httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Jones" <tetragondz...@gmail.com>
Subject Re: [users@httpd] SSL Problem Still not Solved in Apache2-RHEL4
Date Tue, 16 May 2006 02:19:28 GMT
On 5/15/06, Rex Brooks <rexb@starbourne.com> wrote:

> I did specify a pass phrase when I created the key/crt. However, I do
> not get a request asking me to supply the pass phrase when I enter:
> service httpd start. I just get the same FAILED notice with the same
> error in the error_log.

You likely wont get a request if you use "service httpd start"  -- we
will try to resolve this step by step; please read all this mess
before attempting any of it.

First off before we start please back up everything and place the back
up in a safe place; you probably should back it up twice to be safe.
:-)

Next, before you install my version of your ssl.conf please try this
command sequence first: ( Found at:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC30 )

# become root
su -

# cd to the dircectory where the server key file is and execute
cp server.key server.key.PW_BackUp
cp server.key server.key.orig

# Remove the passphase from the server key
openssl rsa -in server.key.org -out server.key

# Make sure the server.key file is now only readable by root:
chown root:root server.key && chmod 0400 server.key

# NOTE -
# Make sure you subsitute your file names for the above "server key"

# Lastly -- try to start the server
service httpd start

# various commands to see if its really running -
lsof |grep -i tcp |grep -i http
netstat -plan |grep 80
tcpdump port 80

If that works then we know that you canot start apache using "service"
-- you'll either have to not use a passphrase (which is upto company
security policy) or always start the "/etc/init.d/httpd restart" by
hand -- so it will prompt you for the passphrase.

If the above does not work you are welcome to try out my version of
the ssl.conf -- please make two backups of your original first.  But I
feel strongly that the above passphrase issue is partially, if not
completely, at fault.


HTH/Sx
-- 
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/

Mime
View raw message