hi folks,
I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga).
I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error:
# /etc/init.d/httpd start
Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server myserver.mydomain.com:443 (RSA)
Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
**Stopped
In the log files, I can see the messages below:
[Mon Dec 21 21:21:23 2009] [error] Init: Private key not found
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
[Mon Dec 21 22:18:34 2009] [info] Loading certificate & private key of SSL-aware server
[Mon Dec 21 22:18:34 2009] [info] Init: Requesting pass phrase via builtin terminal dialog
Apache is chrooted and the crt, csr and key files are found in the conf folder.
I used the commands below to check my .crt, .csr and .key files and they do match:
$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
$ openssl req -noout -modulus -in server.csr | openssl md5
I have even given the .key file 777 permissions.
I have read that there can be 3 workarounds to this problem, but none of these are suitable for me:
1. Buy a new certificate
2. Disable the pass-phrase
3. Unencrypt the .key file
I would appreciate any help I could get from you. Below are my config files found at /chROOT/usr/local/lamp/httpd.2.2.8/conf
Thanks beforehand
Nemo
********************************** httpd.conf******************************
ServerRoot "/usr/local/lamp/httpd-2.2.8"
Listen 443
Listen 80
LoadModule perl_module modules/mod_perl.so
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
User myuser
Group mygroup
</IfModule>
ServerAdmin
serveradmin@mydomain.com
ServerName xxx.yyy.com:80
DocumentRoot "/websites/yyy/"
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
Order deny,allow
Deny from all
</Directory>
<Directory "/websites">
Options -Indexes FollowSymLinks
AllowOverride AuthConfig FileInfo Options Indexes
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/lamp/httpd-2.2.8/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php php
AddType application/x-httpd-php php3
AddType application/x-httpd-php-source phps
</IfModule>
ErrorDocument 403
http://xxx.yyy.com/error/
ErrorDocument 404
http://xxx.yyy.com/error/
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-default.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
FileETag None
TraceEnable Off
***********************************httpd-vhosts.conf***********************************
NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
ServerName xxx.yyy.com
DocumentRoot /websites/yyy/
ErrorLog logs/xxx-error_log
CustomLog logs/xxx-access_log common
ServerAdmin
serveradmin@mydomain.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/websites/myserver/"
ServerName myserver.mydomain.com
ErrorLog logs/myserver.mydomain-error_log
CustomLog logs/myserver.mydomain-access_log common
ServerAdmin
serveradmin@mydomain.com
</VirtualHost>
********************************httpd-ssl.conf******************************************
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/lamp/httpd-2.2.8/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/lamp/httpd-2.2.8/logs/ssl_mutex"
<VirtualHost _default_:443>
DocumentRoot "/websites/myserver/"
ServerName myserver.mydomain.com:443
ServerAdmin
serveradmin@mydomain.com
ErrorLog "logs/myserver.mydomain.com.ssl-error_log"
TransferLog "logs/myserver.mydomain.com.ssl-transfer_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.crt"
SSLCertificateKeyFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/local/lamp/httpd-2.2.8/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
