Looking for example of ssl.conf file

Hi :smile:

I seem to be completely unable to get the configure scripts to allow me to configure ssl. Can any post the contents of their kaltura.ssl.conf file from a 9.x or newer install?



When you run the install, it should prompt you like so:

Apache virtual hostname ]
(Must be accessible from both inside the machine and from any clients / browsers that will use Kaltura):

Vhost port to listen on [80]: 443

Is your Apache working with SSL?[Y/n]
Please input path to your SSL certificate[/etc/ssl/certs/localhost.crt]:

Please input path to your SSL key[/etc/pki/tls/private/localhost.key]:

Please input path to your SSL chain file or leave empty in case you have none:

Which port will this Vhost listen on? [443]

Just input your own certs of course, instead of the defaults.

Hi Jess,

Thanks for replying. I just tried re-running
rm /opt/kaltura/app/base-config.lock

I did
Vhost port to listen on [80]: 443

…but was never asked the rest. I re-ran kaltura-front-config.sh and am then given the message “It is recommended that you do work using HTTPs. Would you like to continue anyway?[N/y]”, which is a dead end.

Now. My kaltura will not load at all… just the default apache page.

SO. My though is to either,

a) remove /etc/httpd/conf.d/ssl.conf and try again OR
b) completely remove kaltura and start again from scratch

If I start from scratch again, should I still remove /etc/httpd/conf.d/ssl.conf first?

I appreciate any wisdom you might have.


Ps. I have checked and there is nothing about IS_SSL=Y/N in /etc/kaltura.d/system.ini either

Hi Vern,

You do not need to remove Kaltura, it is built so you can always reconfigure, I myself do it all the time:)
Please run:
# bash -x /opt/kaltura/bin/kaltura-front.sh
Answer the questions and paste the output here so I can better understand what’s happening.


Thanks Jess,

The output is nearly 6,000 lines, much of which is stuff like this
Handle 0x0042, DMI type 4, 35 bytes
Processor Information
Socket Designation: CPU socket #62
Type: Central Processor
Family: Unknown
Manufacturer: 000000000000
ID: 00 00 00 00 00 00 00 00
Version: Unknown Processor
Voltage: 3.3 V
External Clock: Unknown
Max Speed: 30000 MHz
Current Speed: Unknown
Status: Unpopulated
Upgrade: ZIF Socket
L1 Cache Handle: 0x00D0
L2 Cache Handle: 0x00D1
L3 Cache Handle: Not Provided
Serial Number: Not Specified
Asset Tag: Not Specified
Part Number: Not Specified

Do you want me to edit it a bit, or just paste it as is?

Lets be more specific:)
Edit kaltura-front-config.sh and put
set -x
if [ -z “$IS_SSL” ];then

And then:
set +x
if [ -z “$CONFIG_CHOICE” ];then

Then run as usual without -x
This should narrow the output down a lot.

Well, that’s a bit better. There was still some lines like above in there, but I have removed them. Here is what is left.

Something different did happen this time. I did get asked for port, but not for ssl file locations. It wrote something though, and wouldn’t start because of the default ssl.conf file clashing. I moved it, and tried to restart httpd. It did restart, but https will not work, and http is now pointing to the default apache page. Progress of a sort :wink:

I have put the ouput here, as it is too many characters for a forum post


OK so, our problem starts here:

  • ‘[’ -z false ‘]’
  • ‘[’ false ‘!=’ Y -a false ‘!=’ 1 -a false ‘!=’ y -a false ‘!=’ true ‘]’

This is the output for:
if [ -z “$IS_SSL” ];then
and then
if [ “$IS_SSL” != ‘Y’ -a “$IS_SSL” != 1 -a “$IS_SSL” != ‘y’ -a “$IS_SSL” != ‘true’ ];then

This means that somewhere along the line, you have IS_SSL set to the value ‘false’.
It can come from multiple files the front-config.sh script sources these are:
Or, an answer file you are passing the script but in this case, we know you are not using an answer file because you get prompts.

Can you please paste your /etc/kaltura.d/system.ini but mask passwds?

That’s been confusing me too… I should say, I have run base and front config scripts several times since the install. I have also updated from 9.18 to 10.2.

more /etc/kaltura.d/system.ini






It ultimately turned out to be the :80 specified in the SERVICE_URL that was causing the front-config file to not ask me setup questions for adding SSL after the fact.