Re: apache mod_ssl chroot problem
On Wed, Oct 17, 2007 at 08:46:01PM +0700, Muhammad Reza wrote: Dear List. I have problem running apache in chroot mode with ssl enable. Apache in chroot mode running fine without ssl enable, but when i try to start with mod_ssl enable, error occured with this message. beastie#chroot /chroot/httpd /usr/local/apache2/bin/httpd Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server beastie.mra.co.id:443 (RSA) Enter pass phrase:Apache:mod_ssl:Error: Private key not found. **Stopped and with error log [Wed Oct 17 13:37:25 2007] [error] Init: Private key not found [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib [Wed Oct 17 13:38:32 2007] [error] Init: Private key not found [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218595386b error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib If i escape from chrooted enviroment, apache with mod_ssl work fine beastie# /usr/local/apache2/bin/httpd Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.example.com:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. Is there something missing here, please enlight me. The first thing that comes to mind - are your keys inside the chroot area you want to run apache in? -- Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ pgpi9bMgoI0Uh.pgp Description: PGP signature
Re: apache mod_ssl chroot problem
Server beastie.mra.co.id:443 (RSA) Enter pass phrase:Apache:mod_ssl:Error: Private key not found. **Stopped Isn't the private key the one on the local machine? If so, is the private key visible with the chroot environment? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache mod_ssl chroot problem
On Wed, 2007-10-17 at 08:29 -0600, James wrote: Server beastie.mra.co.id:443 (RSA) Enter pass phrase:Apache:mod_ssl:Error: Private key not found. **Stopped Isn't the private key the one on the local machine? If so, is the private key visible with the chroot environment? ___ the key is in /chroot/httpd/usr/local/apache2/conf/ with 400 mode owner by root and the path in htppd-ssl.conf is SSLCertificateKeyFile /usr/local/apache2/conf/server.key Is there anyway to test that my key is visible by chroot program ?? regards Reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache mod_ssl chroot problem
On Wed, 2007-10-17 at 13:38 +0100, Daniel Bye wrote: On Wed, Oct 17, 2007 at 08:46:01PM +0700, Muhammad Reza wrote: Dear List. I have problem running apache in chroot mode with ssl enable. Apache in chroot mode running fine without ssl enable, but when i try to start with mod_ssl enable, error occured with this message. beastie#chroot /chroot/httpd /usr/local/apache2/bin/httpd Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server beastie.mra.co.id:443 (RSA) Enter pass phrase:Apache:mod_ssl:Error: Private key not found. **Stopped and with error log [Wed Oct 17 13:37:25 2007] [error] Init: Private key not found [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib [Wed Oct 17 13:38:32 2007] [error] Init: Private key not found [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218595386b error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib If i escape from chrooted enviroment, apache with mod_ssl work fine beastie# /usr/local/apache2/bin/httpd Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.example.com:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful. Is there something missing here, please enlight me. The first thing that comes to mind - are your keys inside the chroot area you want to run apache in? the key is in /chroot/httpd/usr/local/apache2/conf/ with 400 mode owner by root and the path in htppd-ssl.conf is SSLCertificateKeyFile /usr/local/apache2/conf/server.key Is there anyway to test that my key is visible by chroot program ?? regards Reza ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]