Solutions

httpd service does not start on Director 5.5.x

Solutions ID:    KB5138
Version:    5.0
Status:    Published
Published date:    06/04/2013
Updated:    06/04/2013
 

Problem Description

IMPORTANT: This only applies to Director 5.5.x Do not perform this procedure on a Director appliance running Director 6.x.

If the httpd service fails to start on Director 5.5.x, you might see any or all of the following symptoms in the Director management console:

  • "Unable to launch management console" error message after entering login credentials
  • "Install SSL appliance certificate or ensure that 8085 port is accessible in Director to launch DMC" error message when entering login credentials 

This issue is often caused by a corrupt or missing SSL certificate for the httpd service.

To verify that this is the case, log in to Director through SSH, then run the following commands from enable mode:

conf 

shell

tail -f /var/log/http_ssl_error_log &

service httpd start 

If the SSL certificate is the cause of the problem, you see error messages such as:

[error] Init: Pass phrase incorrect
[error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
 

Resolution

  1. Generate a new self-signed certificate for the httpd service. Run the following commands from shell mode:

    mkdir /tmp/ssl
    cd /tmp/ssl
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out newbirth.crt
    mv /etc/httpd/conf/ssl.crt/birth.crt /etc/httpd/conf/ssl.crt/oldbirth.crt
    mv /etc/httpd/conf/ssl.key/priv.key /etc/httpd/conf/ssl.key/oldprivate.key
    mv /tmp/ssl/private.key /etc/httpd/conf/ssl.key/priv.key
    mv /tmp/ssl/newbirth.crt /etc/httpd/conf/ssl.crt/birth.crt
    service director stop
    service director start

  2. You should be able to log in to the management console.
    To verify that the httpd service has started, run the following command and review the output:

sh-3.2# ps aux | grep httpd
root      5369  0.0  0.1  11436  3988 ?        Ss   16:17   0:00 /usr/sbin/httpd
nobody    5371  0.0  0.0  11436  2244 ?        S    16:17   0:00 /usr/sbin/httpd
nobody    5372  0.0  0.0  11436  2240 ?        S    16:17   0:00 /usr/sbin/httpd
nobody    5373  0.0  0.0  11436  2240 ?        S    16:17   0:00 /usr/sbin/httpd
nobody    5374  0.0  0.0  11436  2240 ?        S    16:17   0:00 /usr/sbin/httpd
nobody    5375  0.0  0.0  11436  2240 ?        S    16:17   0:00 /usr/sbin/httpd
nobody    5376  0.0  0.0  11436  2240 ?        S    16:17   0:00 /usr/sbin/httpd
nobody    5377  0.0  0.0  11436  2240 ?        S    16:17   0:00 /usr/sbin/httpd
nobody    5378  0.0  0.0  11436  2240 ?        S    16:17   0:00 /usr/sbin/httpd
root      5384  0.0  0.0   1932   516 pts/0    S+   16:28   0:00 grep httpd


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question