httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] SSL errors in Apache on Mac OS 10.3
Date Thu, 04 Dec 2003 10:10:48 GMT
> -----Original Message-----
> From: Huw Jenkins [mailto:huw.jenkins@solutionsinc.co.uk]
> 
> I'm new to this list so apologies if I'm sending this to the 
> wrong place (if
> I am can you point me in the right direction?).

There's a mod_ssl list which is a bit more specific
(http://www.modssl.org/support/)...

> [03/Dec/2003 17:08:22 12722] [info]  Init: Requesting pass phrase from
> dialog filter program (/etc/httpd/getsslpassphrase)

So you've saved your certificate with a passphrase and configured a
script to deliver the passphrase when apache starts.

> [03/Dec/2003 17:08:22 12722] [error] Init: Pass phrase 
> incorrect (OpenSSL library error follows)

But it is giving the wrong passphrase...

The easiest solution would be to make sure the script gives the right
passphrase! However, I suspect something deeper... 

You might reflect that it's a bit pointless to protect the certificate
with a passphrase and then to provide the passphrase on the machine. The
real point of a passphrase is to prevent certificate theft and if
someone can steal the cert (which is obviously readable only by root)
they can run getsslpassphrase as well.

It is possible to remove the passphrase and run without it:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


> [03/Dec/2003 17:08:22 12722] [error] OpenSSL: 
> error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header too long
> </snip>
> 
> Is this an encoding issue? Or is it just that one of the 
> files has become
> corrupt? Or maybe something else that my limited experience 
> with SSL could
> never fathom in a million years? ;-)
> 
> 
> Thanks
> 
> Huw Jenkins
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message