httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Falco Schwarz <hid...@falco.me>
Subject Question regarding mod_ssl-2.4.x-certkeyfile
Date Fri, 31 Jan 2014 18:23:16 GMT
I tested the patch altering the SSLCertificate* directives with httpd-2.4.x and OpenSSL-1.0.2-dev:

    https://people.apache.org/~kbrand/mod_ssl-2.4.x-certkeyfile.diff

When putting certificate, CA and encrypted private key all in one file and using only the
directive SSLCertificateFile, I encountered the following: there was no prompt for the passphrase
and the errorlog showed this:

[ssl|debug] AH01893: Configuring TLS extension handling
[ssl|emerg] AH02573: Init: No private key specified for foo.bar:443:0
[ssl:emerg] [pid 28533] AH02312: Fatal error initialising mod_ssl, exiting.
[ssl|emerg] AH02564: Failed to configure encrypted (?) private key foo.bar:443:0, check /opt/apache/conf/ssl/foo.bar.enc
[ssl|emerg] SSL Library Error: error:0906A068:PEM routines:PEM_do_header:bad password read
-- You entered an incorrect pass phrase!?
[ssl|emerg] SSL Library Error: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib
AH00016: Configuration Failed

It worked perfectly fine if the private key is not encrypted.
Specifying the private key using SSLCertificateKeyFile also worked and prompted for the passphrase.

According to updated docs it should be possible to also put an encrypted private key alongside
its certificate in one file using SSLCertificateFile. Am I missing something here? 		 	  
		  

Mime
View raw message