ISPConfig installation halts on SuSE 9.0

Discussion in 'Installation/Configuration' started by sandman_ua, Feb 3, 2006.

  1. sandman_ua

    sandman_ua New Member

    ISPConfig installation halts on SuSE 9.0

    ... and so on - everything standard

    It halts after this lines:
    STEP 6: Generating X.509 certificate signed by own CA [server.crt]
    Certificate Version (1 or 3) [3]:
    Signature ok
    subject=/C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Webserver Team/CN=www.snakeoil.dom/[email protected]
    Getting CA Private Key
    Verify: matching certificate & key modulus
    Verify: matching certificate signature
    ../conf/ssl.crt/server.crt: OK

    Please help!...

    p.s. I've tryed simple and expert mode - everything is the same...
  2. falko

    falko Super Moderator Howtoforge Staff

    Aren't there any error messages before or after these lines?
  3. sandman_ua

    sandman_ua New Member

    no... and that is the point - no error messages before (as far I could view through the log) and, as I have mentioned before, no error messages, absolutely nothing after.... it just halts "OK" then carriage return and halts...
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe you entered some wrong characters in the SSL-Certificate steps 1 - 5. Please try to accept the defaults for all questions or post here what you entered there. Except your password ;)
  5. madmax

    madmax New Member

    Same problem here, on SUSE 9.1...

    The procedure seems to hang on:
    /root/ispconfig/openssl/bin/openssl verify -CAfile ../conf/ssl.crt/ca.crt ../conf/ssl.crt/server.crt

    If I run the same command by hand I got:
    Error loading file ../conf/ssl.crt/ca.crt
    19450:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('../conf/ssl.crt/ca.crt','r')
    19450:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
    19450:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:

    Any hint?
  6. sandman_ua

    sandman_ua New Member

    In steps 1-5 SSL certificate generation I've accepted only default values except of duration, that defauls to 365 and I entered 3650.
    (p.s. there were no password queries)
  7. madmax

    madmax New Member

    Same here.

    My system has been previously setup following the "Perfect setup for SUSE 9.2" guidelines.
    A few things here or there were different but I had no problem during setup, that also required CA certificate generation...
    I wonder if certificate information have to match somehow or if it's a whole differente world...
    Last edited: Feb 3, 2006
  8. falko

    falko Super Moderator Howtoforge Staff

    I'm not sure if this makes a difference, but are you using 32-bit or 64-bit systems? What's the output of
    uname -m
  9. madmax

    madmax New Member

    Mine is a 32bit system (i686 from uname -m)...

    I'm focusing on problems on postfix configuration... in expert mode I see that the virtusertable file on my system is actually a file named virtual.
    Don't know where to find the Local-Host-Names-File, though...

    I've also changed the www root directory to /srv/www/htdocs

    However, I get an error on step 3:
    Verify: matching certificate signature
    ../conf/ssl.crt/ca.crt: [...]
    error 18 at 0 depth lookup:self signed certificate

    and the setup would hang again on step 6, after the same step for server signature, but with no error...
    Verify: matching certificate signature
    ../conf/ssl.crt/server.crt: Ok

    Ok, I've seen the virtusertable is a ISPConfig file, so no messing with postfix's virtual file...

    Anyway, can't make it working... if I got time I'll erase the test server and start it up from scratch again...
    Last edited: Feb 3, 2006
  10. sandman_ua

    sandman_ua New Member

    uname -m

    p.s. sorry for delay. my SuSE was down for some time - I couldn't check uname. I still need help/advices/propositions
  11. sandman_ua

    sandman_ua New Member

    any suggestions? please...
  12. falko

    falko Super Moderator Howtoforge Staff

    I have no idea - I've never seen such a behaviour before... Are you sure you followed the "Perfect Setup" tutorial for your distribution to the letter?
  13. madmax

    madmax New Member

    I took my time and started again from scratch...

    - installed SUSE 9.1, minimal system
    - followed guideline for SUSE 9.2, I believe very close to 9.1

    During the preparation I had no errors and everything went smooth.

