Upgrade from RHEL 4.8 to 5.3

By | 2009/07/30

I recently spent a weekend upgrading a Linux machine from RHEL 4.8 to RHEL 5.3. It was not a fun experience.

First, we tried to do an in-place upgrade. RedHat allows this, but recommends against it. The box rebooted fine, but apache wouldn’t start up. During a call to RedHat support (wonderfully friendly group, btw), we were told to do a reinstall of the OS, not an in-place upgrade.

OK, reinstall of the machine. Again, apache won’t start. We’re using a heavily customized httpd.conf file. The problem: The module names have changed between apache versions: 2.0 used in RHEL 4.8 and 2.2, used in RHEL 5.3. The fix was to compare the httpd.conf clean version to our customized version and change the module names, where necessary. Done. Apache starts up correctly now. Solution to this problem was provided promptly by RedHat Support.

Next issue: eth0 and eth1 are reversed. We are still attempting to confirm this, but it appears that RedHat grabbed a different NIC card for eth0 and reversed it with eth1. I don’t think this causes any actual problems, so we’ll move on to the next issue.

SSL is broken. All of our SSL certificates are giving security warnings, as if something has changed. We copied them back in and they *look* normal, but every domain gives an SSL warning when we attempt to connect over https. I’ve got 2 vendors helping me and so far they’re both stumped. RedHat isn’t particularly helpful on this issue.

sslerror

My vendors were unable to identify the problem. I finally found the solution by researching online and stumbling across this page: Setting up SSL Certificates on Apache. While stepping through these instructions, I came across the section that explains how to configure the https VirtualHosts in httpd.conf. It is this section of httpd.conf that points to the location of the SSL certificates. Example:

<VirtualHost 192.168.1.1:443>
     DocumentRoot /var/www/html
     ServerName 192.168.1.98
     ServerAdmin someone@your.domain
     ErrorLog /etc/httpd/logs/ssl_error_log
     TransferLog /etc/httpd/logs/ssl_access_log
     SSLEngine On
     SSLCertificateFile /etc/httpd/conf/ssl.crt/name-cert.pem
     SSLCertificateKeyFile /etc/httpd/conf/ssl.key/name-key.pem
    <Files ~ "\.(cgi|shtml|php)$">
      SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
      SSLOptions +StdEnvVars
    </Directory>
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    CustomLog /etc/httpd/logs/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

Our httpd.conf does not contain any port 443 configuration info, which means we must be using ssl.conf instead. The solution to our problem is simply to restore the ssl.conf file into the proper place, which is: /etc/httpd/conf.d. After this file was copied into place, SSL certificates worked fine. Problem solved.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.