Issue: After successfully installing a signed certificate from a public Certificate Authority, httpd service could not start: "Starting Apache ? Broken Pipe"
Fact: eHealth 6.2 on Solaris
Fact: eHealth 6.0
Fact: eHealth 6.1
Sometimes nhManageSsl is closing its pipe prematurely
Put Apache in debug mode (Change $NH_HOME/web/httpd/conf/httpd.conf line "LogLevel warn" to "LogLevel debug")
The following entries show in the httpd-errors, show nhManageSsl binary could not receive the pass-phrase.
[info] Init: Seeding PRNG with 0 bytes of entropy
[info] Loading certificate & private key of SSL-aware server
[info] Init: Creating pass phrase dialog pipe child ' /usr/eHealth/web/webCfg/nhManageSsl -decrypt'
[info] Init: Requesting pass phrase via piped dialog
[debug] ssl_engine_pphrase.c(475): encrypted RSA private key - pass phrase requested
Problem Ticket: PRD00045343
The issue documented above has been resolved in the following release(s):
This problem will be fixed in eHealth 6.2.2
The workaround is to create a shell wrapper for nhManageSsl, renaming the app itself to nhiManageSsl. This prevents nhManageSsl from closing pipe too early:
- Rename $NH_HOME/web/webCfg/nhManageSsl to nhManageSsl_orig
- Ceate an executable shell script in $NH_HOME/web/webCfg/ named "nhManageSsl" with the following content (replace <$NH_HOME> with actual $NH_HOME directory:
- Make $NH_HOME/web/webCfg/nhManageSsl executable:
chmod +x $NH_HOME/web/webCfg/nhManageSsl
To test the result:
- Stop the web server: nhHttpd stop
- Run the following command to switch to SSL:
nhWebProtocol -mode https -hostname <hostName> -certificate <cert>.crt -key <key>.key -passphrase <passPhrase>
- Start the web server: nhHttpd start
It should start normally.