private key not found

I'm trying to get mod_ssl to work on my server, but each time I try to re=
start=20
apache with mod_ssl activated, it gives me this error:

/etc/init.d/apache start returned 7 (Program is not running.)
Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phr=
ase=20
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server matrix.pelathe.org:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
stty: standard input: Inappropriate ioctl for device
.failed

What I don't understand is how it can't find the Private key. The=20
SSLCertificateKeyFile path in httpd.conf matches the location of the key =
in=20
my directory. Isn't the SSLCertificateKeyFile the Private Key path?

I'm including the Virtual Host code (sans the explination text and a pass=
key).=20
I'm very new to this so I won't be surprised if there is a glaring error =
in=20
here that I missed...



DocumentRoot "/srv/www/htdocs"
ServerName matrix.pelathe.org
ServerAdmin tkitchen@pelathe.org
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite=20
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

SSLCertificateFile /etc/httpd/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key

SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt

#SSLCACertificatePath /etc/httpd/ssl.crt
SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt

SSLCARevocationPath /etc/httpd/ssl.crl
#SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl

SSLVerifyClient require
SSLVerifyDepth 10

#
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
# and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20 ) \
# or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
#

#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SS=
L=20
2.8.10 on a SuSE 8.1 box.

Thanks,
-Andrew
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

Please check the permissions on your private key. They should be readable
only by owner (400)

(knee-jerk first guess reaction)

Best of luck

----- Original Message -----
From: "A. Putnam"
To:
Sent: Friday, March 07, 2003 3:42 PM
Subject: private key not found


I'm trying to get mod_ssl to work on my server, but each time I try to
restart
apache with mod_ssl activated, it gives me this error:

/etc/init.d/apache start returned 7 (Program is not running.)
Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass Phrase
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server matrix.pelathe.org:443 (RSA)
Enter pass phrase:
Apache:mod_ssl:Error: Private key not found.
**Stopped
stty: standard input: Inappropriate ioctl for device
...failed

What I don't understand is how it can't find the Private key. The
SSLCertificateKeyFile path in httpd.conf matches the location of the key in
my directory. Isn't the SSLCertificateKeyFile the Private Key path?

I'm including the Virtual Host code (sans the explination text and a
passkey).
I'm very new to this so I won't be surprised if there is a glaring error in
here that I missed...



DocumentRoot "/srv/www/htdocs"
ServerName matrix.pelathe.org
ServerAdmin tkitchen@pelathe.org
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log

SSLEngine on

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

SSLCertificateFile /etc/httpd/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key

SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt

#SSLCACertificatePath /etc/httpd/ssl.crt
SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt

SSLCARevocationPath /etc/httpd/ssl.crl
#SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl

SSLVerifyClient require
SSLVerifyDepth 10

#
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#

#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

SSLOptions +StdEnvVars


SSLOptions +StdEnvVars


SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
2.8.10 on a SuSE 8.1 box.

Thanks,
-Andrew
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

The permissions for the server.crt file are rw-r--r-- but it still cannot=
find=20
the Private Key.

On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> Please check the permissions on your private key. They should be reada=
ble
> only by owner (400)
>
> (knee-jerk first guess reaction)
>
> Best of luck
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Friday, March 07, 2003 3:42 PM
> Subject: private key not found
>
>
> I'm trying to get mod_ssl to work on my server, but each time I try to
> restart
> apache with mod_ssl activated, it gives me this error:
>
> /etc/init.d/apache start returned 7 (Program is not running.)
> Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide us with the pass phrases.
>
> Server matrix.pelathe.org:443 (RSA)
> Enter pass phrase:
> Apache:mod_ssl:Error: Private key not found.
> **Stopped
> stty: standard input: Inappropriate ioctl for device
> ..failed
>
> What I don't understand is how it can't find the Private key. The
> SSLCertificateKeyFile path in httpd.conf matches the location of the ke=
y in
> my directory. Isn't the SSLCertificateKeyFile the Private Key path?
>
> I'm including the Virtual Host code (sans the explination text and a
> passkey).
> I'm very new to this so I won't be surprised if there is a glaring erro=
r in
> here that I missed...
>
>
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> #SSLCACertificatePath /etc/httpd/ssl.crt
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
> #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
>
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> #
> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> # and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> # and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20 ) \
> # or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> #
>
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequir=
e
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
> Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_=
SSL
> 2.8.10 on a SuSE 8.1 box.
>
> Thanks,
> -Andrew
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

was the domain moved over to your server, or did you generate key/csr/crt?

I'm having the same difficulty with one where the domain, cert and key were
transferred; all my others work properly...

----- Original Message -----
From: "A. Putnam"
To:
Sent: Friday, March 07, 2003 5:20 PM
Subject: Re: private key not found


The permissions for the server.crt file are rw-r--r-- but it still cannot
find
the Private Key.

