https://bz.apache.org/bugzilla/show_bug.cgi?id=64308
Bug ID: 64308 Summary: Wrong private key, but Apache started. Product: Apache httpd-2 Version: 2.4.41 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_ssl Assignee: bugs@httpd.apache.org Reporter: yuihome0...@gmail.com Target Milestone: --- Hello everyone why are the logs of Server 1 and Server 2 different? Server 1 and Server 2 have the same certificate and certificate key. Because of this difference, server1 does not generate an error when starting from Apache. However, server2 gives an error. Actually, the certificate and the key file do not match (wrong key file and certificate). However, Apache on server1 was started Apache on server2 is not started. Do you know why? I'm looking forward to hearing from you. Hope everything is good. server 1 version : centos6, openssl/1.0.1e , apache 2.4.41(built:Feb 24 2020) and centos7, openssl/1.1.1d, apache 2.4.41(built: Mar 13 2020) [Sun Apr 05 20:53:08.809610 2020] [ssl:info] [pid 6780] AH02200: Loading certificate & private key of SSL-aware server 'm.chunilmall.com:443' [Sun Apr 05 20:53:08.809778 2020] [ssl:debug] [pid 6780] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required [Sun Apr 05 20:53:08.809843 2020] [ssl:info] [pid 6780] AH01914: Configuring server m.chunilmall.com:443 for SSL protocol [Sun Apr 05 20:53:08.809847 2020] [ssl:trace3] [pid 6780] ssl_engine_init.c(495): Creating new SSL context (protocols: TLSv1, TLSv1.1, TLSv1.2) [Sun Apr 05 20:53:08.809952 2020] [ssl:trace1] [pid 6780] ssl_engine_init.c(682): Configuring client authentication [Sun Apr 05 20:53:08.810095 2020] [ssl:trace1] [pid 6780] ssl_engine_init.c(746): Configuring permitted SSL ciphers [HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA] [Sun Apr 05 20:53:08.810206 2020] [ssl:debug] [pid 6780] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate) [Sun Apr 05 20:53:08.810211 2020] [ssl:debug] [pid 6780] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling [Sun Apr 05 20:53:08.810214 2020] [ssl:debug] [pid 6780] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate [Sun Apr 05 20:53:08.810283 2020] [ssl:trace3] [pid 6780] ssl_util_ssl.c(484): [m.chunilmall.com:443] SSL_X509_match_name: expecting name 'm.chunilmall.com', matched by ID 'm.chunilmall.com' [Sun Apr 05 20:53:08.810322 2020] [ssl:debug] [pid 6780] ssl_util_ssl.c(495): AH02412: [m.chunilmall.com:443] Cert matches for name 'm.chunilmall.com' [subject: CN=m.chunilmall.com,OU=Domain Control Validated,C=KR / issuer: CN=AlphaSSL CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE / serial: 03618108EA17A071E1CCC36A / notbefore: Mar 19 08:30:09 2020 GMT / notafter: Mar 20 08:30:09 2022 GMT] [Sun Apr 05 20:53:08.810326 2020] [ssl:debug] [pid 6780] ssl_engine_init.c(988): AH02236: Configuring RSA server private key server 2 version : aws, centos7, openssl/1.1.1d, apache/2.4.41(Unix) (built:Mar 10 2020) [Sun Apr 05 21:19:02.628142 2020] [ssl:info] [pid 6944:tid 140066288195392] AH01914: Configuring server m.chunilmall.com.crt:443 for SSL protocol [Sun Apr 05 21:19:02.628164 2020] [ssl:trace3] [pid 6944:tid 140066288195392] ssl_engine_init.c(598): Creating new SSL context (protocols: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3) [Sun Apr 05 21:19:02.628258 2020] [ssl:trace1] [pid 6944:tid 140066288195392] ssl_engine_init.c(864): Configuring client authentication [Sun Apr 05 21:19:02.628452 2020] [ssl:debug] [pid 6944:tid 140066288195392] ssl_engine_init.c(2062): AH02209: CA certificate: CN=AlphaSSL CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE [Sun Apr 05 21:19:02.628460 2020] [ssl:trace1] [pid 6944:tid 140066288195392] ssl_engine_init.c(934): Configuring permitted SSL ciphers [HIGH:MEDIUM:!MD5:!RC4:!3DES:!aNULL:!eNULL:!EXP] [Sun Apr 05 21:19:02.628591 2020] [ssl:debug] [pid 6944:tid 140066288195392] ssl_engine_init.c(1130): AH01904: Configuring server certificate chain (1 CA certificate) [Sun Apr 05 21:19:02.628597 2020] [ssl:debug] [pid 6944:tid 140066288195392] ssl_engine_init.c(498): AH01893: Configuring TLS extension handling [Sun Apr 05 21:19:02.628637 2020] [ssl:emerg] [pid 6944:tid 140066288195392] AH02561: Failed to configure certificate m.chunilmall.com.crt:443:0, check /test2/web/apache2.4.41/conf/ssl/test/a.key [Sun Apr 05 21:19:02.628648 2020] [ssl:emerg] [pid 6944:tid 140066288195392] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Sun Apr 05 21:19:02.628656 2020] [ssl:emerg] [pid 6944:tid 140066288195392] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org