[ https://issues.apache.org/jira/browse/TS-612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Galić updated TS-612: -------------------------- Assignee: Ron Barber (was: Bryan Call) > ATS does not allow password protected certificates > -------------------------------------------------- > > Key: TS-612 > URL: https://issues.apache.org/jira/browse/TS-612 > Project: Traffic Server > Issue Type: Improvement > Components: SSL > Affects Versions: 3.0.0 > Environment: Any > Reporter: Igor Galić > Assignee: Ron Barber > Fix For: 6.0.0 > > > Create a (self-signed) certificate with a password that is non-empty. {cat > server.key server.crt > server.pem} and configure it as > {CONFIG proxy.config.ssl.server.cert.filename STRING server.pem} > The result will be: > {noformat} > Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: --- Server Starting > --- > Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: Server Version: > Apache Traffic Server - traffic_server - 2.0.1 - (build # 113112 on Dec 31 > 2010 at 12:58:34) > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} STATUS: opened > var/log/trafficserver/diags.log > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: updated > diags config > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache > clustering disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: no > cache disks specified in etc/trafficserver/storage.config: cache disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache > clustering disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: > unable to open cache disk(s): Cache Disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL > ERROR: Cannot use server private key file. > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: > SSL::0:error:0906406D:PEM routines:PEM_def_callback:problems getting > password:pem_lib.c:105: > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: > SSL::0:error:0906A068:PEM routines:PEM_do_header:bad password > read:pem_lib.c:406: > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: > SSL::0:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > lib:ssl_rsa.c:669: > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL > ERROR: Can't initialize the SSL library, disabling SSL termination!. > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: logging > initialized[7], logging_mode = 3 > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: traffic > server running > {noformat} > A first -- ugly -- shot would be to at least have a password field in the > configuration. > In the end something taking the input of an external program or from a file > would be more desirable. -- This message was sent by Atlassian JIRA (v6.1.5#6160)