On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> Please check the permissions on your private key. They should be readable
> only by owner (400)
>
> (knee-jerk first guess reaction)
>
> Best of luck
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Friday, March 07, 2003 3:42 PM
> Subject: private key not found
>
>
> I'm trying to get mod_ssl to work on my server, but each time I try to
> restart
> apache with mod_ssl activated, it gives me this error:
>
> /etc/init.d/apache start returned 7 (Program is not running.)
> Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide us with the pass phrases.
>
> Server matrix.pelathe.org:443 (RSA)
> Enter pass phrase:
> Apache:mod_ssl:Error: Private key not found.
> **Stopped
> stty: standard input: Inappropriate ioctl for device
> ..failed
>
> What I don't understand is how it can't find the Private key. The
> SSLCertificateKeyFile path in httpd.conf matches the location of the key
in
> my directory. Isn't the SSLCertificateKeyFile the Private Key path?
>
> I'm including the Virtual Host code (sans the explination text and a
> passkey).
> I'm very new to this so I won't be surprised if there is a glaring error
in
> here that I missed...
>
>
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> #SSLCACertificatePath /etc/httpd/ssl.crt
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
> #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
>
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> #
> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #
>
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
> Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
> 2.8.10 on a SuSE 8.1 box.
>
> Thanks,
> -Andrew
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

Is it possible that root would need to be able to execute this file?

On Friday 07 March 2003 16:20, A. Putnam wrote:
> The permissions for the server.crt file are rw-r--r-- but it still cann=
ot
> find the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key. They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam"
> > To:
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try t=
o
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the =
key
> > in my directory. Isn't the SSLCertificateKeyFile the Private Key path=
?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring er=
ror
> > in here that I missed...
> >
> >
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth 10
> >
> > #
> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > # and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > # and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20 )=
\
> > # or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequ=
ire
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> >
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > ____________________________________________________________ _________=
_
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.or=
g
> > User Support Mailing List modssl-users@modssl.or=
g
> > Automated List Manager majordomo@modssl.or=
g
> >
> >
> > ____________________________________________________________ _________=
_
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.or=
g
> > User Support Mailing List modssl-users@modssl.or=
g
> > Automated List Manager majordomo@modssl.or=
g

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

How did you generate the CSR to get the cert? What key file did you use for
this?

The cert (crt) file perms look ok, (444 would be better) but who owns it?

does this file exist?
/etc/httpd/ssl.key/server.key (according to your conf)

if so, the permissions should be
-r-----

This file should be owned by root (in most all cases) and not the webserver
account (nobody/apache).

----- Original Message -----
From: "A. Putnam"
To:
Sent: Friday, March 07, 2003 4:20 PM
Subject: Re: private key not found


The permissions for the server.crt file are rw-r--r-- but it still cannot
find
the Private Key.

On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> Please check the permissions on your private key. They should be readable
> only by owner (400)
>
> (knee-jerk first guess reaction)
>
> Best of luck
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Friday, March 07, 2003 3:42 PM
> Subject: private key not found
>
>
> I'm trying to get mod_ssl to work on my server, but each time I try to
> restart
> apache with mod_ssl activated, it gives me this error:
>
> /etc/init.d/apache start returned 7 (Program is not running.)
> Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide us with the pass phrases.
>
> Server matrix.pelathe.org:443 (RSA)
> Enter pass phrase:
> Apache:mod_ssl:Error: Private key not found.
> **Stopped
> stty: standard input: Inappropriate ioctl for device
> ..failed
>
> What I don't understand is how it can't find the Private key. The
> SSLCertificateKeyFile path in httpd.conf matches the location of the key
in
> my directory. Isn't the SSLCertificateKeyFile the Private Key path?
>
> I'm including the Virtual Host code (sans the explination text and a
> passkey).
> I'm very new to this so I won't be surprised if there is a glaring error
in
> here that I missed...
>
>
>
> DocumentRoot "/srv/www/htdocs"
> ServerName matrix.pelathe.org
> ServerAdmin tkitchen@pelathe.org
> ErrorLog /var/log/httpd/error_log
> TransferLog /var/log/httpd/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
>
> SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
>
> SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
>
> SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
>
> #SSLCACertificatePath /etc/httpd/ssl.crt
> SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
>
> SSLCARevocationPath /etc/httpd/ssl.crl
> #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
>
> SSLVerifyClient require
> SSLVerifyDepth 10
>
> #
> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> #
>
> #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
> Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
> 2.8.10 on a SuSE 8.1 box.
>
> Thanks,
> -Andrew
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

On Fri, 7 Mar 2003, A. Putnam wrote:

> The permissions for the server.crt file are rw-r--r-- but it still cannot find
> the Private Key.

which would be 644 rather then 400 as the first person responded.

