Ask The Experts: Configuring OpenSSL for GroupWise Messenger

GroupWise Messenger relies on openssl for any SSL certificate actions to be performed. If openssl is not configured or fully functional then the Messenger configuration script will always fail at the point of configuring the SSL certificates. Issues with openssl can also make it impossible to administer a GroupWise Messenger system in the GroupWise Administration console.

To check if openssl is correctly installed use the following command: openssl version

That should return this output:

OpenSSL 1.0.2p-fips 14 Aug 2018

If you get anything that looks like, or is similar to, either of the two error messages below then you have an issue with openssl..

openssl: relocation error: openssl: symbol EVP_mdc2, version OPENSSL_1.0.0 not defined in file libcrypto.so.1.0.0 with link time reference

or

openssl: relocation error: openssl: symbol BIO_f_zlib, version OPENSSL_1_1_0 not defined in file libcrypto.so.1.1 with link time reference

In my experience this is caused by the wrong library files being referenced. Check this by using this command:

ldd /usr/bin/openssl

The output differs depending on OES/SLES version and whether openssl is correctly configured as shown in the tabs below:

Functioning SLES12/OES server
Functioning SLES15 server
Non-functional SLES15 server
Non functional SLES12 server
ldd /usr/bin/openssl

linux-vdso.so.1 (0x00007ffce6d2f000)  
libssl.so.1.0.0 => /lib64/libssl.so.1.0.0 (0x00007f16b0bff000)
 
libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0   (0x00007f16b0797000)
 
libc.so.6 => /lib64/libc.so.6 (0x00007f16b03f2000)
 
libdl.so.2 => /lib64/libdl.so.2 (0x00007f16b01ee000)  
libz.so.1 => /lib64/libz.so.1 (0x00007f16affd7000)  
/lib64/ld-linux-x86-64.so.2 (0x00007f16b0e6d000)
ldd /usr/bin/openssl

linux-vdso.so.1 (0x00007ffce6d2f000)
libssl.so.1.0.0 => /lib64/libssl.so.1.0.0 (0x00007f16b0bff000)
libcrypto.so.1.0.0 => /lib64/libcrypto.so.1.0.0 (0x00007f16b0797000)
libc.so.6 => /lib64/libc.so.6 (0x00007f16b03f2000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f16b01ee000)
libz.so.1 => /lib64/libz.so.1 (0x00007f16affd7000)
/lib64/ld-linux-x86-64.so.2 (0x00007f16b0e6d000)
ldd /usr/bin/openssl

linux-vdso.so.1 (0x00007fff617c1000)
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f9f476b7000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f9f471de000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f9f46fbf000)
libc.so.6 => /lib64/libc.so.6 (0x00007f9f46c04000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f9f46a00000)
/lib64/ld-linux-x86-64.so.2 (0x00007f9f47beb000)
ldd /usr/bin/openssl

/usr/bin/openssl: /opt/novell/lib64/libssl.so.1.0.0: no version information available (required by /usr/bin/openssl)
/usr/bin/openssl: /opt/novell/lib64/libcrypto.so.1.0.0: no version information available (required by /usr/bin/openssl)
        linux-vdso.so.1 (0x00007fff1a7c8000)
        libssl.so.1.0.0 => /opt/novell/lib64/libssl.so.1.0.0 (0x00007fd5dee49000)
        libcrypto.so.1.0.0 => /opt/novell/lib64/libcrypto.so.1.0.0 (0x00007fd5dea45000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fd5de6a0000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fd5de49c000)
/lib64/ld-linux-x86-64.so.2 (0x00007fd5dedb3000)

In the first non-functioning scenario (third tab) the customer had GroupWise Reporting and Monitoring (GWRM) installed. Historically GWRM would copy openssl files to a different location and this would cause the wrong libraries to be referenced. The solution to this is documented in a Micro Focus tid: https://support.microfocus.com/kb/doc.php?id=7024600

In the second non-functioning scenario (fourth tab) there was an entry in the /etc/ld.so.conf file like this

/opt/novell/lib64

Once this line had been removed and /sbin/ldconfig had been run, the "openssl version" command worked perfectly.

After the openssl misconfiguration is corrected the GroupWise Messenger configuration script should process the SSL certificate commands correctly.

Leave a Reply