[Eisfair] Probleme mit apache und den Zertifikaten
Stefan Puschek
stefan.puschek at t-online.de
Mi Sep 20 20:44:44 CEST 2017
Hallo Leute,
im Logfile vom Indianer (wird _NUR_ intern genutzt - von aussen nicht
erreichbar) finde ich permanent
...
192.168.6.7 - - [20/Sep/2017:20:31:01 +0200] "HEAD /certs/crl.pem
HTTP/1.1" 404
- "-" "Wget/1.18 (linux-gnu)" 161 185
192.168.6.7 - - [20/Sep/2017:20:31:02 +0200] "HEAD /certs/crl.pem
HTTP/1.1" 404
- "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) Gecko/20100101
Firefox/
53.0" 217 185
192.168.6.7 - - [20/Sep/2017:20:31:03 +0200] "GET /certs/crl.pem
HTTP/1.1" 404 2
11 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) Gecko/20100101
Firefox
/53.0" 216 417
192.168.6.7 - - [20/Sep/2017:20:32:01 +0200] "HEAD /certs/crl.pem
HTTP/1.1" 404
- "-" "Wget/1.18 (linux-gnu)" 161 185
192.168.6.7 - - [20/Sep/2017:20:32:02 +0200] "HEAD /certs/crl.pem
HTTP/1.1" 404
- "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) Gecko/20100101
Firefox/
53.0" 217 185
192.168.6.7 - - [20/Sep/2017:20:32:02 +0200] "GET /certs/crl.pem
HTTP/1.1" 404 2
11 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) Gecko/20100101
Firefox
/53.0" 216 417
...
die 192.168.6.7 ist die IP der Maschine selbst -
apache/mail/certs/mail-addon-certs/base/kernel alle aktuell
laut certs-update-crl.log
...
Sep 20 20:37:00 barbrady certs-update-crl[20071]:
/var/install/bin/certs-update-
crl --quiet --single http://barbrady.southpark.lan/certs/crl.pem
Sep 20 20:37:00 barbrady certs-update-crl[20071]: - downloading
'http://barbrady
.southpark.lan/certs/crl.pem' ...
Sep 20 20:37:02 barbrady certs-update-crl[20071]: - file
'http://barbrady.southp
ark.lan/certs/crl.pem' download failed!
Sep 20 20:37:02 barbrady certs-update-crl[20071]: - CRL file 'crl.pem'
doesn't e
xist, force download!
Sep 20 20:37:02 barbrady certs-update-crl[20071]: - job '161542'
(2017-09-19 20:
40->2017-09-20 20:40) created.
Sep 20 20:37:02 barbrady certs-update-crl[20071]: url:
http://barbrady.southpa
rk.lan/certs/crl.pem
Sep 20 20:37:02 barbrady certs-update-crl[20071]: finished.
...
barbrady _IST_ die 192.168.6.7 von oben
barbrady # pwd
/var/www/certs
barbrady # ls -la
total 16
drwxr-xr-x 2 root root 4096 Sep 20 20:04 .
drwxr-xr-x 9 root root 4096 Sep 20 20:07 ..
lrwxrwxrwx 1 root root 27 Sep 4 19:47 ca.crt ->
/var/certs/ssl/certs/ca.pem
lrwxrwxrwx 1 root root 27 Sep 4 19:47 ca.pem ->
/var/certs/ssl/certs/ca.pem
lrwxrwxrwx 1 root root 49 Sep 20 20:04 crl.pem ->
/var/certs/ssl/crl/barbrady.southpark.lan-crl.pem
lrwxrwxrwx 1 root root 34 Sep 4 19:47 index.html ->
/var/certs/ssl/web/x509policy.html
-rw-r--r-- 1 wwwrun nogroup 3291 Jan 7 2008 openssl_logo.png
-rw-r--r-- 1 wwwrun nogroup 1139 Jan 26 2015 x509policy.html
barbrady #
also ist die Datei zwar da, aber der Indianer darf wegen root:root wohl
nicht drauf zugreifen;
wie löse ich das Problem?
Groetjes
Stefan
Mehr Informationen über die Mailingliste Eisfair