Have you tried with a self signed certificate just to see what happens?
# openssl req -new -x509 -days 3650 -nodes -newkey rsa:4096 -out
/etc/ssl/certs/test.pem -keyout /etc/ssl/private/test.pem
# chmod go= /etc/ssl/private/test.pem
httpd.conf
SSLCertificateFile /etc/ssl/certs/test.pem
SSLCertificateKeyFile /etc/ssl/private/test.pem
On 09/29/2014 05:02 PM, Benjamin Oppermann wrote:
> Ooops, my bad.
>
> ~$ sudo openssl rsa -in /etc/ssl/private/owncloud.key -check
> RSA key ok
>
> So the key file itself is not the problem...
>
> Am Mo, 29. Sep 2014, um 22:15, schrieb Benjamin Oppermann:
>> So should I revoke the changes to permissions I made, or remove
>> permissions for my user, leaving only root?
>>
>>
>> ~$ openssl rsa -in /etc/ssl/private/owncloud.key -check
>> Error opening Private Key /etc/ssl/private/owncloud.key
>> 139748944725664:error:0200100D:system library:fopen:Permission
>> denied:bss_file.c:398:fopen('/etc/ssl/private/owncloud.key','r')
>> 139748944725664:error:20074002:BIO routines:FILE_CTRL:system
>> lib:bss_file.c:400:
>> unable to load Private Key
>>
>>
>> I take it this means the key file is broken?
>>
>>
>> Am Mo, 29. Sep 2014, um 21:57, schrieb Daniel:
>>> a private key should never be accesible to groups or others, just
>>> root as read only.
>>>
>>> Having said this... have you checked the key file is correct?
>>>
>>> try this:
>>> openssl rsa -in /etc/ssl/private/owncloud.key -check
>>>
>>> 2014-09-29 21:22 GMT+02:00 Benjamin Oppermann <[email protected]
>>> <mailto:[email protected]>>:
>>>
>>> Ok, I tried this. The permissions are now:
>>>
>>> ~$ sudo ls -l /etc/ssl/private/owncloud.key
>>> -rw-r--r-- 1 root ben 1704 Sep 28 04:01
>>> /etc/ssl/private/owncloud.key
>>>
>>> I still get the same error.
>>> Regards Ben
>>>
>>>
>>> Am Mo, 29. Sep 2014, um 14:12, schrieb Bremser, Kurt (AMOS Austria
>>> GmbH):
>>> > The first thing that I'd try is
>>> > sudo chmod go+r /etc/ssl/private/owncloud.key
>>> >
>>> > Kurt Bremser
>>> > AMOS Austria
>>> >
>>> > Newton was wrong. There is no gravity. The Earth sucks.
>>> > ________________________________________
>>> > Von: Benjamin Oppermann [[email protected]]
>>> > Gesendet: Montag, 29. September 2014 13:31
>>> > An: [email protected] <mailto:[email protected]>
>>> > Betreff: **SPAM?** [users@httpd] "corrupted content" error,
>>> httpd can't
>>> > access SSL key file [wd-vc]
>>> >
>>> > Hi,
>>> > I can't reach my website, I get a "corrupted content" error
>>> message in
>>> > the browser.
>>> > Looking into apache (version 2.4.7 on Ubuntu 14.04), I get
>>> >
>>> > ~$ apachectl -S
>>> > AH00526: Syntax error on line 22 of
>>> > /etc/apache2/sites-enabled/000-default.conf:
>>> > SSLCertificateKeyFile: file
>>> '/etc/ssl/private/owncloud.key' does not
>>> > exist or is empty
>>> > Action '-S' failed.
>>> >
>>> > However, I double checked that the file is in the appropriate
>>> location
>>> > and does contain the key, so maybe apache has no permission.
>>> afaik, it
>>> > doesn't run as root all the time - or only for a short time?
>>> > permissions for the key file are as follows:
>>> >
>>> > ~$ sudo ls -l /etc/ssl/private/owncloud.key
>>> > -rw------- 1 root ben 1704 Sep 28 04:01
>>> > /etc/ssl/private/owncloud.key
>>> >
>>> > , where ben is my normal user.
>>> > It was suggested to me on the httpd IRC channel that maybe
>>> apparmor was
>>> > doing something wrong, but I don't know how to investigate that.
>>> > I did have a working configuration and made no changes to it
>>> before this
>>> > happened. The only change I made was to put a router between
>>> the second
>>> > gateway and the server and resolved the domain name to its
>>> local IP
>>> > inside the network (the page isn't reachable from inside either).
>>> > Just so you know, this is the first time I am setting up a
>>> server, and I
>>> > am all self-taught.
>>> > Reading suggestions for a good start are appreciated, but of
>>> course a
>>> > how-to or specific section of a manual would be more helpful
>>> than a
>>> > generic exhortation to rtfm :-)
>>> > Any hints?
>>> > Thanks, Ben
>>> >
>>> >
>>> ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: [email protected]
>>> <mailto:[email protected]>
>>> > For additional commands, e-mail: [email protected]
>>> <mailto:[email protected]>
>>>
>>> >
>>> ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: [email protected]
>>> <mailto:[email protected]>
>>> > For additional commands, e-mail: [email protected]
>>> <mailto:[email protected]>
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> <mailto:[email protected]>
>>> For additional commands, e-mail: [email protected]
>>> <mailto:[email protected]>
>>>
>>>
>>>
>>
>
