Re: apache-ssl/woody cannot handle password protected keys?

To: debian-security@lists.debian.org
Subject: Re: apache-ssl/woody cannot handle password protected keys?
From: "Jeremy T. Bouse" <jbouse@debian.org>
Date: Mon, 25 Feb 2002 09:05:03 -0800
Message-id: <[🔎] 20020225170503.GD32532@UnderGrid.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 200202251430.g1PEU88s023435@pcrz175.HRZ.Uni-Marburg.DE>
References: <[🔎] 200202251430.g1PEU88s023435@pcrz175.HRZ.Uni-Marburg.DE>

	One solution which I use is this... I have both my cert.pem and
cert.key file in in a directory... I then run the following:

openssl x509 -in cert.pem -out /etc/apache/ssl.crt/server.crt
openssl rsa -in cert.key -out /etc/apache/ssl.key/server.key
chown root:root /etc/apache/ssl.key/server.key
chmod 0600 /etc/apache/ssl.key/server.key

	This allows me to restart apache without incident...

	Jeremy

On Mon, Feb 25, 2002 at 03:30:08PM +0100, Thomas Gebhardt wrote:
> Hi,
> 
> just upgraded a host from potato to woody, I observed that
> my apache-ssl failed to work.
> 
> Well, it actually starts but goes down immediately:
> 
> # /usr/sbin/apache-sslctl start
> Reading key for server <my.server>:443
> Enter PEM pass phrase:
> Launching... /usr/lib/apache-ssl/gcache
> pid=22730
> /usr/sbin/apache-sslctl start: httpsd started
> 
> or similary:
> 
> # /etc/init.d/apache-ssl start
> Starting web server: apache-sslReading key for server <my.server>:443
> Enter PEM pass phrase:
> Launching... /usr/lib/apache-ssl/gcache
> pid=22999
> .
> 
> The error log says:
> 
> [Mon Feb 25 15:20:36 2002] [crit] (22)Invalid argument: Error reading private 
> key file /etc/apache-ssl/secret.key:
> [Mon Feb 25 15:20:36 2002] [crit] error:0906406D:PEM 
> routines:DEF_CALLBACK:problems getting password
> [Mon Feb 25 15:20:36 2002] [crit] error:0906A068:PEM routines:PEM_do_header:bad
> password read
> 
> My PEM pass phrase is ok; in case of a typo I get something like:
> 
> # /usr/sbin/apache-sslctl start
> Reading key for server <my.server>:443
> Enter PEM pass phrase:
> Bad passphrase - try again
> 
> When I remove the passphrase from /etc/apache-ssl/secret.key (such
> that it is only proteced by its file permissions) then apache-ssl
> works fine.
> 
> I also tried apache-ssl from unstable (1.3.23.1+1.45-1) which
> gives the same results.
> 
> I would appreciate any hints! Is it my fault or is this a bug
> (a feature?) within apache-ssl?
> 
> Thanks, Thomas
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- apache-ssl/woody cannot handle password protected keys?
  - From: "Thomas Gebhardt" <gebhardt@HRZ.Uni-Marburg.DE>

Prev by Date: port-forward ssh
Next by Date: Re: webhosting
Previous by thread: Re: apache-ssl/woody cannot handle password protected keys?
Next by thread: Re: apache-ssl/woody cannot handle password protected keys?
Index(es):
- Date
- Thread