Thanks Reshma for pointing out the issue, here. Yes I will work on a rebuild, keep you posted...
Original Message:
Sent: Thu June 05, 2025 08:53 AM
From: RESHMA KUMAR
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Yes , that helps.
From the dump output , it looks like the module is not built properly. It is linking to both libcrypto.so.1.1(openssl 1.1.1) and libcrypto.so.3(openssl 3). Can you rebuild this module with just openssl3 and try?
------------------------------
RESHMA KUMAR
Original Message:
Sent: Thu June 05, 2025 08:43 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Reshma, does this help,
# dump -X32_64 -Hov /opt/freeware/lib/httpd/modules/mod_auth_openidc.so
/opt/freeware/lib/httpd/modules/mod_auth_openidc.so:
***Object Module Header***
# Sections Symbol Ptr # Symbols Opt Hdr Len Flags
5 0x000ba25c 31544 72 0x3002
Flags=( EXEC DYNLOAD SHROBJ DEP_SYSTEM )
Timestamp = "06 Sep 08:51:12 2023"
Magic = 0x1df (32-bit XCOFF)
***Optional Header***
Tsize Dsize Bsize Tstart Dstart
0x0006bf4c 0x000031b4 0x00000028 0x10000150 0x2000009c
SNloader SNentry SNtext SNtoc SNdata
0x0004 0x0000 0x0001 0x0002 0x0002
TXTalign DATAalign TOC vstamp entry
0x0005 0x0004 0x2000270c 0x0001 0xffffffff
maxSTACK maxDATA SNbss magic modtype
0x00000000 0x80000000 0x0003 0x010b RE
***Loader Section***
Loader Header Information
VERSION# #SYMtableENT #RELOCent LENidSTR
0x00000001 0x000002b9 0x000008a9 0x00000175
#IMPfilID OFFidSTR LENstrTBL OFFstrTBL
0x00000010 0x0000a964 0x00004420 0x0000aad9
***Import File Strings***
INDEX PATH BASE MEMBER
0 /opt/freeware/lib:/usr/lib:/lib
1 libaprutil-1.so
2 libldap.a libldap-2.5.so.0
3 liblber.a liblber-2.5.so.0
4 libexpat.a libexpat.so.1
5 libiconv.a libiconv.so.2
6 libapr-1.so
7 libcurl.a libcurl.so.4
8 libcjose.a libcjose.so.0
9 libjansson.a libjansson.so.4
10 libcrypto.a libcrypto.so.1.1
11 libcrypto.a libcrypto.so.3
12 libpcre.a libpcre.so.1
13 libc.a shr.o
14 libgcc_s.a shr.o
15 ..
------------------------------
Bradley Wells
Original Message:
Sent: Thu June 05, 2025 08:35 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hey Reshma,
Not yet rebuilt mod_auth_openidc I will need to create an environment with a working XLC.
# dump -Hov /opt/freeware/lib/httpd/modules/mod_auth_openidc.so
/opt/freeware/lib/httpd/modules/mod_auth_openidc.so:
dump: /opt/freeware/lib/httpd/modules/mod_auth_openidc.so: 0654-108 file is not valid in the current object file mode.
Use the -X option to specify the desired object mode.
Cheers,
Brad
------------------------------
Bradley Wells
Original Message:
Sent: Thu June 05, 2025 08:18 AM
From: RESHMA KUMAR
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hi Brad,
is mod_auth_openidc rebuilt with openssl3?
Can you share the output of "dump -Hov /opt/freeware/lib/httpd/modules/mod_auth_openidc.so" ?
------------------------------
RESHMA KUMAR
Original Message:
Sent: Thu June 05, 2025 05:11 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Morning Reshma,
Following updates - :-((
# ./httpd -k start
Segmentation fault
Kind regards,
Brad
------------------------------
Bradley Wells
Original Message:
Sent: Wed June 04, 2025 08:26 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hey Reshma,
Thank you for your help on this, results off the mod_auto_openidc,
# ldd /opt/freeware/lib/httpd/modules/mod_auth_openidc.so | grep ssl
/usr/lib/libssl.a(libssl.so.3)
/usr/lib/libssl.a(libssl.so.1.1)
lslpp -w /usr/lib/libssl.a
File Fileset Type
----------------------------------------------------------------------------
/usr/lib/libssl.a openssl.base File
# lslpp -l openssl.base
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
openssl.base 3.0.15.1000 COMMITTED Open Secure Socket Layer
Just now running dnf update, 111 to update...
