httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rex Brooks <r...@starbourne.com>
Subject Re: [users@httpd] SSL Problem Still not Solved in Apache2-RHEL4
Date Wed, 17 May 2006 02:07:01 GMT
Thanks again, Bill,

Thinking through this as I tried Bill Jones' suggestions, it appears 
that the PassPhrase with or without a dialog applet is not at fault 
here.

The first time this start failure occurred it was immediately after 
registering a new user in the ebxmllrr -3.0-beta1 registry using the 
web browser interface where the instructions walk you through the 
process of importing the key into the browser.

At 10:35 PM -0500 5/15/06, William A. Rowe, Jr. wrote:
>Rex Brooks wrote:
>>
>>I have Apache2 in RHEL4, so I am assuming that the SSL Sections you 
>>refer to are in ssl.conf which is loaded as a DSO.
>>
>>I understand that httpd must be able to read the crt/pem file.
>>
>>I did specify a pass phrase when I created the key/crt. However, I 
>>do not get a request asking me to supply the pass phrase when I 
>>enter: service httpd start. I just get the same FAILED notice with 
>>the same error in the error_log.
>
>If it is in fact 'tripping' over the passphrase, and stdin/stdout aren't
>providing access to the console from 'service httpd start' in redhat, you
>might want to look at the SSLPassphraseDialog applet.  One option is to pass
>a pipe:/path/to/binary that can invoke a pipe program which queries all of
>the passphrases.
>
>I wrote support/win32/wintty.c to create a console window on the fly for
>such a dialog, letting the service speak with the user at the console.
>Obviously, it's win32 specific.  But I can't imagine it would be impossible
>to create a similar tty piped window applet on Unix, if someone is up to
>the challenge.
>
>There are simpler SSLPassphraseDialog alternatives, see...
>http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslpassphrasedialog
>(I just noticed the pipe:/path/to/pipe is undocumented; whoops!)
>
>Bill
>Bill
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


-- 
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message