DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31856>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31856 Private key in PKCS8 format causes crash with SSLProxyMachineCertificateFile ------- Additional Comments From [EMAIL PROTECTED] 2004-10-23 19:40 ------- Upon further investigation by Mark Foster (http://mark.foster.cc/), Java was exporting the private key in PKCS#8 format, not RSA format, which is why the MIME text of the private key doesn't match between the crashapache2-bad.crtkey and the crashapache2.crtkey files. That means that this bug is really a case where using a private key in PKCS#8 format causes Apache to crash with the SSLProxyMachineCertificateFile directive. Yes, it was due to ignorance on my part, but I figured this still may be fixable. Mark explains (in an email to me): I noticed something odd about your exported private key. It has -----BEGIN PRIVATE KEY----- and not -----BEGIN RSA PRIVATE KEY----- which got me to poking around and lead me to this http://www.openssl.org/docs/apps/pkcs8.html Sure enough, this works... openssl pkcs8 -inform PEM -nocrypt -in exported.key -out exported4.pem In other words the output of this command looks exactly like the rsa. So the private key is being exported as PKCS#8 PEM format. It's not corrupted per se. Apache must be expecting an RSA key in the cert/key file. -- Some days it's just not worth chewing through the restraints... Mark D. Foster, CISSP <[EMAIL PROTECTED]> http://mark.foster.cc/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
