# openssl genrsa -des3 -out test.key 1024 warning, not much extra random data, consider using the -rand option Generating RSA private key, 1024 bit long modulus .......++++++ ...............................++++++ e is 65537 (0x10001) Enter PEM pass phrase: Verifying password - Enter PEM pass phrase: # openssl rsa -noout -text -in test.key read RSA key unable to load key # openssl rsa -noout -text -passin pass:test -in test.key read RSA key unable to load key # openssl rsa -noout -text -in test.key -passin pass:test read RSA key unable to load key #
Any ideas? -Mike ----- Original Message ----- From: "Andrew T. Finnell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 18, 2001 12:28 PM Subject: RE: problems with private keys... please help! urgent! > Mike, > > Are the CA of these files self-signed? If they are why > not trying regenerating new public/private key pairs. It looks to me > like the files you have are corrupted. The error > routines:X509_check_private_key:key values mismatch means that the > certificate you are loading does not belong to the private key you have > specified. > If the CA is not self-signed (i.e. from Verisign or Thawte ) > then I would still create some temporary self-signed key pairs and try > using them to test your overall system setup. If the ones you just > generated work then I would say your old files got corrupted. If they > don't then I would say that something is wrong with your install/compile > of openssl. ( Or something else. :) > > - Andrew > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Mike K > Sent: Tuesday, December 18, 2001 3:34 PM > To: [EMAIL PROTECTED] > Subject: Re: problems with private keys... please help! urgent! > > > Same problem regarding "unable to load key" when doing this. I know my > pass is correct .... > > Any other ideas? > > Thanks for the help..... > > Is this error the reason why apache wont startssl? > > -Mike > > ----- Original Message ----- > From: "Saju Paul" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, December 18, 2001 11:33 AM > Subject: Re: problems with private keys... please help! urgent! > > > > If the private key has been created with a password (usually is); then > > > the same password needs to be supplied using the -passin argument. > > > > for ex: > > > > openssl rsa -noout -modulus -in server.key -passin pass:mypasswd | > openssl > > md5 > > > > If the -passin argument is not used; it could be picking up a default > passin > > password from the openssl.cnf file. Check the openssl.cnf for a > > default passin and make sure it matches the password you used to > > create the > private > > key. > > > > --- > > > > ----- Original Message ----- > > From: "Mike K" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, December 18, 2001 2:32 PM > > Subject: Re: problems with private keys... please help! urgent! > > > > > > > It never asked me for a password.... > > > > > > > > > ----- Original Message ----- > > > From: "Saju Paul" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Tuesday, December 18, 2001 10:23 AM > > > Subject: Re: problems with private keys... please help! urgent! > > > > > > > > > > > For domain1, I tried to check the md5's of each of the key and > crt... > > > > > > > > > > The md5 for the crt shows up fine. When I try to get the md5 > > > > > for > the > > > > .key, > > > > > I get this error: > > > > > > > > > > # openssl rsa -noout -modulus -in server.key | openssl md5 read > > > > > RSA key unable to load key > > > > > d41d8cd98f00b204e9800998ecf8427e > > > > > > > > I get this error when I use an incorrect password... check your > > > password.. > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Mike K" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Tuesday, December 18, 2001 1:31 PM > > > > Subject: problems with private keys... please help! urgent! > > > > > > > > > > > > > Hi all... > > > > > > > > > > Before upgrading, one of my virtual domains (ip based) had SSL > > > > > setup > > and > > > > was > > > > > working fine. The second domain did not work. The error was > > > > > odd > > > > according > > > > > to people in IRC support channels, and I was told to upgrade to > > > > > all > of > > > the > > > > > latest versions. > > > > > > > > > > I did that. > > > > > > > > > > Now when I try to run startssl, I get errors on BOTH virtual > domains. > > > > > > > > > > The domain that had once worked produces these errors: > > > > > > > > > > [Mon Dec 17 16:41:46 2001] [error] mod_ssl: Init: > > (xxxxxxxxxxxx.com:443) > > > > > Unable to configure RSA server private key (OpenSSL library > > > > > error > > > follows) > > > > > [Mon Dec 17 16:41:46 2001] [error] OpenSSL: error:0B080074:x509 > > > > certificate > > > > > routines:X509_check_private_key:key values mismatch > > > > > > > > > > The domain2, that I couldn't get to work before the upgrade, > produces > > > > these > > > > > errors: > > > > > > > > > > [Mon Dec 17 16:45:43 2001] [error] mod_ssl: Init: Private key > > > > > not > > found > > > > > (OpenSSL library error follows) > > > > > [Mon Dec 17 16:45:43 2001] [error] OpenSSL: error:0D06B078:asn1 > > encoding > > > > > routines:ASN1_get_object:header too long > > > > > > > > > > ----------------- > > > > > > > > > > For domain1, I tried to check the md5's of each of the key and > crt... > > > > > > > > > > The md5 for the crt shows up fine. When I try to get the md5 > > > > > for > the > > > > .key, > > > > > I get this error: > > > > > > > > > > # openssl rsa -noout -modulus -in server.key | openssl md5 read > > > > > RSA key unable to load key > > > > > d41d8cd98f00b204e9800998ecf8427e > > > > > > > > > > > > > > > I get this same "unable to load key" error for any key I try to > > > > > get > > the > > > > md5 > > > > > checksum for.... > > > > > > > > > > > > > > > Any help in getting both of my virtual domain's (the two that > > > > > need > > SSL) > > > > > working is greatly appreciated. > > > > > > > > > > Thanks. > > > > > > > > > > -Mike > > > > > > > > > > > > > > > PS: Here is the Virtual Server entry from httpd.conf for > > > > > domain2... > > > > domain1 > > > > > has the exact same (but updated ip and paths) > > > > > > > > > > > > > > > NamevirtualHost xxx.xxx.xxx.44:443 > > > > > <VirtualHost xxx.xxx.xxx.44:443> > > > > > SSLEngine On > > > > > SSLCipherSuite > > > > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > > > > > SSLCertificateKeyFile > /www/conf/ssl.key/domain2_server.key > > > > > SSLCertificateFile /www/conf/ssl.crt/domain2.com.crt > > > > > DocumentRoot /home/hosting/domain2.com/public_html > > > > > ServerName domain2.com > > > > > CustomLog /www/logs/domain2.com combined > > > > > ErrorLog /www/logs/domain2_error_log > > > > > SetEnvIf User-Agent ".*MSIE.*" \ > > > > > nokeepalive ssl-unclean-shutdown \ > > > > > downgrade-1.0 force-response-1.0 > > > > > <Directory > "/home/hosting/domain2.com/public_html/cgi-bin"> > > > > > SSLOptions +StdEnvVars > > > > > </Directory> > > > > > <Files ~ "\.(cgi|shtml|phtml|php3?|php|inc)$"> > > > > > SSLOptions +StdEnvVars > > > > > </Files> > > > > > </VirtualHost> > > > > > > > > > > > ______________________________________________________________________ > > > > > OpenSSL Project > http://www.openssl.org > > > > > User Support Mailing List > [EMAIL PROTECTED] > > > > > Automated List Manager > [EMAIL PROTECTED] > > > > > > > > > ______________________________________________________________________ > > > > OpenSSL Project > http://www.openssl.org > > > > User Support Mailing List > [EMAIL PROTECTED] > > > > Automated List Manager > [EMAIL PROTECTED] > > > > > > > > > > > ______________________________________________________________________ > > > OpenSSL Project > http://www.openssl.org > > > User Support Mailing List > [EMAIL PROTECTED] > > > Automated List Manager > [EMAIL PROTECTED] > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]