Symptoms
OA Control Panel is unavailable.
Apache service does not start on UI node(s) with an SSL error in /var/log/httpd/error.log:
[Fri Aug 04 12:21:04 2017] [error] Unable to configure RSA server private key
[Fri Aug 04 12:21:04 2017] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Using strace during Apache service start reveals a broken brand configuration:
# strace -vvvttTfs1024 -e open service httpd start
...
1015390 12:43:43.416551 open("/etc/pki/tls/certs/brand_example.com.crt", O_RDONLY) = 11 <0.000046>
The failure occurs after reading the mentioned crt file. There is a certificate/key pair mismatch:
[root@linui01 ~]# openssl x509 -noout -modulus -in brand_example.com.crt | openssl md5
(stdin)= 21bf98a442ef1129c9903c77f9cbb740
[root@linui01 ~]# openssl rsa -noout -modulus -in /etc/pki/tls/private/brand_example.com.ey | openssl md5
(stdin)= fb433e40b6d23e511a92cc3b97b33b62
Cause
Reseller managed to upload a broken certificate, leading to the Apache service crash.
The issue is planned to be improved in scope of POA-110175 (fixed in 7.1), POA-113379 (fixed in 7.3), POA-114635 and APS-44292 requests.
Resolution
As a quick workaround, remove the faulty brand from Apache configuration:
# mv /etc/httpd/conf.d/brand_example.com.conf /root/
To fix the issue, make sure the correct certificate is installed for the brand.