cant start apache with self signed cert

cant start apache with self signed cert

am 05.01.2005 15:49:40 von bobpilly

Hi All

I have Fedora 3 installed kernel 2.6.9-1.724_FC3 as well as
httpd-2.0.52-3.1, mod_ssl-2.0.52-3.1 and openssl-0.9.7a-40. I am trying
to generate a self signed ssl certificate for testing my machine. I
follow the folling steps to create my own key:

to delete the dummy keys that are default with FC3

rm -f /etc/httpd.conf/ssl.crt/server.crt /etc/httpd.conf/ssl.key/server.key

then create a new key
cd /usr/share/ssl/certs/
make genkey

now to create the cert

cd /usr/share/ssl/certs/
make testcert

now when i go to start my httpd service i get this error:

service httpd start

Starting httpd: Apache/2.0.52 mod_ssl/2.0.52 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server server.domain.co.uk:443 (RSA)
Enter pass phrase:Apache:mod_ssl:Error: Private key not found.
**Stopped
[FAILED]

This would suggest that the server.key file isnt in
/etc/httpd/conf/ssl.key but i have check and it is and root has rights
to see it.

Also /etc/httpd/conf.d/ssl.conf points to this file as well.

The out put of my ssl_errors.log is:
[Wed Jan 05 14:33:45 2005] [error] Init: Unable to read pass phrase
[Hint: key introduced or changed before restart?]
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218710120
error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218529960
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218595386
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Wed Jan 05 14:33:45 2005] [error] SSL Library Error: 218734605
error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

which isnt much help

I have also tried with a test certificate from freessl.com but the same
thing happens.

Has anyone run into this before? Any help would be greatly appreciated!!
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org