httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rex Brooks <>
Subject Re: [users@httpd] SSL Problem Still not Solved in Apache2-RHEL4
Date Tue, 16 May 2006 13:35:36 GMT
I tried both of Bill's suggestions and neither solved the problem 
yet.  The error message steadfastly remains the same. At least its 

Just a slight note, there was a typo on the page which got 

openssl rsa -in -out server.key

should be:

openssl rsa -in server.key.orig -out server.key

also the chmod 0400 should be chmod 400, but neither of those 
impacted the results: The passphrase was removed but httpd still 
failed to start.

We KNOW mod_ssl is at fault here, since, beyond the error message, 
httpd starts when mod_ssl is removed. We also know that when it is 
removed the VirtualHosts won't accept connections. AND, it appears 
that the PassPhrase is not responsible. (Note, I said, appears, since 
I am wondering if I actually need to be logged in as my user and then 
become root, instead of being logged in as root, which I have been?)

Regardless, there ought to be a process of elimination which will 
isolate the culprit in here somewhere.

Unfortunately, SSL is not optional.


>On 5/15/06, Rex Brooks <> wrote:
>>I did specify a pass phrase when I created the key/crt. However, I do
>>not get a request asking me to supply the pass phrase when I enter:
>>service httpd start. I just get the same FAILED notice with the same
>>error in the error_log.
>You likely wont get a request if you use "service httpd start"  -- we
>will try to resolve this step by step; please read all this mess
>before attempting any of it.
>First off before we start please back up everything and place the back
>up in a safe place; you probably should back it up twice to be safe.
>Next, before you install my version of your ssl.conf please try this
>command sequence first: ( Found at:
> )
># become root
>su -
># cd to the dircectory where the server key file is and execute
>cp server.key server.key.PW_BackUp
>cp server.key server.key.orig
># Remove the passphase from the server key
>openssl rsa -in -out server.key
># Make sure the server.key file is now only readable by root:
>chown root:root server.key && chmod 0400 server.key
># NOTE -
># Make sure you subsitute your file names for the above "server key"
># Lastly -- try to start the server
>service httpd start
># various commands to see if its really running -
>lsof |grep -i tcp |grep -i http
>netstat -plan |grep 80
>tcpdump port 80
>If that works then we know that you canot start apache using "service"
>-- you'll either have to not use a passphrase (which is upto company
>security policy) or always start the "/etc/init.d/httpd restart" by
>hand -- so it will prompt you for the passphrase.
>If the above does not work you are welcome to try out my version of
>the ssl.conf -- please make two backups of your original first.  But I
>feel strongly that the above passphrase issue is partially, if not
>completely, at fault.
>WC (Bill) Jones --
>Content-Type: application/octet-stream; name="ssl.conf"
>Content-Disposition: attachment; filename="ssl.conf"
>X-Attachment-Id: f_en9mb1oz
>Attachment converted: Macintosh HD:ssl 1.conf (    /    ) (00130C8B)
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>    "   from the digest:
>For additional commands, e-mail:

Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message