Cheers,
Brad
------------------------------
Bradley Wells
Original Message:
Sent: Wed June 04, 2025 06:42 AM
From: RESHMA KUMAR
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hi Brad,
Some of the rpms installed are built with openssl 1.1(like curl,openldap). So, please run "dnf update" to update to the latest versions.
In addition, if auth_openidc_module is linking to openssl library, then you might need to rebuild this module as well with openssl3. You can check this by executing ldd command (like "ldd mod_auth_openidc.so")
------------------------------
RESHMA KUMAR
Original Message:
Sent: Mon June 02, 2025 06:32 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hey Reshma,
Sure,
# rpm -qa --last
1747903428 mod_ssl-2.4.63-1.ppc Thu 22 May 09:43:48 2025
1747903426 httpd-devel-2.4.63-1.ppc Thu 22 May 09:43:46 2025
1747903414 mod_proxy_html-2.4.63-1.ppc Thu 22 May 09:43:34 2025
1747903414 libxml2-2.12.9-1.ppc Thu 22 May 09:43:34 2025
1747903410 httpd-2.4.63-1.ppc Thu 22 May 09:43:30 2025
1747903351 expat-2.6.3-1.ppc Thu 22 May 09:42:31 2025
1745412708 AIX-rpm-7.3.2.1-13.ppc Wed 23 Apr 13:51:48 2025
1715329405 apr-util-devel-1.6.3-2.ppc Fri 10 May 09:23:25 2024
1715329401 apr-devel-1.7.4-1.ppc Fri 10 May 09:23:21 2024
1715329392 pkg-config-0.29.2-2.ppc Fri 10 May 09:23:12 2024
1715258581 ca-certificates-2023.2.60-2.ppc Thu 9 May 13:43:01 2024
1715258349 curl-devel-8.6.0-1.ppc Thu 9 May 13:39:09 2024
1715258286 libssh2-devel-1.10.0-2.ppc Thu 9 May 13:38:06 2024
1715258285 curl-8.6.0-1.ppc Thu 9 May 13:38:05 2024
1715079623 perl-5.38.2-1.ppc Tue 7 May 12:00:23 2024
1715079295 gdbm-1.23-1.ppc Tue 7 May 11:54:55 2024
1706178595 krb5-libs-1.21.2-1.ppc Thu 25 Jan 10:29:55 2024
1706178572 libnghttp2-1.55.1-1.ppc Thu 25 Jan 10:29:32 2024
1706178571 libssh2-1.10.0-2.ppc Thu 25 Jan 10:29:31 2024
1706178419 mod_perl-2.0.12-1.ppc Thu 25 Jan 10:26:59 2024
1706176831 apr-util-1.6.3-2.ppc Thu 25 Jan 10:00:31 2024
1706176829 pcre-8.44-2.ppc Thu 25 Jan 10:00:29 2024
1706176826 readline-8.2-1.ppc Thu 25 Jan 10:00:26 2024
1706176824 libunistring-0.9.10-1.ppc Thu 25 Jan 10:00:24 2024
1706176822 info-7.0.2-1.ppc Thu 25 Jan 10:00:22 2024
1706176820 gettext-0.21-2.ppc Thu 25 Jan 10:00:20 2024
1706176781 libiconv-1.17-1.ppc Thu 25 Jan 09:59:41 2024
1706176774 glib2-2.76.3-1.ppc Thu 25 Jan 09:59:34 2024
1706176747 libtextstyle-0.21-2.ppc Thu 25 Jan 09:59:07 2024
1706176747 libffi-3.4.4-2.ppc Thu 25 Jan 09:59:07 2024
1706176745 xz-libs-5.4.3-1.ppc Thu 25 Jan 09:59:05 2024
1706176744 pcre2-10.40-1.ppc Thu 25 Jan 09:59:04 2024
1706176743 openldap-2.5.16-1.ppc Thu 25 Jan 09:59:03 2024
1706176710 cyrus-sasl-2.1.28-1.ppc Thu 25 Jan 09:58:30 2024
1706176698 db-5.3.28-1.ppc Thu 25 Jan 09:58:18 2024
1706176684 bzip2-1.0.8-2.ppc Thu 25 Jan 09:58:04 2024
1706176679 libgomp-10-2.ppc Thu 25 Jan 09:57:59 2024
1706176679 libgomp10-10.3.0-6.ppc Thu 25 Jan 09:57:59 2024
1706176675 apr-1.7.4-1.ppc Thu 25 Jan 09:57:55 2024
1706176673 ncurses-6.4-1.ppc Thu 25 Jan 09:57:53 2024