    Checked dist.txt and changed a couple of lines for SUSE 9.1:

    dist_mysql_group=[B]mysql [/B]##                                        # suse91
    dist_httpd_daemon=[B]apache2 [/B]##                                     # suse91
    Then I (tried to) install ISPConfig, choosed Expert mode and just changed ww root directory to /srv/www/htdocs

    The setup always hangs at this command:

     /root/ispconfig/openssl/bin/openssl verify -CAfile ../conf/ssl.crt/ca.crt ../conf/ssl.crt/server.crt

    Still don't know why... no error is shown... seems waiting for something...

    I tried the same command manually and actually it froze! But if I try the same command using the openssl NOT compiled by ISPConfig, the command correctly terminates...

    Is there a way to exclude parts of the setup? I mean, may I install ISPConfig skipping certificate generation?
    May I use the openssl command already in place rather than the ISPConfig's?
  14. falko

    falko Super Moderator Howtoforge Staff

    Yes, you can adjust the compilation options in the script install_ispconfig/compile_aps/compile.
  15. madmax

    madmax New Member

    If you mean changing --with-ssl={INSTALL_DIR}/openssl in --with-ssl, I've already tried it... no use...

    I'd like to change the bin path that's calling openssl in certification generation... but I'm still figuring out which makefiles to touch...
  16. falko

    falko Super Moderator Howtoforge Staff

    I'd try to change this:

    cd ../${MOD_SSL}
    ./configure --with-apache=../${APACHE} --with-ssl=${INSTALL_ROOT}/openssl --prefix=${INSTALL_ROOT}/httpd --enable-module=so || error "Could not configure Apache"
    cd ../${APACHE}
    make || error "Could not make Apache"
    make certificate TYPE=custom  || error "Could not make certificate for Apache"
    make install || error "Could not install Apache"
    cd ../${PHP}
    ./configure --with-apxs=${INSTALL_ROOT}/httpd/bin/apxs --enable-track-vars --enable-sockets --enable-mbstring=all --with-config-file-path=${INSTALL_ROOT}/php --enable-ftp --prefix=${INSTALL_ROOT}/php --with-openssl=${INSTALL_ROOT}/openssl --with-mysql=/usr --disable-libxml --disable-dom --disable-xml --disable-xmlreader --disable-xmlwriter --disable-simplexml --without-pear || error "Could not configure PHP"
    make || error "Could not make PHP"
    make install || error "Could not install PHP"
    ln -s ${INSTALL_ROOT}/php/bin/php ${INSTALL_ROOT}/php/php
    Instead of ${INSTALL_ROOT}/openssl you should use your distribution's openssl package.
  17. madmax

    madmax New Member

    I'll try it... even if I don't know exactely what to specify there... the bin directory? the include?

    In the meanwhile I took another direction... I installed SUSE 10 on a virtual machine and actually succeded in installing ISPConfig...

    Next, I'll try a new virtual machine with SUSE 9.1 and see if it makes any difference compared to the real system...
    I'll keep you updated...
  18. sandman_ua

    sandman_ua New Member

    I'm doing all the same at my live SuSE 9.0
    and my case is _*absolutelly*_ the same as by MADMAX

    at the moment I have the same question:
  19. falko

    falko Super Moderator Howtoforge Staff

    It's the parent directory of the bin and the include directory.
  20. sandman_ua

    sandman_ua New Member

    Have made it!!!

    While running setup manually step-by-step, I have reproduced all gusses by MADMAX and found out that openssl-0.9.8 that comes with last ISPConfig does not work on my Linux - SuSE 9.0.
    I've cheked what version is "native" to my Linux and it is openssl-0.9.7b, so
    the solution:

    I've downloaded source of openssl-0.9.7b from openssl site and substituted it in the install_ispconfig/compile_aps/ and changed openssl version in install_ispconfig/compile_aps/compile. And everyrhing went grate!

    P.S. Falko, I hope didn't break any dependency inside ISPConfig?

Share This Page