private key not found/server cert sign failed

Can anyone tell me what this error means and how to fix it? I'm running a=
pache=20
1.3.26 with mod_ssl 2.8.10 on a SuSE8.1 box.

/etc/init.d/apache start returned 7 (Program is not running.)
Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phr=
ase=20
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server matrix.pelathe.org:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
stty: standard input: Inappropriate ioctl for device
.failed

How do I get it to take my pass phrases? I must have skipped a file becau=
se=20
insofar I've given the same phrase to every file that's asked for it. Did=
I=20
input the wrong information in one of the .conf files maybe? I get the=20
feeling that this is almost supidly simple to fix, but I just can't seem =
to=20
get it right.=20

It may or may not have something to do with this error I received when=20
recently self-signing my certificate:=20

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=3DUS/ST=3DKS/L=3DLawrence/O=3DPelathe Community Resource=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org

*this one>>>> error 18 at 0 depth lookup:self signed certificate

/C=3DUS/ST=3DKS/L=3DLawrence/O=3DPelathe Community Resource=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org

*and this one>>>> error 7 at 0 depth lookup:certificate signature failure

Again, I have no clue why it failed these checks or how to fix them. Any =
help=20
would be appreciated. Thanks.

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Error on expired date of cert

Hello,

I have following option:
SSLVerifyClient optional

(optional_no_ca - same result)

My servlet analizes data from cert. With correct certs all is ok.
Somebody without cert also has access to my page and I know that he hasn't a
cert, but when expired cert is used then server error is occured.
What is problem? Can I create ssl configuration to give access for all certs
and to get cert info.

Thank You
Oleg Lebedev



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Error on expired date of cert

On Tue, Jan 28, 2003 at 09:22:36PM +0200, Oleg Lyebyedyev wrote:
> Hello,
>
> I have following option:
> SSLVerifyClient optional
>
> (optional_no_ca - same result)
>
> My servlet analizes data from cert. With correct certs all is ok.
> Somebody without cert also has access to my page and I know that he hasn't a
> cert, but when expired cert is used then server error is occured.
> What is problem? Can I create ssl configuration to give access for all certs
> and to get cert info.
>
Currently that is not possible afaict.

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Error on expired date of cert

Ok. Is there exists some way to redirect user with expired cert to other
page?


> > Hello,
> >
> > I have following option:
> > SSLVerifyClient optional
> >
> > (optional_no_ca - same result)
> >
> > My servlet analizes data from cert. With correct certs all is ok.
> > Somebody without cert also has access to my page and I know that he
hasn't a
> > cert, but when expired cert is used then server error is occured.
> > What is problem? Can I create ssl configuration to give access for all
certs
> > and to get cert info.
> >
> Currently that is not possible afaict.
>
> vh
>
> Mads Toftum
> --
> `Darn it, who spiked my coffee with water?!' - lwall
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org