PassPhraseDialog BuiltIn not supported...

Recently I got a certicate from one of the CA authority. However, my
SSL.log is giving me an error. I don't know what did I do wrong can
anyone help me?

[30/May/2002 17:31:16 05760] [info] Init: Initializing OpenSSL
library[30/May/2002 17:31:16 05760] [info] Init: Initializing OpenSSL
library
[30/May/2002 17:31:16 05760] [info] Init: Seeding PRNG with 136 bytes
of entropy
[30/May/2002 17:31:17 05760] [info] Init: (secure.*****.com:443)
Loading certificate & private key of SSL-aware server
[30/May/2002 17:31:17 05760] [error] Init: PassPhraseDialog BuiltIn not
supported in server private key from file
F:/Apache/Apache2/conf/ssl/secure.key (OpenSSL library error follows)
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D084069:asn1
encoding routines:d2i_ASN1_SET:bad tag
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09D082:asn1
encoding routines:d2i_RSAPrivateKey:parsing
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09B00D:asn1
encoding routines:d2i_PrivateKey:ASN1 lib

I am using Apache/2.0.35 (Win32) mod_ssl/2.0.35 OpenSSL/0.9.6c

Chris Hsiang
Intervivos LLC

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: PassPhraseDialog BuiltIn not supported...

On Thu, 30 May 2002, Chris Hsiang wrote:

> [30/May/2002 17:31:17 05760] [error] Init: PassPhraseDialog BuiltIn not
> supported in server private key from file
> F:/Apache/Apache2/conf/ssl/secure.key (OpenSSL library error follows)

It means you can't use SSLPassPhraseDialog BuiltIn on Win32. Either use
the SSLPassPhraseDialog exec:/path/to/program method or just get rid of
the passphrase. (I recommend the latter.)

Granted, it's a rather obtuse error message. I just changed it for
2.0.37.

Hope this helps,
--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: PassPhraseDialog BuiltIn not supported...

This is a multi-part message in MIME format.

------=_NextPart_000_001E_01C20807.A7752220
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

>>It means you can't use SSLPassPhraseDialog BuiltIn on Win32. Either
use
>>the SSLPassPhraseDialog exec:/path/to/program method or just get rid
of
>>the passphrase. (I recommend the latter.)

what exec I can use on win32 to submit the passphrase and also, how do I
get rid of the passphrase from my private key now?

Chris Hsiang
Intervivos LLC




------=_NextPart_000_001E_01C20807.A7752220
Content-Type: text/x-vcard;
name="Chris Hsiang (chsiang@ivivos.com).vcf"
Content-Disposition: attachment;
filename="Chris Hsiang (chsiang@ivivos.com).vcf"
Content-Transfer-Encoding: quoted-printable

BEGIN:VCARD
VERSION:2.1
N:Hsiang;Chris;;Mr.
FN:Chris Hsiang (chsiang@ivivos.com)
ORG:Intervivos LLC;IT
TITLE:Programmer
TEL;HOME;VOICE:(803) 776-1547
TEL;CELL;VOICE:(803) 348-7845
TEL;HOME;FAX:(803) 776-1547
ADR;WORK:;Columbia;501 Pelham Dr #C103;Columbia;SC;29209;United States =
of America
LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:Columbia=3D0D=3D0A501 Pelham Dr =
#C103=3D0D=3D0AColumbia, SC 29209=3D0D=3D0AUnited States=3D
of America
ADR;HOME:;;501 Pelham Dr #C103;Columbia;SC;29209;United States of =
America
LABEL;HOME;ENCODING=3DQUOTED-PRINTABLE:501 Pelham Dr =
#C103=3D0D=3D0AColumbia, SC 29209=3D0D=3D0AUnited States of America
URL;WORK:http://www.vivospage.com
EMAIL;PREF;INTERNET:chsiang@ivivos.com
REV:20020527T032552Z
END:VCARD

------=_NextPart_000_001E_01C20807.A7752220--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: PassPhraseDialog BuiltIn not supported...

On Thu, 30 May 2002, Chris Hsiang wrote:

> what exec I can use on win32 to submit the passphrase and also

You'd have to write your own script to do it. But keep in mind that
protecting the _script_ with the passphrase hardcoded into it is hard, and
even if you manage to do that, there are still problems protecting the key
since the web server has the decrypted private key in-memory after you've
submitted the passphrase.

Whether passphrases are any good or not is a bit of an ongoing heated
debate on this mailing list (AND NO, GUYS, LET'S NOT GO THROUGH THAT AGAIN
PLEASE :-)... just suffice it to say that you should be aware of the
security implications of either choice when deciding how best to protect
your private key.


> how do I get rid of the passphrase from my private key now?

See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31 . It's in
unix-speak, but it shouldn't be hard to see what to do. It's the openssl
command that is the important one... and of course be sure to set the
permissions correctly on the key.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: PassPhraseDialog BuiltIn not supported...

Thanks it worked. I have removed the pass phrase and I have absolute no
intention to start another hot debate. I am still new to MOD_SSL and
Apache 2.0.X

>Whether passphrases are any good or not is a bit of an ongoing heated
>debate on this mailing list (AND NO, GUYS, LET'S NOT GO THROUGH THAT
AGAIN
>PLEASE :-)... just suffice it to say that you should be aware of the
>security implications of either choice when deciding how best to
protect
>your private key.

>> how do I get rid of the passphrase from my private key now?

>See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31 . It's in
>unix-speak, but it shouldn't be hard to see what to do. It's the
openssl
>command that is the important one... and of course be sure to set the
>permissions correctly on the key.

Chris Hsiang
Intervivos LLC

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org