Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-21-2009, 02:12 PM   #1
LQ Newbie
Registered: Oct 2008
Posts: 1

Rep: Reputation: 0
Apache:mod_ssl:Error: Private key not found.

hi folks,

I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga).

I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error:

# /etc/init.d/httpd start
Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server (RSA)
Enter pass phrase:Apache:mod_ssl:Error: Private key not found.

In the log files, I can see the messages below:

[Mon Dec 21 21:21:23 2009] [error] Init: Private key not found
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
[Mon Dec 21 22:18:34 2009] [info] Loading certificate & private key of SSL-aware server
[Mon Dec 21 22:18:34 2009] [info] Init: Requesting pass phrase via builtin terminal dialog

Apache is chrooted and the crt, csr and key files are found in the conf folder.

I used the commands below to check my .crt, .csr and .key files and they do match:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
$ openssl req -noout -modulus -in server.csr | openssl md5

I have even given the .key file 777 permissions.

I have read that there can be 3 workarounds to this problem, but none of these are suitable for me:

1. Buy a new certificate
2. Disable the pass-phrase
3. Unencrypt the .key file

I would appreciate any help I could get from you. Below are my config files found at /chROOT/usr/local/lamp/httpd.2.2.8/conf

Thanks beforehand

********************************** httpd.conf******************************
ServerRoot "/usr/local/lamp/httpd-2.2.8"

Listen 443
Listen 80

LoadModule perl_module modules/
LoadModule php5_module modules/

<IfModule !mpm_netware_module>
User myuser
Group mygroup



DocumentRoot "/websites/yyy/"

<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
Order deny,allow
Deny from all

<Directory "/websites">
Options -Indexes FollowSymLinks
AllowOverride AuthConfig FileInfo Options Indexes
Order allow,deny
Allow from all

<IfModule dir_module>
DirectoryIndex index.php index.html

<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All

ErrorLog "logs/error_log"

LogLevel debug

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

CustomLog "logs/access_log" common

<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/lamp/httpd-2.2.8/cgi-bin/"


<IfModule cgid_module>

<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all

DefaultType text/plain

<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php php
AddType application/x-httpd-php php3
AddType application/x-httpd-php-source phps

ErrorDocument 403
ErrorDocument 404

Include conf/extra/httpd-vhosts.conf

Include conf/extra/httpd-default.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
FileETag None
TraceEnable Off


NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
DocumentRoot /websites/yyy/
ErrorLog logs/xxx-error_log
CustomLog logs/xxx-access_log common

<VirtualHost *:443>
DocumentRoot "/websites/myserver/"
ErrorLog logs/myserver.mydomain-error_log
CustomLog logs/myserver.mydomain-access_log common


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/lamp/httpd-2.2.8/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/lamp/httpd-2.2.8/logs/ssl_mutex"

<VirtualHost _default_:443>

DocumentRoot "/websites/myserver/"
ErrorLog "logs/"
TransferLog "logs/"

SSLEngine on


SSLCertificateFile "/usr/local/lamp/httpd-2.2.8/conf/"

SSLCertificateKeyFile "/usr/local/lamp/httpd-2.2.8/conf/"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars

<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
SSLOptions +StdEnvVars

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "/usr/local/lamp/httpd-2.2.8/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Last edited by nemotech; 12-22-2009 at 02:19 AM. Reason: paste configs


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
RedHat - Apache 2.0.59 SSL will not start - error loading jreiter Linux - General 1 12-10-2008 12:34 PM
apache mod_ssl startup failed with no error messages! aaronvegh Linux - Networking 2 06-06-2005 08:44 PM
Apache mod_ssl error belorion Linux - Software 2 08-04-2004 03:16 PM
mod_ssl cannot find a private key ner Linux - General 5 03-23-2004 12:42 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:23 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration