LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-21-2009, 02:12 PM   #1
nemotech
LQ Newbie
 
Registered: Oct 2008
Posts: 1

Rep: Reputation: 0
Apache:mod_ssl:Error: Private key not found.


hi folks,

I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga).

I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error:


# /etc/init.d/httpd start
Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server myserver.mydomain.com:443 (RSA)
Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
**Stopped

In the log files, I can see the messages below:

[Mon Dec 21 21:21:23 2009] [error] Init: Private key not found
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
[Mon Dec 21 22:18:34 2009] [info] Loading certificate & private key of SSL-aware server
[Mon Dec 21 22:18:34 2009] [info] Init: Requesting pass phrase via builtin terminal dialog


Apache is chrooted and the crt, csr and key files are found in the conf folder.

I used the commands below to check my .crt, .csr and .key files and they do match:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
$ openssl req -noout -modulus -in server.csr | openssl md5


I have even given the .key file 777 permissions.

I have read that there can be 3 workarounds to this problem, but none of these are suitable for me:

1. Buy a new certificate
2. Disable the pass-phrase
3. Unencrypt the .key file

I would appreciate any help I could get from you. Below are my config files found at /chROOT/usr/local/lamp/httpd.2.2.8/conf

Thanks beforehand
Nemo



********************************** httpd.conf******************************
ServerRoot "/usr/local/lamp/httpd-2.2.8"

Listen 443
Listen 80


LoadModule perl_module modules/mod_perl.so
LoadModule php5_module modules/libphp5.so


<IfModule !mpm_netware_module>
User myuser
Group mygroup
</IfModule>


ServerAdmin serveradmin@mydomain.com


ServerName xxx.yyy.com:80


DocumentRoot "/websites/yyy/"


<Directory />
Options FollowSymLinks
AllowOverride AuthConfig
Order deny,allow
Deny from all
</Directory>


<Directory "/websites">
Options -Indexes FollowSymLinks
AllowOverride AuthConfig FileInfo Options Indexes
Order allow,deny
Allow from all
</Directory>


<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>


<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>


ErrorLog "logs/error_log"


LogLevel debug


<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>

CustomLog "logs/access_log" common
</IfModule>


<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/lamp/httpd-2.2.8/cgi-bin/"

</IfModule>


<IfModule cgid_module>
</IfModule>


<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>


DefaultType text/plain


<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php php
AddType application/x-httpd-php php3
AddType application/x-httpd-php-source phps
</IfModule>


ErrorDocument 403 http://xxx.yyy.com/error/
ErrorDocument 404 http://xxx.yyy.com/error/

Include conf/extra/httpd-vhosts.conf

Include conf/extra/httpd-default.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
FileETag None
TraceEnable Off

***********************************httpd-vhosts.conf***********************************


NameVirtualHost *:443
NameVirtualHost *:80


<VirtualHost *:80>
ServerName xxx.yyy.com
DocumentRoot /websites/yyy/
ErrorLog logs/xxx-error_log
CustomLog logs/xxx-access_log common
ServerAdmin serveradmin@mydomain.com
</VirtualHost>


<VirtualHost *:443>
DocumentRoot "/websites/myserver/"
ServerName myserver.mydomain.com
ErrorLog logs/myserver.mydomain-error_log
CustomLog logs/myserver.mydomain-access_log common
ServerAdmin serveradmin@mydomain.com
</VirtualHost>



********************************httpd-ssl.conf******************************************

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/lamp/httpd-2.2.8/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/lamp/httpd-2.2.8/logs/ssl_mutex"


<VirtualHost _default_:443>

DocumentRoot "/websites/myserver/"
ServerName myserver.mydomain.com:443
ServerAdmin serveradmin@mydomain.com
ErrorLog "logs/myserver.mydomain.com.ssl-error_log"
TransferLog "logs/myserver.mydomain.com.ssl-transfer_log"

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.crt"

SSLCertificateKeyFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "/usr/local/lamp/httpd-2.2.8/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

Last edited by nemotech; 12-22-2009 at 02:19 AM. Reason: paste configs
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RedHat - Apache 2.0.59 SSL will not start - error loading mod_ssl.so jreiter Linux - General 1 12-10-2008 12:34 PM
apache mod_ssl startup failed with no error messages! aaronvegh Linux - Networking 2 06-06-2005 08:44 PM
Apache mod_ssl error belorion Linux - Software 2 08-04-2004 03:16 PM
mod_ssl cannot find a private key ner Linux - General 5 03-23-2004 12:42 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration