HTTPD service could not start after installation of SSL certificate

Document ID : KB000050737
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Issue: After successfully installing a signed certificate from a public Certificate Authority, httpd service could not start: "Starting Apache ? Broken Pipe"

Fact: eHealth 6.2 on Solaris
Fact: eHealth 6.0
Fact: eHealth 6.1

Fact:

Sometimes nhManageSsl is closing its pipe prematurely
Put Apache in debug mode (Change $NH_HOME/web/httpd/conf/httpd.conf line "LogLevel warn" to "LogLevel debug")

The following entries show in the httpd-errors, show nhManageSsl binary could not receive the pass-phrase.

[info] Init: Seeding PRNG with 0 bytes of entropy
[info] Loading certificate & private key of SSL-aware server
[info] Init: Creating pass phrase dialog pipe child ' /usr/eHealth/web/webCfg/nhManageSsl -decrypt'
[info] Init: Requesting pass phrase via piped dialog
[debug] ssl_engine_pphrase.c(475): encrypted RSA private key - pass phrase requested

Problem Ticket: PRD00045343

Solution:

The issue documented above has been resolved in the following release(s):

This problem will be fixed in eHealth 6.2.2

Workaround:

The workaround is to create a shell wrapper for nhManageSsl, renaming the app itself to nhiManageSsl. This prevents nhManageSsl from closing pipe too early:

  1. Rename $NH_HOME/web/webCfg/nhManageSsl to nhManageSsl_orig

  2. Ceate an executable shell script in $NH_HOME/web/webCfg/ named "nhManageSsl" with the following content (replace <$NH_HOME> with actual $NH_HOME directory:

    #!/bin/sh
    <$NH_HOME>/web/webCfg/nhManageSsl_orig -decrypt

  3. Make $NH_HOME/web/webCfg/nhManageSsl executable:

    chmod +x $NH_HOME/web/webCfg/nhManageSsl

To test the result:

  1. Stop the web server: nhHttpd stop

  2. Run the following command to switch to SSL:

    nhWebProtocol -mode https -hostname <hostName> -certificate <cert>.crt -key <key>.key -passphrase <passPhrase>

  3. Start the web server: nhHttpd start

It should start normally.