Blog Archives

Renew a self-signed certificate with Eisfair

Go to Service Administration->Certs Service->Manage certificates. The script provides a menu to select the certificate and the its operations. Choose the certificate (1), like webserver or mailserver. Choose option 11 to renew the certificate request. Follow the screen output. Select 12 to sign the request with the CA certificate. Choose option 14 to create a new certificate and to copy it on the right place. Restart your webserver or mailserver process (/etc/init.d/).

If you have one certificate for multiple namebased hosts on your webserver, you shouldn’t select option 12. Instead follow the instructions on this blog entry: .

Cayenne-Modeler with Netbeans 6.9

It is possible to start the Cayenne modeler within Netbeans. Go to your Maven project and right-click on the project name. Choose Custom->Goals… and put “cayenne-modeler:run” (without quotes) into the first line. Click on “Remember as” and choose a name for the goal (like Cayenne-Modeler). Now you have a new menu item, which can start the modeler. But you need the associated plugin within the pom-file of the project. Go to “Project Files” and open the “pom.xml”. Add

<build>
<plugins>
<plugin>
<groupId>org.apache.cayenne.plugins</groupId>
<artifactId>maven-cayenne-modeler-plugin</artifactId>
</plugin>
</plugins>
</build>

Now you can open the modeler.

Tomcat-Apache connector

I have installed Tomcat 6 and Apache 2.0 to use some applications within Tomcat. To have access to the applications over ports 80/443 I have also installed the mod_jk connector. But I got error messages like

build_worker_map::jk_worker.c (236): creating worker ajp13
[Fri Mar 19 12:39:23 2010] [29970:16384] [debug]
wc_create_worker::jk_worker.c (141): about to create instance ajp13 of ajp13
[Fri Mar 19 12:39:23 2010] [29970:16384] [debug]
wc_create_worker::jk_worker.c (154): about to validate and init ajp13
[Fri Mar 19 12:39:23 2010] [29970:16384] [debug]
ajp_validate::jk_ajp_common.c (1806): worker ajp13 contact is
'localhost:8009'
[Fri Mar 19 12:39:23 2010] [29970:16384] [debug]
build_worker_map::jk_worker.c (248): removing old ajp13 worker
Found a wildchar match worker2 -> /hudson/*
[Fri Mar 19 12:39:34 2010] [29973:16384] [debug] jk_handler::mod_jk.c
(1839): Into handler jakarta-servlet worker=worker2 r->proxyreq=0
[Fri Mar 19 12:39:34 2010] [29973:16384] [debug]
wc_get_worker_for_name::jk_worker.c (111): did not find a worker worker2
[Fri Mar 19 12:39:34 2010] [29973:16384] [info] jk_handler::mod_jk.c
(1993): Could not find a worker for worker name=worker2

All the little things within the Apache configuration have been made, but my worker hasn’t been found.

LoadModule jk_module /usr/local/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkMount /hudson/* worker2

Several hours later, I have found a similar error description on the internet (but no solution…). I wrote a short mail to Rainer Jung, one of the followers, and he said, that the connector will use a default ajp13 worker if it cannot find another one. This means, that the module cannot find my workers property file.

Hm, the file permissions were correct, the file was on the correct path. The Apache documentation gave me the right hint:

The directive JkWorkersFile must not be within a VirtualHost directive. I had configured a special vhost for the Tomcat access and moved all the configuration stuff into that directive. The problem has been solved by a simple move of the JkWorkersFile line out of the VirtualHost directive. Very simple, damn.

SSL certificates for namebased virtual hosts

I have read a post on Waffel’s Blog how you can setup a certificate for multiple namebased servers on Apache. It is simple to manage within Eisfair.

  • Choose “Service Administration” -> “Certs service” and select “Manage certificates”.
  • Now enter “1” for key type and choose your webserver.
  • Select “11” to create a new certificate request. The request will be stored to /usr/local/ssl/csr/apache.csr.
  • Open another terminal and switch to /usr/local/ssl
  • Create an extension file extension.txt using vi, as described in Waffel’s blog and enter your server names at the end.
  • Execute openssl x509 -req -days 365 -in apache.csr -signkey private/apache.key -out newcerts/apache.crt -extfile extension.txt -extensions mydomain_http
  • Select “14” (Manage certificates) to create a .pem file from the new certificate.
  • Use apache as SSL_CERT_NAME on the Apache configuration for every virtual server which you have included into extension.txt