[BlueOnyx:10111] SSL-Certificates overridden by last YUM-Update (base-dns)

Tobias Gablunsky t.gablunsky at cbxnet.de
Wed Apr 11 06:17:59 -05 2012 

Hi List,

yesterday there was a packet update that deleted the ssl files: "certificate", "key" and "ca-certs" in the certs directory of a site on the machine and created new ones. Additionally the files that sendmail uses (/usr/share/ssl/certs/ca-bundle.crt and /usr/share/ssl/certs/sendmail.pem) were overridden with newly created ones.

As neither sendmail nor httpd have been updated their configuration didn't get updated.

But why have these certificates been overridden? They have all been installed by hand - the certificate for the webserver because of the known SSL-problem of the GUI and the sendmail certificate because I do not know another way to import an officially signed certificate.

List of changes reported by /var/log/yum:
Apr 10 06:00:26 Updated: base-dns-glue-1.1.0-93BX40.el6.noarch
Apr 10 06:00:27 Updated: base-dns-ui-1.1.0-93BX40.el6.noarch
Apr 10 06:00:28 Updated: base-dns-locale-ja_JP-1.1.0-93BX40.el6.noarch
Apr 10 06:00:28 Updated: base-dns-capstone-1.1.0-93BX40.el6.noarch
Apr 10 06:00:30 Updated: base-dns-locale-ja-1.1.0-93BX40.el6.noarch
Apr 10 06:00:31 Updated: base-dns-locale-en_US-1.1.0-93BX40.el6.noarch
Apr 10 06:00:32 Updated: base-dns-locale-de_DE-1.1.0-93BX40.el6.noarch
Apr 10 06:00:33 Updated: base-dns-locale-da_DK-1.1.0-93BX40.el6.noarch

It is not a big problem at the moment as I restored my certificates from a backup and made the files immutable - but I think to know the reason would be good anyway.

Regards,

Tobias Gablunsky
Servertechnik
Server Management
____________________________________________

CBXNET combox internet GmbH
Lützowstr. 106 | 10785 Berlin
Tel: +49 (30) 5900 69-41
Fax: +49 (30) 5900 69-99
www.cbxnet.de
 
Event Connect - Internet für Ihren Event!
Tel: +49 (30) 5900 69-80
www.event-connect.de
 
Amtsgericht Berlin-Charlottenburg HRB 71171
Geschäftsführer: Lutz Treutler 

> -----Original Message-----
> From: blueonyx-bounces at mail.blueonyx.it 
> [mailto:blueonyx-bounces at mail.blueonyx.it] On Behalf Of 
> Maurice de Laat
> Sent: Wednesday, April 11, 2012 12:43 AM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:10106] Re: Error on SSL-cert import
> 
> Hi Chris,
> 
> On Tue, Apr 10, 2012 at 10:30:06AM -0500, Chris Gebhardt - VIRTBIZ 
> Internet wrote:
> 
> > Hmmm.  Will this negatively impact any other operations for a site?
> 
> Not that I've noticed. I have it like this for about 6 months 
> now on a 
> site.
> 
> I've installed another ssl site (by hand, not by GUI) last 
> week (also on 
> 5107R), but did in that case I didn't needed this trick to 
> get it working. 
> Perhaps because that latest site doesn't have any web server aliases, 
> where as the site that needed this line remarked does.
> -- 
> Maurice de Laat
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>

More information about the Blueonyx mailing list