CentOS 7 (fully patched)
osTicket 1.14.3 (f4f5bc6)
Apache 2.4.6 OpenSSL 1.0.2k-fips, self signed certificate
MySQL 5.5.65
PHP 7.2.34

Ever since enabling SSL, users are getting errors randomly when accessing attachments. If I restart Apache, the issue seems to clear for a while but then comes back. In the Chrome (or any browser) download, the download states Failed - Network Error. The attachments are stored in the database as I have not enabled the file system storage yet.

My Helpdesk URL under System Settings and Preferences points to https://FQDN and users are accessing the server using that URL
Force HTTPS is enabled

My HTTP error log in debug shows the following:

[Sat Nov 14 09:49:27.056055 2020] [ssl:info] [pid 10620] (70007)The timeout specified has expired: [client (client IP address):56743] AH01991: SSL input filter read failed.
[Sat Nov 14 09:49:27.056123 2020] [ssl:debug] [pid 10620] ssl_engine_io.c(993): [client (client IP address):56743] AH02001: Connection closed to child 3 with standard shutdown (server (FQDN):443)
[Sat Nov 14 09:49:27.061641 2020] [ssl:info] [pid 10618] (70007)The timeout specified has expired: [client (client IP address):56757] AH01991: SSL input filter read failed.
[Sat Nov 14 09:49:27.061674 2020] [ssl:debug] [pid 10618] ssl_engine_io.c(993): [client (client IP address):56757] AH02001: Connection closed to child 1 with standard shutdown (server (FQDN):443)
[Sat Nov 14 09:49:27.067915 2020] [ssl:info] [pid 10621] (70007)The timeout specified has expired: [client (client IP address):56756] AH01991: SSL input filter read failed.
[Sat Nov 14 09:49:27.067945 2020] [ssl:debug] [pid 10621] ssl_engine_io.c(993): [client (client IP address):56756] AH02001: Connection closed to child 4 with standard shutdown (server (FQDN):443)
[Sat Nov 14 09:49:27.538288 2020] [ssl:info] [pid 10622] [client (client IP address):56772] AH01964: Connection to child 5 established (server (FQDN):443)
[Sat Nov 14 09:49:27.556216 2020] [ssl:info] [pid 10622] [client (client IP address):56772] AH02008: SSL library error 1 in handshake (server (FQDN):443)
[Sat Nov 14 09:49:27.556238 2020] [ssl:info] [pid 10622] SSL Library Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (SSL alert number 46)
[Sat Nov 14 09:49:27.556244 2020] [ssl:info] [pid 10622] [client (client IP address):56772] AH01998: Connection closed to child 5 with abortive shutdown (server (FQDN):443)

Both my http.conf and ssl.conf are pointing to the server IP address in the virtual host configuration as I did read that Apache does have issues at times with using a catchall *:443

I know this is more of an SSL / Apache question but hoping someone here can help solve this for me.

Thanks in advance

I've asked the devs to take a look at this thread.

    @robhird

    I googled the error SSL Library Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (SSL alert number 46) and came across a few articles that might help:

    In most cases it appears that your browser or computer does not trust the certificate.

    Cheers.

      Thank you ntozier and KevinTheJedi . Kevin - I found the same articles and am working on trying a certificate signed by a trusted CA, but it seems odd to me that I am able to access everything in the system and even am able to open the attachments until I am not able to. It seems like the determining factor is the size of the attachments. After about 5 - 6 MB of attachments, then I can no longer open them. I am also working on a fresh build of the server with all the same system specifications and then see if I can duplicate the error with a bunch of attachments. It is as if there is a buffer overflow but I'm not able to pinpoint exactly what is crashing.

      I have some homework to do and if I find the key to the issue, I will be sure to post it. Thank you both for the quick response.

          Write a Reply...