[ https://issues.apache.org/jira/browse/TS-612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-612: ----------------------------- Fix Version/s: (was: 3.1.2) 3.1.3 I'm moving all 3.1.2 bugs out to 3.1.3, and we can move some 3.1.1 bugs out to 3.1.2, to get some release action going. > ATS does not allow password protected certificates > -------------------------------------------------- > > Key: TS-612 > URL: https://issues.apache.org/jira/browse/TS-612 > Project: Traffic Server > Issue Type: Improvement > Components: SSL > Affects Versions: 2.1.4 > Environment: Any > Reporter: Igor Galić > Fix For: 3.1.3 > > > Create a (self-signed) certificate with a password that is non-empty. {cat > server.key server.crt > server.pem} and configure it as > {CONFIG proxy.config.ssl.server.cert.filename STRING server.pem} > The result will be: > {noformat} > Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: --- Server Starting > --- > Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: Server Version: > Apache Traffic Server - traffic_server - 2.0.1 - (build # 113112 on Dec 31 > 2010 at 12:58:34) > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} STATUS: opened > var/log/trafficserver/diags.log > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: updated > diags config > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache > clustering disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: no > cache disks specified in etc/trafficserver/storage.config: cache disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache > clustering disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: > unable to open cache disk(s): Cache Disabled > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL > ERROR: Cannot use server private key file. > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: > SSL::0:error:0906406D:PEM routines:PEM_def_callback:problems getting > password:pem_lib.c:105: > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: > SSL::0:error:0906A068:PEM routines:PEM_do_header:bad password > read:pem_lib.c:406: > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: > SSL::0:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > lib:ssl_rsa.c:669: > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL > ERROR: Can't initialize the SSL library, disabling SSL termination!. > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: logging > initialized[7], logging_mode = 3 > Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: traffic > server running > {noformat} > A first -- ugly -- shot would be to at least have a password field in the > configuration. > In the end something taking the input of an external program or from a file > would be more desirable. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira