Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-3010

apache ssl stapling error

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • None

    Description

      2020-11-04 23:41:48
      		 
      [ssl:error] [pid 131:tid AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / issuer: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / serial: 4C56 / notbefore: Apr 30 19:10:58 2020 GMT / notafter: Apr 30 19:10:58 2021 GMT]
      		 
      [ssl:error] [pid 131:tid AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / issuer: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / serial: 4C56 / notbefore: Apr 30 19:10:58 2020 GMT / notafter: Apr 30 19:10:58 2021 GMT]2020-11-04 23:41:48
      		 
      [ssl:error] [pid 131:tid AH02235: Unable to configure server certificate for stapling
      		 
      [ssl:error] [pid 131:tid AH02235: Unable to configure server certificate for stapling2020-11-04 23:41:48
      		 
      [ssl:error] [pid 131:tid AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / issuer: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / serial: 4C56 / notbefore: Apr 30 19:10:58 2020 GMT / notafter: Apr 30 19:10:58 2021 GMT]
      		 
      [ssl:error] [pid 131:tid AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / issuer: emailAddress=root@ae6adddc724e,CN=ae6adddc724e,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- / serial: 4C56 / notbefore: Apr 30 19:10:58 2020 GMT / notafter: Apr 30 19:10:58 2021 GMT]2020-11-04 23:41:48
      		 
      [ssl:error] [pid 131:tid AH02235: Unable to configure server certificate for stapling
      		 
      [ssl:error] [pid 131:tid AH02235: Unable to configure server certificate for stapling

       

      self signed cert?
       --> disable OCSP stappling with SSLUseStapling off in your VirtualHost section.

      grouperScriptHooks.sh

      grouperScriptHooks_setupFilesPost() {
      		 
        sed -i "s|# HSTS (mod_headers is required) (15768000 seconds = 6 months)|SSLUseStapling Off|g" /etc/httpd/conf.d/ssl-enabled.conf
      		 
        echo "pennContainer; INFO: (grouperScriptHooks.sh-grouperScriptHooks_setupFilesPost) sed -i \"s|# HSTS (mod_headers is required) (15768000 seconds = 6 months)|SSLUseStapling Off|g\" /etc/httpd/conf.d/ssl-enabled.conf  , result=$?"
      		 
      }

       

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: