httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shahriar Aghajani <aghaj...@principle.com>
Subject [users@httpd] Graceful Restart fails because of SSL Keys with Passphrase?
Date Tue, 12 Feb 2013 20:56:53 GMT
Hi,

I have apache servers with SSL keys which require pass-phrases.
Until recently (maybe a year ago), if I restarted apache gracefully, it kept the old passwords
and didn't ask for new ones.

But now, it complains and doesn't restart.  And this doesn't happen all the time either. 
Sometimes graceful works fine, other times it fails, even though nothing in the config or
the keys has changed.

On one server that only has 1 key, the key is 2048 bits, and is for a wildcard domain.  Not
sure if that's relevant or not.

The error message I get is like this:

[Sun Feb 10 06:25:05 2013] [error] Init: Unable to read pass phrase [Hint: key introduced
or changed before restart?]
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding
routines:d2i_ASN1_SET:bad tag
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding
routines:d2i_PrivateKey:ASN1 lib

Any ideas?  Leads?

I've seen people recommending removing the passphrase or using SSLPassPhraseDialog.  But I'd
prefer to use pass-phrases and graceful restart if possible.

Thanks for your help,
Shahriar Aghajani.



Apache version:

Server version: Apache/2.2.16 (Debian)
Server built:   Nov 30 2012 08:58:36

Package info:

Package: apache2-mpm-prefork
Version: 2.2.16-6+squeeze10
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message