News

Issue of httpd stopping in Red Hat Enterprise Linux 5.8/6.2


[1/06/2017 Update]

Added supplementary explanation in Target.

Overview of issue

“httpd” in RHEL cannot start or was stopped from December 26th, 2016.

 

How to check

When meeting the conditions the error messages are displayed in /var/log/httpd/error_log
[error] Certificate not verified: ‘Server-Cert’
[error] SSL Library Error: -8181 Certificate has expired
[error] Unable to verify certificate ‘Server-Cert’. Add “NSSEnforceValidCerts off” to nss.conf so the server can start until the problem can be resolved.

Target

Virtual Server deployed from OS License RHEL5.8/6.2 Virtual Server Template in ECL1.0

(Including private catalog template based on these templates or  updated minor version Virtual Server (ex. 6.2->6.3) by customer. )

Cause

“mod_nss” certification is expired.
“mod_nss” is encryption module for Network Security Service in Apache Web Server.

Solution

Customer who does not use Network Security Services please configure following settings on Guest OS.
Add “NSSEnforceValidCerts off” in /etc/httpd/conf.d/nss.conf to configure.

 

For reference How to know certification expiration date

Please execute command below.

# certutil -L -d /etc/httpd/alias -n Server-Cert
(…)
Not Before: Tue Dec 15 06:23:34 2015
Not After : Sun Dec 15 06:23:34 2019 (expiration date)