Ubuntu
ssl-cert package

Bug #6772
Comment #3

Comment 3 for bug 6772

Revision history for this message

In Debian Bug tracker #229505, Fabio Massimo Di Nitto (fabbione) wrote on 2004-01-25: Re: Bug#229505: apache-ssl: post-installation script fails

Hi Michael,
this was a bug in ssl-cert that has been fixed in sid already and
it should enter testing in a couple of days.

Fabio

On Sun, 25 Jan 2004, Michael Kebe wrote:

> Fabio Massimo Di Nitto wrote:
> > Hi,
> > are you running testing? is this a fresh installation or an
> > upgrade?
>
> Yes, I am running testing. I think it was a fresh install, because I
> purge the previous installation...
>
> > Please provide me more information asap.
>
> I found the problem by myself:
>
> If you left one field in the dialog for the certificate empty you will get:
>
> > Setting up apache-ssl (1.3.29.0.1-3) ...
> > Generating a 1024 bit RSA private key
> > ...................++++++
> > .......++++++
> > writing new private key to '/etc/apache-ssl/apache.pem'
> > -----
> > problems making Certificate Request
> > 32587:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
> > dpkg: error processing apache-ssl (--configure):
> > subprocess post-installation script returned error exit status 1
> > Errors were encountered while processing:
> > apache-ssl
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
> And if you then try again "apt-get install apache-ssl" you will get (the
> message of my first report):
>
> > Setting up apache-ssl (1.3.29.0.1-3) ...
> > Starting web server: apache-sslProcessing config directory: /etc/apache-ssl/conf.d
> > failed
> > invoke-rc.d: initscript apache-ssl, action "start" failed.
> > dpkg: error processing apache-ssl (--configure):
> > subprocess post-installation script returned error exit status 1
> > Errors were encountered while processing:
> > apache-ssl
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
>
> So if left a field empty in the dialog for the creation of a certificate
> a corrupted "apache.pem" will be created:
>
> > ---- /var/log/apache-ssl/error.log ----
> > [Sun Jan 25 14:16:40 2004] [crit] Error reading server certificate file /etc/apache-ssl/apache.pem
> > [Sun Jan 25 14:16:40 2004] [crit] error:0906D06C:PEM routines:PEM_read_bio:no start line
> > -------------- 8< ---------------------
>
> and then on the second "apt-get install apache-ssl" the postinstall
> script just checks if there is a /etc/apache-ssl/apache.pem, and yes
> there is one, but one that is *corrupted*. So it will try to start
> apache-ssl, but it won't (see error.log)
>
> So maybe its a good thing to say in the dialog to fill out *every* field
> or to check if the apache.pem is correct and working.
>
> Greetings
> Michael
>

--
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Hi Michael,
	this was a bug in ssl-cert that has been fixed in sid already and
it should enter testing in a couple of days.

Fabio

On Sun, 25 Jan 2004, Michael Kebe wrote:

> Fabio Massimo Di Nitto wrote:
> > Hi,
> > 	are you running testing? is this a fresh installation or an
> > upgrade?
>
> Yes, I am running testing. I think it was a fresh install, because I
> purge the previous installation...
>
> > Please provide me more information asap.
>
> I found the problem by myself:
>
> If you left one field in the dialog for the certificate empty you will get:
>
> > Setting up apache-ssl (1.3.29.0.1-3) ...
> > Generating a 1024 bit RSA private key
> > ...................++++++
> > .......++++++
> > writing new private key to '/etc/apache-ssl/apache.pem'
> > -----
> > problems making Certificate Request
> > 32587:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
> > dpkg: error processing apache-ssl (--configure):
> >  subprocess post-installation script returned error exit status 1
> > Errors were encountered while processing:
> >  apache-ssl
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
> And if you then try again "apt-get install apache-ssl" you will get (the
> message of my first report):
>
> > Setting up apache-ssl (1.3.29.0.1-3) ...
> > Starting web server: apache-sslProcessing config directory: /etc/apache-ssl/conf.d
> >  failed
> > invoke-rc.d: initscript apache-ssl, action "start" failed.
> > dpkg: error processing apache-ssl (--configure):
> >  subprocess post-installation script returned error exit status 1
> > Errors were encountered while processing:
> >  apache-ssl
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>
>
> So if left a field empty in the dialog for the creation of a certificate
> a corrupted "apache.pem" will be created:
>
> > ---- /var/log/apache-ssl/error.log ----
> > [Sun Jan 25 14:16:40 2004] [crit] Error reading server certificate file /etc/apache-ssl/apache.pem
> > [Sun Jan 25 14:16:40 2004] [crit] error:0906D06C:PEM routines:PEM_read_bio:no start line
> > -------------- 8< ---------------------
>
> and then on the second "apt-get install apache-ssl" the postinstall
> script just checks if there is a /etc/apache-ssl/apache.pem, and yes
> there is one, but one that is *corrupted*. So it will try to start
> apache-ssl, but it won't (see error.log)
>
> So maybe its a good thing to say in the dialog to fill out *every* field
> or to check if the apache.pem is correct and working.
>
> Greetings
> Michael
>

-- 
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Ubuntussl-cert package

Comment 3 for bug 6772

Ubuntu
ssl-cert package