AH00016: Configuration FailedIf I am interpreting the log correctly it is telling me that the rsa key in /etc/ssl/certs/server.crt is too small. Checking the certificate I do indeed see
Code:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)Therefore I am assuming that I just need to regenerate this certificate with a 2048 or 4096 key. Unfortunately I set up openssl for httpd several years ago and I can't find my notes. Also online I can't find anything that specifically details the commands to generate this particular certificate. Can someone advise the command(s) to regenerate this certificate with a larger key or if I have misinterpreted what the log is telling me advise what I can do to fix this. I have been able to start httpd every time I reboot, after updates usually, because I check it each time I reboot. Therefore I know this just happened with the upgrade to openssl--perhaps the 1024 key is not acceptable anymore? Thanks for any and all help.