Solutions

Apache and IIS Web Agent (All versions) repeatedly reports failed to load SSL errors

Last updated Nov 2, 2020

The purpose of this article is to provide assistance if the Apache™ or IIS Web Agent repeatedly reports SSL errors such as "failed to load OPENSSL_init_ssl" (Apache) or "failed to load SSL_library_init" (IIS).


Symptoms

You will see errors as outlined below depending on which agent you are using.

Apache Agent

The Web Agent appears to be functioning normally, however, one of the following error snippets is shown repeatedly in your logs depending on which version of the Web Agent you are using:

  • Web Agents 5.5.1.0 and later: [Mon Aug 12 14:03:29.156134 2019] [amagent:notice] [pid 1234:tid 140277498116015] OpenSSL library status: trying libssl... libssl.so.1.1 dlopen error: libssl.so.1.1: cannot open shared object file: No such file or directory, found libssl.so.10, failed to load OPENSSL_init_ssl, failed to load TLS_client_method, failed to load SSL_get_state, trying libcrypto... libcrypto.so.1.1 dlopen error: libcrypto.so.1.1: cannot open shared object file: No such file or directory, found libcrypto.so.10, OpenSSL v1.0.x/0.9.8 library support is available
  • Pre-Web Agents 5.5.1.0: Aug 12 14:03:29.950273 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): trying libssl... [Mon Aug 12 14:03:29.950664 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): libssl.so.1.1 dlopen error: libssl.so.1.1: cannot open shared object file: No such file or directory [Mon Aug 12 14:03:29.950902 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): found libssl.so.10 [Mon Aug 12 14:03:29.951107 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): failed to load OPENSSL_init_ssl [Mon Aug 12 14:03:29.951124 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): failed to load TLS_client_method [Mon Aug 12 14:03:29.951128 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): failed to load SSL_get_state [Mon Aug 12 14:03:29.951309 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): trying libcrypto... [Mon Aug 12 14:03:29.951534 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): libcrypto.so.1.1 dlopen error: libcrypto.so.1.1: cannot open shared object file: No such file or directory [Mon Aug 12 14:03:29.951707 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): found libcrypto.so.10 [Mon Aug 12 14:03:29.951999 2019] [amagent:error] [pid 1234:tid 140277498116015] init_ssl(): OpenSSL v1.0.x/0.9.8 library support is available

You may see these error snippets in either, or both the Agent logs and Apache logs (located in /path/to/agent/log and /path/to/apache/logs/error_log respectively). The change in log output is due to AMAGENTS-1933 (init_ssl errors fill error_log), which made the messages less verbose.

IIS Agent

You will see the following error in your Install log:

2020-02-06 10:42:07 OpenSSL library status: trying ssleay32... found libssl-1_1.dll, failed to load SSL_library_init, failed to load SSLv23_client_method, failed to load SSL_state, failed to load SSL_load_error_strings, trying libeay32... found libcrypto-1_1.dll, failed to load CRYPTO_num_locks, failed to load CRYPTO_set_locking_callback, failed to load CRYPTO_set_id_callback, failed to load OPENSSL_add_all_algorithms_noconf, failed to load ERR_free_strings, failed to load ENGINE_cleanup, failed to load EVP_cleanup, failed to load CRYPTO_cleanup_all_ex_data, OpenSSL v1.1.x library support is available

Recent Changes

N/A

Causes

The Web Agent tries to load various OpenSSL libraries before finding the appropriate one, as evidenced by the following message:

  • Apache: OpenSSL v1.0.x/0.9.8 library support is available
  • IIS: OpenSSL v1.1.x library support is available

Solution

Firstly, these messages can be safely ignored because the OpenSSL library is found in the end. Additionally, for the Apache agent, you can make them less verbose by upgrading to Agents 5.5.1.0 or later; you can download this from BackStage.

See Also

Installing a Web Agent (All versions) fails with a no ssl/library support error

SSL in AM/OpenAM and Policy Agents

Related Training

N/A

Related Issue Tracker IDs

AMAGENTS-2716 (Remove init_ssl(): failed to load OPENSSL_init_ssl message in apache error_log)

AMAGENTS-1933 (init_ssl errors fill error_log)



Copyright and TrademarksCopyright © 2020 ForgeRock, all rights reserved.
Loading...