1706176385 libstdc++-10-2.ppc Thu 25 Jan 09:53:05 2024
1706176384 zlib-1.2.13-1.ppc Thu 25 Jan 09:53:04 2024
1706176381 libstdc++10-10.3.0-6.ppc Thu 25 Jan 09:53:01 2024
1706176353 libgcc-10-2.ppc Thu 25 Jan 09:52:33 2024
1706176352 libgcc10-10.3.0-6.ppc Thu 25 Jan 09:52:32 2024
1706175536 python3-gpg-1.13.1-64_3.ppc Thu 25 Jan 09:38:56 2024
1706175535 python3-librepo-1.11.0-64_2.ppc Thu 25 Jan 09:38:55 2024
1706175535 python3-libdnf-0.39.1-64_5.ppc Thu 25 Jan 09:38:55 2024
1706175535 python3-hawkey-0.39.1-64_5.ppc Thu 25 Jan 09:38:55 2024
1706175507 yum-4.2.17-64_6.noarch Thu 25 Jan 09:38:27 2024
1706175507 python3-libcomps-0.1.15-64_1.ppc Thu 25 Jan 09:38:27 2024
1706175506 dnf-automatic-4.2.17-64_6.noarch Thu 25 Jan 09:38:26 2024
1706175506 dnf-4.2.17-64_6.noarch Thu 25 Jan 09:38:26 2024
1706175505 python3-dnf-4.2.17-64_6.noarch Thu 25 Jan 09:38:25 2024
1706175504 python3.9-dnf-4.2.17-64_6.noarch Thu 25 Jan 09:38:24 2024
1706175496 python3.9-libcomps-0.1.15-64_1.ppc Thu 25 Jan 09:38:16 2024
1706175495 libcomps-0.1.15-64_1.ppc Thu 25 Jan 09:38:15 2024
1706175494 p11-kit-tools-0.23.22-0.ppc Thu 25 Jan 09:38:14 2024
1706175493 p11-kit-0.23.22-0.ppc Thu 25 Jan 09:38:13 2024
1706175486 python3.9-librepo-1.11.0-64_2.ppc Thu 25 Jan 09:38:06 2024
1706175484 python3.9-hawkey-0.39.1-64_5.ppc Thu 25 Jan 09:38:04 2024
1706175483 python3.9-libdnf-0.39.1-64_5.ppc Thu 25 Jan 09:38:03 2024
1706175470 libdnf-0.39.1-64_5.ppc Thu 25 Jan 09:37:50 2024
1706175459 rpm-python3-4.15.1-64_4.ppc Thu 25 Jan 09:37:39 2024
1706175458 dnf-data-4.2.17-64_6.noarch Thu 25 Jan 09:37:38 2024
1706175457 rpm-python3.9-4.15.1-64_4.ppc Thu 25 Jan 09:37:37 2024
1706175455 python3.9-gpg-1.13.1-64_3.ppc Thu 25 Jan 09:37:35 2024
1706175447 librepo-1.11.0-64_2.ppc Thu 25 Jan 09:37:27 2024
1706175445 zchunk-libs-1.1.4-64_3.ppc Thu 25 Jan 09:37:25 2024
1706175444 libsmartcols-2.34-64_1.ppc Thu 25 Jan 09:37:24 2024
1706175443 libsolv-0.7.9-64_4.ppc Thu 25 Jan 09:37:23 2024
1706175442 libmodulemd-1.5.2-64_2.ppc Thu 25 Jan 09:37:22 2024
1706175440 libzstd-1.4.4-64_2.ppc Thu 25 Jan 09:37:20 2024
1706175439 python3-3.9.16-0.ppc Thu 25 Jan 09:37:19 2024
1706175437 python3.9-3.9.16-0.ppc Thu 25 Jan 09:37:17 2024
1671180630 unzip-6.0-3.ppc Fri 16 Dec 08:50:30 2022
1563539526 expect-5.45-3.ppc Fri 19 Jul 13:32:06 2019
1563539494 tcl-8.6.8-2.ppc Fri 19 Jul 13:31:34 2019
1558949612 sshpass-1.06-4.ppc Mon 27 May 10:33:32 2019
1432805503 less-382-1.ppc Thu 28 May 10:31:43 2015
]# /opt/freeware/sbin/httpd -M
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_prefork_module (shared)
authn_file_module (shared)
authn_core_module (shared)
authz_host_module (shared)
authz_groupfile_module (shared)
authz_user_module (shared)
authz_core_module (shared)
access_compat_module (shared)
auth_basic_module (shared)
socache_shmcb_module (shared)
reqtimeout_module (shared)
filter_module (shared)
mime_module (shared)
log_config_module (shared)
env_module (shared)
