Saturday, October 23, 2010

Fun with SSL

I am working on a project where mutual authentication with SSL has to be done between a Apache mod_proxy and some proxy server at a third party.

I personally did not designed or built the system and after doing an upgrade of httpd one of the instances did not restart when I told it to. It went down and said SSL is already loaded ... fail.

The idea of this server is to listen to tcp/443 and based on the URI redirect to a virtual host running on a specific port. These virtual hosts do some mod_rewrite magic and inject the SSL certificate and then connect to the third party. According to the project manager this can only be done with mod_proxy and no other proxy would allow you to do this.

I tried to restart the other virtual hosts and they went down and up without any problems. So it was just the httpd listening on port 443 that was not coming up.

Since Google is your friend when you got an error message that basically just tells you "sorry, SSL is already in use". I looked at a couple of forum posts and it was pretty clear immediately that it had something to do with the http.conf file.

In the httpd.conf file there was an include directive to load all .conf files from a conf.d directory. So analyzing them one by one I figured out that one of them contained the instructions to load the mod_ssl.so and of course there was the mod_ssl configuration file which loads mod_ssl.so as well.

Once I commented out the lines in the other file everything was back up and running.

The RedHat Network

This week I was asked to upgrade RedHat Enterprise server for a customer. I personally use Ubuntu, and not being part of my company's linux group, it was totally new to me. The reason I blog about this is not because it was technically challenging but it took me quite some effort to figure out how it worked.

When you order a license at RedHat, you need to provide an e-mail address. In my case this was the one of the CIO of my customer. The next thing that happens is that the reseller (my company) receives an e-mail with the confirmation of the purchase and the customer receives an email with a link.

It is very important that the customer clicks this link and fills out the form. During this registration he must choose a customer name and password. Once the account is created you have to run the rhn_register command as root.

This takes you through a script where your server connects to the RHN asks for your customer name and password and gathers information about your system. Once your system is registered you can use the yum package manager to actually upgrade the system.

Wednesday, October 6, 2010

Bleachbit

Today I discovered the existance of bleachbit. Bleachbit is a nifty little tool that helps you clean up personal info in linux.