httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben RUBSON <ben.rub...@gmail.com>
Subject [users@httpd] New password protected certificates & conf reload
Date Mon, 13 Jun 2016 06:30:01 GMT
Hello,

Let's assume a configuration with several HTTPS VirtualHosts.
Each one has its own certificate with its own password protected key.
All keys use the same password to simplify Apache start with "SSLPassPhraseDialog builtin".
Yes goal is to avoid storing the password on the server itself (or any command... which would
return the password).

In the life of this server, new VirtualHosts are added, manually, or automatically by the
production process.
Then the Apache configuration is reloaded, manually or automatically.
However, when the new VirtualHost uses a certificate with a password protected key, even if
it uses the same password as the others, Apache crashes reloading the configuration with the
following :

[Mon Jun 13 08:01:39.411230 2016] [ssl:error] [pid 90795] AH02578: Init: Unable to read pass
phrase [Hint: key introduced or changed before restart?]
[Mon Jun 13 08:01:39.411260 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D0680A8:asn1
encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jun 13 08:01:39.411277 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D08303A:asn1
encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Jun 13 08:01:39.411290 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D0680A8:asn1
encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jun 13 08:01:39.411303 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D07803A:asn1
encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Mon Jun 13 08:01:39.411319 2016] [ssl:error] [pid 90795] SSL Library Error: error:04093004:rsa
routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jun 13 08:01:39.411331 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D0680A8:asn1
encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jun 13 08:01:39.411344 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D07803A:asn1
encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Mon Jun 13 08:01:39.411355 2016] [ssl:emerg] [pid 90795] AH02312: Fatal error initialising
mod_ssl, exiting.
[Mon Jun 13 08:01:39.411363 2016] [ssl:emerg] [pid 90795] AH02564: Failed to configure encrypted
(?) private key my.server.com:443:0, check /home/server/my.server.com.key
[Mon Jun 13 08:01:39.411372 2016] [:emerg] [pid 90795] AH00020: Configuration Failed, exiting

I think this is because at the time of the reload, Apache has already intentionally forgotten
the password.
Am I right ?

Is there any way to make this work as I am expecting ?

Thank you very much !

Best regards,

Ben


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message