[BlueOnyx:15375] SSL Bug in BX Admin Server

[Michael Aronoff]

I was on a vacation this last week and when I went to login to one of my
servers I got an SSL warning on my phone. Now this was strange as I recently
got a wildcard cert and Chris @ Virtbiz installed it on all of our BX
servers and they have been working fine on my desktop PC.

 

When I googled the problem many results seemed to indicate that this can
happen when the cert bundle is not installed. Your desktop browser might
have the bundle from another site you visit and will therefore work but if
you done use your mobile browser much then it would not have the bundle and
if your own server does not passit right then you get the error.

 

So the first thing I did was login to the GUI and sure enough the Cert
Authority was shown as installed on all servers.

 

So I went looking a bit deeper. I found that the CA certs are put in
/etc/admserv/certs/ca-certs and they were there as they should be.

I then looked in /etc/admserv/conf.d/ssl.conf and found that despite the
bundle being put in /etc/admserv/certs/ca-certs by the GUI they were not
called in the SSL.conf for the Admin webserver! Oops.

 

I found only:

SSLCertificateFile    /etc/admserv/certs/certificate

SSLCertificateKeyFile /etc/admserv/certs/key

 

I manually added the following below those two lines:

SSLCertificateChainFile /etc/admserv/certs/ca-certs

 

And after running,  service admserv restart the certs now work properly.

 

So TL:DR, even if you install the CA cert bundle in the GUI the ADMSERV will
not call it and it will not work right.

 

I hope this helps some others.

____________
M Aronoff Out

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140509/7119c11d/attachment.html>