November 25, 2024, 05:52:16 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Apache:mod_ssl:Error: Private key not found.  (Read 7627 times)

Offline nemotech

  • New Member
  • Posts: 1
Apache:mod_ssl:Error: Private key not found.
« on: December 21, 2009, 07:27:56 PM »
hi folks,

I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga).

I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error:


# /etc/init.d/httpd start
Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server myserver.mydomain.com:443 (RSA)
Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
**Stopped

In the log files, I can see the messages below:

[Mon Dec 21 21:21:23 2009] [error] Init: Private key not found
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
[Mon Dec 21 22:18:34 2009] [info] Loading certificate & private key of SSL-aware server
[Mon Dec 21 22:18:34 2009] [info] Init: Requesting pass phrase via builtin terminal dialog


Apache is chrooted and the crt and key files are found in the conf folder.

I even used the commands below to check my .crt, .csr and .key files and they do match:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5
$ openssl req -noout -modulus -in server.csr | openssl md5


I have even given the .key file 777 permissions.

I have read that there can be 3 workarounds to this problem, but none of these are suitable for me:

1. Buy a new certificate
2. Disable the pass-phrase
3. Unencrypt the .key file

I would appreciate any help I could get from you. Below are my config files found at /chROOT/usr/local/lamp/httpd.2.2.8/conf

Thanks beforehand
Nemo



********************************** httpd.conf******************************
ServerRoot "/usr/local/lamp/httpd-2.2.8"

Listen 443
Listen 80


LoadModule perl_module        modules/mod_perl.so
LoadModule php5_module           modules/libphp5.so


<IfModule !mpm_netware_module>
User myuser
Group mygroup
</IfModule>


ServerAdmin serveradmin@mydomain.com


ServerName xxx.yyy.com:80


DocumentRoot "/websites/yyy/"


<Directory />
    Options FollowSymLinks
    AllowOverride AuthConfig
    Order deny,allow
    Deny from all
</Directory>


<Directory "/websites">
    Options -Indexes FollowSymLinks
    AllowOverride AuthConfig FileInfo Options Indexes
    Order allow,deny
    Allow from all
</Directory>


<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>


<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>


ErrorLog "logs/error_log"


LogLevel debug


<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" common
</IfModule>


<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/lamp/httpd-2.2.8/cgi-bin/"

</IfModule>


<IfModule cgid_module>
</IfModule>


<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>


DefaultType text/plain


<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php php
    AddType application/x-httpd-php php3
    AddType application/x-httpd-php-source phps
</IfModule>


ErrorDocument 403 http://xxx.yyy.com/error/
ErrorDocument 404 http://xxx.yyy.com/error/

Include conf/extra/httpd-vhosts.conf

Include conf/extra/httpd-default.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
FileETag None
TraceEnable Off

***********************************httpd-vhosts.conf***********************************


NameVirtualHost *:443
NameVirtualHost *:80


<VirtualHost *:80>
       ServerName xxx.yyy.com
       DocumentRoot /websites/yyy/
       ErrorLog logs/xxx-error_log
       CustomLog logs/xxx-access_log common
       ServerAdmin serveradmin@mydomain.com
</VirtualHost>


<VirtualHost *:443>
        DocumentRoot "/websites/myserver/"
        ServerName myserver.mydomain.com
        ErrorLog logs/myserver.mydomain-error_log
        CustomLog logs/myserver.mydomain-access_log common
        ServerAdmin serveradmin@mydomain.com   
</VirtualHost>



********************************httpd-ssl.conf******************************************

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/usr/local/lamp/httpd-2.2.8/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/usr/local/lamp/httpd-2.2.8/logs/ssl_mutex"


<VirtualHost _default_:443>

DocumentRoot "/websites/myserver/"
ServerName myserver.mydomain.com:443
ServerAdmin serveradmin@mydomain.com
ErrorLog "logs/myserver.mydomain.com.ssl-error_log"
TransferLog "logs/myserver.mydomain.com.ssl-transfer_log"

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.crt"

SSLCertificateKeyFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>

<Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog "/usr/local/lamp/httpd-2.2.8/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                 



« Last Edit: December 22, 2009, 07:04:24 AM by nemotech »