Problems with SSL certificate in httpd-2.0.40-21.17.legacy

Andres Adrover Kvamsdal listas at andreso.net
Sun Jul 3 18:31:49 UTC 2005 

Hello,

I moved a web application from a RH9 server to another RH9 server 
tarring the whole /etc/httpd directory structure on the first server and 
untarring it in the second server.  There are no IPs in the server 
configuration so even though the second server has a different IP there 
should be no problems on that count.  I also set the original server's 
IP address as an alias for the second server so the second server now 
answers to its original IP address as well as to the first server's IP 
address.  Both servers are on a demilitirized zone so they each have a 
public IP.  Now two public IPs are routed to different IP aliases on one 
server.

I also upgraded the RH9 to the latest from the Fedora Legacy 
repositories and apache and mod_ssl were upgraded to 2.0.40-21.17.legacy

Originally one could access the web site very fast and https worked 
correctly.  Now there is a 20 second delay acessing the domain name that 
pointed to the original server and https gives a warning of the 
certificate not being issued by a recognized authority.

SSH works correctly and indicates there is a 20 second delay between the 
moment i ask for the web page in the browser until the request appears 
in the access log.

A working mod_ssl installation has become annoying informing that the 
certificate is not issued by a known authority.

First question.  Is httpd-2.0.40-21.17.legacy buggy so that SSL 
certificates no longer work or have I broken something with the routing 
hell I have set up.

Second Question.  Does anybody know what is going on with the long delay 
  before the server receives the request.  In other words, what kind of 
routing hell I have set up.

Public IP 1 routes to private IP 1 which is defined by 
/etc/sysconfig/network-scripts/ifcfg-eth0

Domain name points to Public IP 2 which is routed to private IP 2 which 
is an IP alias for the same server and is defined by 
/etc/sysconfig/network-scripts/ifcfg-eth0:1

The server answers to both IP adresses and ssh works without any 
problems to Public IP 2.

Next thing we are going to try is
domain name points to public address 2 which is then routed to Private 
address 1 which is the one and only Ip of the server.  This brings me to 
the second question:  Would it cause problems for this server to be 
accessible by two public IP addresses

Andres

More information about the fedora-legacy-list mailing list