headers_module (shared)
setenvif_module (shared)
version_module (shared)
unixd_module (shared)
status_module (shared)
autoindex_module (shared)
cgi_module (shared)
dir_module (shared)
alias_module (shared)
rewrite_module (shared)
auth_openidc_module (shared)
proxy_module (shared)
proxy_http_module (shared)
proxy_html_module (shared)
xml2enc_module (shared)
ssl_module (shared)
perl_module (shared)
Thanks,
Brad
------------------------------
Bradley Wells
Original Message:
Sent: Mon June 02, 2025 05:44 AM
From: RESHMA KUMAR
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hi Brad,
Please share the output of "rpm -qa" and "/opt/freeware/sbin/httpd -M"?
------------------------------
RESHMA KUMAR
Original Message:
Sent: Fri May 30, 2025 05:50 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hey Reshma,
That did the trick, Apache HTTPD now starting, thanks.
I am seeing an error in error_log,
AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 3.0.13 30 Jan 2024 (OpenSSL 1.1.1x 30 Jan 2024), version currently loaded is 0x1010118F) - may result in undefined or erroneous behavior
AH01876: mod_ssl/2.4.63 compiled against Server: Apache/2.4.63, Library: OpenSSL/3.0.13
# openssl version
OpenSSL 3.0.15 3 Sep 2024 (Library: OpenSSL 3.0.15 3 Sep 2024)..
Not sure what I need to do to rectify error in Apache error_log file..?
Best regards,
Brad
------------------------------
Bradley Wells
Original Message:
Sent: Thu May 22, 2025 04:10 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Thank you Reshma, I will give that ago, keep you posted..
Kind regards,
Brad
------------------------------
Bradley Wells
Original Message:
Sent: Wed May 21, 2025 03:20 AM
From: RESHMA KUMAR
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hi Brad,
SSLCertificateChainFile parameter has been deprecated since version 2.4.8 and SSLCertificateFile was extended to support loading of intermediate CA certificates obsoleting SSLCertificateChainFile.
Can you comment "SSLCertificateChainFile .." line and try again?
For more information, please refer
https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile
------------------------------
RESHMA KUMAR
Original Message:
Sent: Thu May 15, 2025 02:49 AM
From: Bradley Wells
Subject: dnf uprade of Apache/http to httpd-2.4.63-1.ppc : AH01903: Failed to configure CA certificate chain!
Hi All,
Upgrading from httpd-2.4.58-1.ppc to httpd-2.4.63-1.ppc using dnf upgrade
On servers with self signed SSL Certs Apache starts up first time after upgrade, no problem.
On servers with SSL Digital Certs Apache fails to start and error_log shows - AH01903: Failed to configure CA certificate chain!
Current config in httpd-ssl.conf,
SSLCertificateFile "/var/ssl/certificate.crt"
SSLCertificateKeyFile "/opt/freeware/etc/httpd/conf/ssl.key/server.key"
SSLCertificateChainFile "/var/ssl/certificate.crt"
Any help or pointer appreciated please :)
Thank you,
Brad
------------------------------
Bradley Wells
------------------------------