httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fredk2 <fre...@gmail.com>
Subject [users@httpd] Apache fails to start if SSLProxyMachineCertificateFile does not contain RSA
Date Wed, 09 Oct 2013 21:10:49 GMT
Hi,

Does anyone know why Apache httpd (2.4.4) fails to start if the pem file set
in SSLProxyMachineCertificateFile is formatted:
-----BEGIN PRIVATE KEY----- 
MIIEvgIB
...
-----END PRIVATE KEY----- 

the error is "incomplete client cert configured for SSL proxy (missing or
encrypted private key?) "
If you add the word RSA as in "BEGIN RSA PRIVATE KEY" it all works.

SSLCertificateFile works with both "BEGIN PRIVATE KEY" or "BEGIN RSA PRIVATE
KEY"

With openssl 1.0 you can generate a pem key
$ openssl req -new -keyout mykey.key -out mycertreq.csr -nodes -sha1 -newkey
rsa:2048
-----BEGIN PRIVATE KEY----- 
MIIEvgIB
...
-----END PRIVATE KEY----- 

With openssl 0.9.8 for the same you get 
-----BEGIN RSA PRIVATE KEY----- 
MIIEvgIB
...
-----END RSA PRIVATE KEY----- 

Thank you,
Fred



--
View this message in context: http://apache-http-server.18135.x6.nabble.com/Apache-fails-to-start-if-SSLProxyMachineCertificateFile-does-not-contain-RSA-tp5009238.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message