Hi All
I have Fedora 3 installed kernel 2.6.9-1.724_FC3 as well as httpd-2.0.52-3.1, mod_ssl-2.0.52-3.1 and openssl-0.9.7a-40. I am trying to generate a self signed ssl certificate for testing my machine. I follow the folling steps to create my own key:
to delete the dummy keys that are default with FC3
rm -f /etc/httpd.conf/ssl.crt/server.crt /etc/httpd.conf/ssl.key/server.key
then create a new key cd /usr/share/ssl/certs/ make genkey
now to create the cert
cd /usr/share/ssl/certs/ make testcert
now when i go to start my httpd service i get this error:
service httpd start
Starting httpd: Apache/2.0.52 mod_ssl/2.0.52 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases.
Server server.domain.co.uk:443 (RSA) Enter pass phrase:Apache:mod_ssl:Error: Private key not found. **Stopped [FAILED]
This would suggest that the server.key file isnt in /etc/httpd/conf/ssl.key but i have check and it is and root has rights to see it.
Also /etc/httpd/conf.d/ssl.conf points to this file as well.
The out put of my ssl_errors.log is:
[Wed Jan 05 14:33:45 2005] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
which isnt much help
I have also tried with a test certificate from freessl.com but the same thing happens.
Has anyone run into this before? Any help would be greatly appreciated!! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
