httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruiyuan Jiang <RJi...@fnpc.com>
Subject [users@httpd] Pass Phrase encrypted private key and certificate and FIPS enabled mod_ssl
Date Wed, 29 Aug 2012 19:45:29 GMT
Hi,

Last week I posted a message that I had problem with FIPS enabled openssl and httpd v2.4.3.
I did a little bit test today and here is what I found. The original key and certificate was
generated by openssl without FIPS enabled and the key was encrypted by AES 256. When I started
httpd, it prompted me for the pass phrase. I typed in correct pass phrase but it kept prompting
me that the pass phrase is not correct. If I disable FIPS for the mod_ssl, I don't have problem
to provide the same pass phrase and start httpd.

I striped out the pass phrase from the original private key without any other changes and
I can start httpd with FIPS enabled mod_ssl no problem.

I recreated private key with AES 256 encrypted and a pass phrase (I have to provide a pass
phrase) with FIPS enabled OpenSSL (v1.0.1c) and regenerated the certificate from my CA. 

When I started httpd, I got pass phrase prompt and I provided the correct pass phrase and
it says the pass phrase is incorrect.

My question is whether FIPS enabled mod_ssl supports pass phrase? It seems to me it does not.
Thanks.

Ryan Jiang



This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended 
recipient, please notify the sender immediately by 
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message