Re: Problems using https:

Ralf S. Engelschall Fri, 7 May 1999 02:56:34 -0700
On Fri, May 07, 1999, Fred Read wrote:

> Boyce, Nick wrote:
> > Are you sure you've modified the server config to cause it to 
> > expect SSL connections (as well as built it to be capable of them)?
> [...]
> <VirtualHost _default_:443>
>     SSLEngine on
>     SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
> </VirtualHost>
> [...]
>   Apache:mod_ssl:Error: Pass phrase incorrect.
>   **Stopped
>   /usr/local/apache/bin/apachectl startssl: httpd could not be started
> [...]
>     httpd: [date] [error] mod_ssl: Init: Pass phrase incorrect.
> [Date] [info]  Init: 1st startup round (still not detached)
> [Date] [info]  Init: Initializing OpenSSL library
> [Date] [info]  Init: Loading certificate & private key of SSL-aware
> server <server>:443
> [error] Init: Pass phrase incorrect.
> The trouble is, I have never been given the option of entering 
> the appropriate pass phrase.
> 
> I feel I am *almost* there but just need a tiny nudge in the 
> right direction.

First, _please_ always start with the provided default configuration in the
installed httpd.conf.default file before you try fiddling around yourself with
the various SSL* directives. It saves you a lot of trouble until you carefully
read _and_ understood the documentation.

Second, your particular problem is that an SSLCertificateKeyFile directive is
missing or at least the /usr/local/apache/conf/ssl.crt/server.crt file doesn't
contain also the key. Please either append the key at the end of this file or
reference your private key file with SSLCertificateKeyFile.

Third, you're right: It's my fault that mod_ssl gives a confusing "Pass phrase
incorrect." even when it should read "no private key found at all" for your
situation.  The problem is that for OpenSSL's parsing routines there seems to
be no difference between "not found" and "not decryptable" here and this way
mod_ssl can't give a more reasonable error message. I'll try to find a
solution for a better error message...

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: Problems using https:

Reply via email to
