Oh, I see now. Well, it's nothing like that. Pelathe has had its domain since
'98. We've had a sever that died and had to transfer everything to a new
Linux box, but this is the first time we've ever tried to make a ssl server,
so I don't think that would make a difference.
It's really strange that the crt for your transferred domain won't work
though. Maybe there is some fundamental difference between the two servers
that would cause problems? Can you just make new keys for the domain instead?
Or is that not how it works?
On Friday 07 March 2003 13:38, Justin Williams wrote:
> I had a domain that was transferred to my server, and with it came the key
> and crt files from the old server. That particular domain the SSL is
> blowing up... More accurately, Apache refuses to start, with the same
> error you get, when I try to enable the SSL for that domain...
>
> ----- Original Message -----
> From: "A. Putnam" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, March 08, 2003 4:48 PM
> Subject: Re: private key not found
>
>
> I'm not too sure what you mean when you ask if the domain was transferred.
> What domain? All I know I did was that I generated the key/csr/crts and
> self-signed the CA.
>
> On Thursday 06 March 2003 14:03, Justin Williams wrote:
> > was the domain moved over to your server, or did you generate
> > key/csr/crt?
> >
> > I'm having the same difficulty with one where the domain, cert and key
>
> were
>
> > transferred; all my others work properly...
> >
> > ----- Original Message -----
> > From: "A. Putnam" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, March 07, 2003 5:20 PM
> > Subject: Re: private key not found
> >
> >
> > The permissions for the server.crt file are rw-r--r-- but it still cannot
> > find
> > the Private Key.
> >
> > On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > > Please check the permissions on your private key. They should be
> > > readable only by owner (400)
> > >
> > > (knee-jerk first guess reaction)
> > >
> > > Best of luck
> > >
> > > ----- Original Message -----
> > > From: "A. Putnam" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Friday, March 07, 2003 3:42 PM
> > > Subject: private key not found
> > >
> > >
> > > I'm trying to get mod_ssl to work on my server, but each time I try to
> > > restart
> > > apache with mod_ssl activated, it gives me this error:
> > >
> > > /etc/init.d/apache start returned 7 (Program is not running.)
> > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > > Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server matrix.pelathe.org:443 (RSA)
> > > Enter pass phrase:
> > > Apache:mod_ssl:Error: Private key not found.
> > > **Stopped
> > > stty: standard input: Inappropriate ioctl for device
> > > ..failed
> > >
> > > What I don't understand is how it can't find the Private key. The
> > > SSLCertificateKeyFile path in httpd.conf matches the location of the
> > > key
> >
> > in
> >
> > > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> > >
> > > I'm including the Virtual Host code (sans the explination text and a
> > > passkey).
> > > I'm very new to this so I won't be surprised if there is a glaring
> > > error
> >
> > in
> >
> > > here that I missed...
> > >
> > > <VirtualHost _default_:443>
> > >
> > > DocumentRoot "/srv/www/htdocs"
> > > ServerName matrix.pelathe.org
> > > ServerAdmin [EMAIL PROTECTED]
> > > ErrorLog /var/log/httpd/error_log
> > > TransferLog /var/log/httpd/access_log
> > >
> > > SSLEngine on
> > >
> > > SSLCipherSuite
> > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> > >
> > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> > >
> > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> > >
> > > #SSLCACertificatePath /etc/httpd/ssl.crt
> > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> > >
> > > SSLCARevocationPath /etc/httpd/ssl.crl
> > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> > >
> > > SSLVerifyClient require
> > > SSLVerifyDepth 10
> > >
> > > #<Location />
> > > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> > > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > > #</Location>
> > >
> > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
> > > +StrictRequire <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> > > SSLOptions +StdEnvVars
> > > </Files>
> > > <Directory "/srv/www/cgi-bin">
> > > SSLOptions +StdEnvVars
> > > </Directory>
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > > nokeepalive ssl-unclean-shutdown \
> > > downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/httpd/ssl_request_log \
> > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > > </VirtualHost>
> > >
> > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> > >
> > > Thanks,
> > > -Andrew
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List [EMAIL PROTECTED]
> > > Automated List Manager [EMAIL PROTECTED]
> > >
> > >
> > > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List [EMAIL PROTECTED]
> > > Automated List Manager [EMAIL PROTECTED]
--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
