[LON-CAPA-admin] Files not replicating to fresh CENTOS 7 install access server

Lucas, Mark lucasm at ohio.edu
Wed Jan 14 13:17:18 EST 2015 

Stuart,

The script returns:

[root at capa8 admin]# ./checkssl 
URL check failed
status: 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed)

So is there a perl package missing from the dependencies?

As for the directory:
OPENSSLDIR: "/etc/pki/tls”

I have not done much of anything with certificates. Is there anything I should be doing
in the /etc/pki/tls/certs directory?

Thanks!
Mark


On Jan 14, 2015, at 12:55 PM, Stuart Raeburn <raeburn at msu.edu> wrote:

> Mark,
> 
>> ca-certificates is installed.
> 
> The LONCAPA-prerequisites rpm for CentOS 7 (rev. 1-23.2) includes a  
> dependency on ca-certificates, so I would expect it to be installed.
> 
> Some things to try ...
> 
> 1. Use openssl version -d
> to determine which directory contains the certs subdirectory where the  
> trusted CA certs are located (usually /etc/pki/tls/certs).
> 
> 2. Run the following test script on the command line on  
> capa8.phy.ohiou.edu (as user www) and report the output:
> 
> #!/usr/bin/perl
> use LWP::UserAgent;
> use IO::Socket::SSL;
> use strict;
> 
> my $ua = LWP::UserAgent->new(
>    ssl_opts => {
>       verify_hostname => 1,
>       SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE,
>    },
> );
> my $response = $ua->get('https://s10.lite.msu.edu/adm/dns/hosts');
> print "URL check ", $response->is_success ? 'succeeded' : 'failed', "\n";
> print "status: ".$response->status_line."\n";
> 
> 
> Stuart Raeburn
> LON-CAPA Academic Consortium
> 
> 
> Quoting "Lucas, Mark" <lucasm at ohio.edu>:
> 
>> Hi,
>> 
>> Last week I brought capa8.phy.ohiou.edu (ohioua4) back up into the   
>> cluster with a fresh CENTOS7
>> install.
>> 
>> At this point it does not seem to be replicating resources from sfu,  
>> msu, uiuc or gwu (I think all https
>> domains) but does replicate resources from wiley and some others.   
>> Other machines (for example,
>> ohioua2, running CENTOS 6) are fine.
>> 
>> ca-certificates is installed. Is there something special I need to   
>> do to in the way of getting a certificate
>> for this server even though I'm not yet running https for machines   
>> in my domain?
>> 
>> Thanks,
>> Mark
>> 
>> --
>> Mark Lucas 								email: lucasm at ohiou.edu
>> 252D Clippinger Lab						phone: (740)597-2984
>> Department of Physics and Astronomy		fax: (740)593-0433
>> Ohio University
>> Athens, OH 45701
>> 
>> _______________________________________________
>> LON-CAPA-admin mailing list
>> LON-CAPA-admin at mail.lon-capa.org
>> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
> 
> 
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin

-- 
Mark Lucas 								email: lucasm at ohiou.edu
252D Clippinger Lab						phone: (740)597-2984
Department of Physics and Astronomy		fax: (740)593-0433
Ohio University
Athens, OH 45701

More information about the LON-CAPA-admin mailing list