Kaltura.ssl.conf.template still no good in Kaltura 12.17 on RHEL6

stanrate · June 9, 2017, 7:11am

I had to change kaltura.ssl.conf.template via the following sed to prevent the config script failing:

sed -i ‘s/SSLCertificateChainFile @SSL_CERTIFICATE_CHAIN_FILE@/SSLCACertificateFile @SSL_CERTIFICATE_CHAIN_FILE@/g’ /opt/kaltura/app/configurations/apache/kaltura.ssl.conf.template

Here are the messages I saw when I ran the config script the first time:

========================================================================================================================
Kaltura install answer file written to /tmp/kaltura_09_06_16_23.ans - Please save it!
This answers file can be used to silently-install re-install this machine or deploy other hosts in your cluster.

Stopping httpd: [ OK ]
Starting httpd: Syntax error on line 21 of /etc/httpd/conf.d/zzzkaltura.ssl.conf:
SSLCertificateChainFile: file ‘/etc/httpd/@SSL_CERTIFICATE_CHAIN_FILE@’ does not exist or is empty
[FAILED]

kaltura-front-config.sh FAILED with: 1 on line 290

Archving logs to /opt/kaltura/log/log_09_06_17_16_23.tar.gz…
ERROR: /opt/kaltura/bin/kaltura-front-config.sh failed:( You can re-run it when the issue is fixed.

After running my sed, the config script completed successfully on the next run.

Thanks.

jess · June 9, 2017, 10:02am

Hi @stanrate,

I need a bit more info from you in order to understand what happened… can you please provide the resulting answer file generated by your inputs as well as the CE version used?

Essentially, this piece of action is handled in /opt/kaltura/bin/kaltura-front-config.sh, like so:

        MAIN_APACHE_CONF=$KALTURA_APACHE_CONF/kaltura.ssl.conf
        if [ -r "$CHAIN_FILE" ];then
                sed -i "s^SSLCACertificateFile @SSL_CERTIFICATE_CHAIN_FILE@^SSLCACertificateFile $CHAIN_FILE^" $MAIN_APACHE_CONF
        else
                CA_FILE="NO_CA"
                sed -i "s^SSLCACertificateFile @SSL_CERTIFICATE_CHAIN_FILE@^#SSLCACertificateFile @SSL_CERTIFICATE_CHAIN_FILE@^" $MAIN_APACHE_CONF
        fi

So, if a CA/Chain file was provided during prompting and the file exists, the @SSL_CERTIFICATE_CHAIN_FILE@ token will be replaced with that input, otherwise, the following sed command will be executed:

sed -i "s^SSLCACertificateFile @SSL_CERTIFICATE_CHAIN_FILE@^#SSLCACertificateFile @SSL_CERTIFICATE_CHAIN_FILE@^" $MAIN_APACHE_CONF

Which would comment out the SSLCACertificateFile directive in /opt/kaltura/app/configurations/apache/kaltura.ssl.conf, like so:

#SSLCACertificateFile @SSL_CERTIFICATE_CHAIN_FILE@

Thanks,