I have edited my cupsd.conf to allow remote configuration of my Cups server and can access the web interface through port 631. My problem is when I click on the admin tab and then try to "upgrade" to https the page just hangs. I also have the problem that when I try to restart the cups daemon it successfully kills it but then cannot start back up. /var/log/cups/error_log shows the following.
I [05/Oct/2009:16:39:09 -0500] Generating SSL server key...
So I'm assuming that the ssl key could not be generated. I've seen similar problems in other posts that are due to /etc/cups/ssl/server.crt being a broken link but I don't have the file at all. If anyone could help me I would greatly appreciate it.
here is my cupsd.conf
# # "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $" # # Sample configuration file for the Common UNIX Printing System (CUPS) # scheduler. See "man cupsd.conf" for a complete description of this # file. # # Log general information in error_log - change "info" to "debug" for # troubleshooting... LogLevel info # Administrator user group... SystemGroup sys root # Only listen for connections from the local machine. port 631 Listen /var/run/cups/cups.sock # Show shared printers on the local network. Browsing On BrowseOrder allow,deny BrowseAllow all # Default authentication type, when authentication is required... DefaultAuthType Basic # Restrict access to the server... <Location /> Order allow,deny Allow all </Location> # Restrict access to the admin pages... <Location /admin> Encryption Required Order allow,deny Allow all </Location> # Restrict access to configuration files... <Location /admin/conf> AuthType Default Require user @SYSTEM Order allow,deny Allow all </Location> # Set the default printer/job policies... <Policy default> # Job-related operations must be done by the owner or an administrator... <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> Require user @OWNER @SYSTEM Order deny,allow </Limit> # All administration operations require an administrator to authenticate... <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType Default Require user @SYSTEM Order deny,allow </Limit> # All printer operations require a printer operator to authenticate... <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow </Limit> # Only the owner or an administrator can cancel or authenticate a job... <Limit Cancel-Job CUPS-Authenticate-Job> Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy> # # End of "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $". #
Last edited by caldwellbailey (2009-10-07 18:03:33)
I had this same problem. I know it can take a *long* time to general the SSL cert. For example:
I [21/Jan/2008:17:08:38 +0100] Generating SSL server key...
I [21/Jan/2008:17:32:21 +0100] Created SSL server key file
I [21/Jan/2008:17:32:21 +0100] Generating self-signed SSL certificate...
I [21/Jan/2008:17:32:21 +0100] Created SSL server certificate file
If that doesn't work, check out: http://mybookworld.wikidot.com/print-server#toc2
Education is favorable to liberty. Freedom can exist only in a society of knowledge. Without learning, men are incapable of knowing their rights, and where learning is confined to a few people, liberty can be neither equal nor universal.
Tu ne cede malis sed contra audentior ito
Thanks for the reply, I'm not sure why but it worked today. I read somewhere that the keys are generated based on the terminal input but considering it's a headless server it hasn't had much. That could be the reason it was taking so long to generate a key and since i've been trying to get it to work it maybe just got enough input to generate one. Either way I'm not quite sure. Thanks again.
I hit the same problem a few days ago, headless server, it seems the SSL key generation process relies on "kernel.randon.entropy_avail". one can see its value by executing
on my server the value was very low, because it is populated by any kind of activity and there was not much happening on my server. It was enough to do a few "find" commands and then it worked.
How do I create an SSL key for cups? There are no files in /etc/cups/ssl and I'm not sure what to do. I'm having the same problem here, but sysctl kernel.random.entropy_avail reveals 39, which I guess is sufficient, right?
Touch my kernel
Ooh, /var/log/cups/error_log is telling me this:
E [19/Apr/2010:14:03:51 -0400] Unable to set ACLs on root certificate "/var/run/cups/certs/0" - Operation not supported
Touch my kernel