How did you generate the CSR to get the cert? What key file did you use for
this?
The cert (crt) file perms look ok, (444 would be better) but who owns it?
does this file exist?
/etc/httpd/ssl.key/server.key (according to your conf)
if so, the permissions should be
-r-----
This file should be owned by root (in most all cases) and not the webserver
account (nobody/apache).
----- Original Message -----
From: "A. Putnam" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 07, 2003 4:20 PM
Subject: Re: private key not found
The permissions for the server.crt file are rw-r--r-- but it still cannot
find
the Private Key.
On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> Please check the permissions on your private key. They should be readable
> only by owner (400)
>
> (knee-jerk first guess reaction)
>
> Best of luck
>
> ----- Original Message -----
> From: "A. Putnam" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, March 07, 2003 3:42 PM
> Subject: private key not found
>
>
> I'm trying to get mod_ssl to work on my server, but each time I try to
> restart
> apache with mod_ssl activated, it gives me this error:
>
> /etc/init.d/apache start returned 7 (Program is not running.)
> Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide us with the pass phrases.
>
> Server matrix.pelathe.org:443 (RSA)
> Enter pass phrase:
> Apache:mod_ssl:Error: Private key not found.
> **Stopped
> stty: standard input: Inappropriate ioctl for device
> ..failed
>
> What I don't understand is how it can't find the Private key. The
> SSLCertificateKeyFile path in httpd.conf matches the location of the key
in
> my directory. Isn't the SSLCertificateKeyFile the Private Key path?
>
> I'm including the Virtual Host code (sans the explination text and a
> passkey).
> I'm very new to this so I won't be surprised if there is a glaring error
in
> here that I missed...
>
> <VirtualHost _default_:443>
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> #SSLCACertificatePath /etc/httpd/ssl.crt
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
> #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
>
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> #<Location />
> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #</Location>
>
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/srv/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
> Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
> 2.8.10 on a SuSE 8.1 box.
>
> Thanks,
> -Andrew
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
