He lists the certificate, I'm speaking of the key. Although this (URL) relates to unencypting (removing passphrase) of the key (and ver 2.0) it is still relevant, and in some cases will prevent SSL (or am I speaking of SSH?) the secure socket transport from properly initializing. I know I've seen this other places in regards to apache, this was just the first reference I could quickly find.
>From http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html Make sure the server.key file is now only readable by root: $ chmod 400 server.key ----- Original Message ----- From: "R. DuFresne" <[EMAIL PROTECTED]> To: "A. Putnam" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: private key not found > On Fri, 7 Mar 2003, A. Putnam wrote: > > > The permissions for the server.crt file are rw-r--r-- but it still cannot find > > the Private Key. > > which would be 644 rather then 400 as the first person responded. > > > > > On Thursday 06 March 2003 13:36, Ron Gedye wrote: > > > Please check the permissions on your private key. They should be readable > > > only by owner (400) > > > > > > (knee-jerk first guess reaction) > > > > > > Best of luck > > > > > > ----- Original Message ----- > > > From: "A. Putnam" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Friday, March 07, 2003 3:42 PM > > > Subject: private key not found > > > > > > > > > I'm trying to get mod_ssl to work on my server, but each time I try to > > > restart > > > apache with mod_ssl activated, it gives me this error: > > > > > > /etc/init.d/apache start returned 7 (Program is not running.) > > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass > > > Phrase Dialog) > > > Some of your private key files are encrypted for security reasons. > > > In order to read them you have to provide us with the pass phrases. > > > > > > Server matrix.pelathe.org:443 (RSA) > > > Enter pass phrase: > > > Apache:mod_ssl:Error: Private key not found. > > > **Stopped > > > stty: standard input: Inappropriate ioctl for device > > > ..failed > > > > > > What I don't understand is how it can't find the Private key. The > > > SSLCertificateKeyFile path in httpd.conf matches the location of the key in > > > my directory. Isn't the SSLCertificateKeyFile the Private Key path? > > > > > > I'm including the Virtual Host code (sans the explination text and a > > > passkey). > > > I'm very new to this so I won't be surprised if there is a glaring error in > > > here that I missed... > > > > > > <VirtualHost _default_:443> > > > > > > DocumentRoot "/srv/www/htdocs" > > > ServerName matrix.pelathe.org > > > ServerAdmin [EMAIL PROTECTED] > > > ErrorLog /var/log/httpd/error_log > > > TransferLog /var/log/httpd/access_log > > > > > > SSLEngine on > > > > > > SSLCipherSuite > > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > > > > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt > > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt > > > > > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key > > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key > > > > > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt > > > > > > #SSLCACertificatePath /etc/httpd/ssl.crt > > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt > > > > > > SSLCARevocationPath /etc/httpd/ssl.crl > > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl > > > > > > SSLVerifyClient require > > > SSLVerifyDepth 10 > > > > > > #<Location /> > > > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ > > > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ > > > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ > > > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ > > > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ > > > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ > > > #</Location> > > > > > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire > > > <Files ~ "\.(cgi|shtml|phtml|php3?)$"> > > > SSLOptions +StdEnvVars > > > </Files> > > > <Directory "/srv/www/cgi-bin"> > > > SSLOptions +StdEnvVars > > > </Directory> > > > > > > SetEnvIf User-Agent ".*MSIE.*" \ > > > nokeepalive ssl-unclean-shutdown \ > > > downgrade-1.0 force-response-1.0 > > > > > > CustomLog /var/log/httpd/ssl_request_log \ > > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > > > > > > </VirtualHost> > > > > > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL > > > 2.8.10 on a SuSE 8.1 box. > > > > > > Thanks, > > > -Andrew > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > > > > > > ______________________________________________________________________ > > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." > -- Johnny Hart > > testing, only testing, and damn good at it too! > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
