There is no pass phrase on the key file. I've redone the key and crt several times; it always asks me for a passphrase at some point but I think that at the end of the process nothing is encrypted
On 2/16/07, Xian Xian <[EMAIL PROTECTED]> wrote:
Brian, You'd better to redo a key file and crt file. Remove the pass phrase from the key file. Good luck! Xian On 2/16/07, Brian Gordon <[EMAIL PROTECTED]> wrote: > > I've been trying for ages to get my server running SSL successfully. I > don't need port 80 (unencrypted traffic) at all, just 411. > > I have the module set up just fine, and apache runs fine unless I > define a valid cert and key: > > SSLCertificateFile pw/my-server.cert > SSLCertificateKeyFile pw/my-server.key > > These are unencrypted (win32 doesn't support encrypted keys) SSL keys > that are valid for apache (when they're not valid it tells me so and > refuses to load them). But when I have these defined, and I start > apache, the "starting apache" console window comes up and takes longer > than usual, then just crashes and the vista "Apache HTTP server > stopped working and was closed" window comes up. > > This is the entire debug log for an attempted start: > > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of > SSL-aware server > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_pphrase.c(469): > unencrypted RSA private key - pass phrase not required > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary RSA > private keys (512/1024 bits) > [Fri Feb 16 01:29:29 2007] [info] Init: Generating temporary DH > parameters (512/1024 bits) > [Fri Feb 16 01:29:29 2007] [info] Init: Initializing (virtual) servers for SSL > [Fri Feb 16 01:29:29 2007] [info] Configuring server for SSL protocol > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(405): Creating > new SSL context (protocols: SSLv2, SSLv3, TLSv1) > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(729): Configuring > RSA server certificate > [Fri Feb 16 01:29:29 2007] [warn] RSA server certificate CommonName > (CN) `163.11.110.152:443' does NOT match server name!? > [Fri Feb 16 01:29:29 2007] [debug] ssl_engine_init.c(768): Configuring > RSA server private key > [Fri Feb 16 01:29:29 2007] [info] Server: Apache/2.2.3, Interface: > mod_ssl/2.2.3, Library: OpenSSL/0.9.8d > [Fri Feb 16 01:29:29 2007] [info] Init: Seeding PRNG with 136 bytes of entropy > [Fri Feb 16 01:29:29 2007] [info] Loading certificate & private key of > SSL-aware server > > It abruptly ends at that last line. > > This is the relevant section from my httpd.conf. It's basically > identical to ssl.conf and including that doesn't make a difference. > And like I said, if I just take out those two cert/key lines then it > will start fine (but of course tell me that there's no way ssl will > work without a certificate). > > #SSL > > Listen 163.11.110.152:443 > > AddType application/x-x509-ca-cert .cert > AddType application/x-pkcs7-crl .crl > > SSLMutex default > SSLRandomSeed startup builtin > SSLSessionCache none > > LogLevel debug > > <VirtualHost 163.11.110.152:443> > SSLEngine On > SSLCertificateFile pw/my-server.cert > SSLCertificateKeyFile pw/my-server.key > </VirtualHost> > > Does anyone know what's going on? I see hundreds of success stories > around the internet about making the key file unencrypted, but mine is > already unencrypted. Also it's Listening on a specific IP address, > something that helped some other people. What else is there left ot > try? > > -- > Brian Gordon > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager [EMAIL PROTECTED] >
-- Brian Gordon ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