>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key. They should be readable
> > only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam"
> > To:
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try to
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the key in
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring error in
> > here that I missed...
> >
> >
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth 10
> >
> > #
> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> >
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and Mod_SSL
> > 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
>
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

He lists the certificate, I'm speaking of the key.

Although this (URL) relates to unencypting (removing passphrase) of the key
(and ver 2.0) it is still relevant, and in some cases will prevent SSL (or
am I speaking of SSH?) the secure socket transport from properly
initializing. I know I've seen this other places in regards to apache, this
was just the first reference I could quickly find.

From http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html

Make sure the server.key file is now only readable by root:

$ chmod 400 server.key


----- Original Message -----
From: "R. DuFresne"
To: "A. Putnam"
Cc:
Sent: Thursday, March 06, 2003 3:23 PM
Subject: Re: private key not found


> On Fri, 7 Mar 2003, A. Putnam wrote:
>
> > The permissions for the server.crt file are rw-r--r-- but it still
cannot find
> > the Private Key.
>
> which would be 644 rather then 400 as the first person responded.
>
> >
> > On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > > Please check the permissions on your private key. They should be
readable
> > > only by owner (400)
> > >
> > > (knee-jerk first guess reaction)
> > >
> > > Best of luck
> > >
> > > ----- Original Message -----
> > > From: "A. Putnam"
> > > To:
> > > Sent: Friday, March 07, 2003 3:42 PM
> > > Subject: private key not found
> > >
> > >
> > > I'm trying to get mod_ssl to work on my server, but each time I try to
> > > restart
> > > apache with mod_ssl activated, it gives me this error:
> > >
> > > /etc/init.d/apache start returned 7 (Program is not running.)
> > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > > Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server matrix.pelathe.org:443 (RSA)
> > > Enter pass phrase:
> > > Apache:mod_ssl:Error: Private key not found.
> > > **Stopped
> > > stty: standard input: Inappropriate ioctl for device
> > > ..failed
> > >
> > > What I don't understand is how it can't find the Private key. The
> > > SSLCertificateKeyFile path in httpd.conf matches the location of the
key in
> > > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> > >
> > > I'm including the Virtual Host code (sans the explination text and a
> > > passkey).
> > > I'm very new to this so I won't be surprised if there is a glaring
error in
> > > here that I missed...
> > >
> > >
> > >
> > > DocumentRoot "/srv/www/htdocs"
> > > ServerName matrix.pelathe.org
> > > ServerAdmin tkitchen@pelathe.org
> > > ErrorLog /var/log/httpd/error_log
> > > TransferLog /var/log/httpd/access_log
> > >
> > > SSLEngine on
> > >
> > > SSLCipherSuite
> > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> > >
> > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> > >
> > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> > >
> > > #SSLCACertificatePath /etc/httpd/ssl.crt
> > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> > >
> > > SSLCARevocationPath /etc/httpd/ssl.crl
> > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> > >
> > > SSLVerifyClient require
> > > SSLVerifyDepth 10
> > >
> > > #
> > > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> > > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > > #
> > >
> > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
+StrictRequire
> > >
> > > SSLOptions +StdEnvVars
> > >
> > >
> > > SSLOptions +StdEnvVars
> > >
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > > nokeepalive ssl-unclean-shutdown \
> > > downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/httpd/ssl_request_log \
> > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > >
> > >
> > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
Mod_SSL
> > > 2.8.10 on a SuSE 8.1 box.
> > >
> > > Thanks,
> > > -Andrew
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org
> > >
> > >
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org
> >
> >
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

I'm not sure what you mean. I followed the mod_ssl faq to generate all th=
e=20
key/csr/crt files, then $./sign.sh the server.csr to make the server.crt.

/etc/httpd/ssl.key/server.key is the correct path and the file is there.=
I=20
finally managed to chmod it to 0400. (I got confused to what rw-r--r-- wa=
s=20
vs. r--------). However, the result was still the same.=20

I've since remade the keys, thinking that also might be a problem. Everyt=
hing=20
was running smoothly until I got to the final step, (using the $./sign.sh=
on=20
server.csr). It generated an error that I believe I also got the first ti=
me I=20
made the keys a couple weks ago (unfortunately I wasn't paying enough=20
attention):

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=3DUS/ST=3DKansas/L=3DLawrence/O=3DPelathe=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org
error 18 at 0 depth lookup:self signed certificate
/C=3DUS/ST=3DKansas/L=3DLawrence/O=3DPelathe=20
Center/CN=3Dwww.pelathe.org/Email=3Dtkitchen@pelathe.org
error 7 at 0 depth lookup:certificate signature failure

What is an 'error 18 at depth 0' and an 'error 7 at depth 0'? Would this =
be a=20
reason why my server cannot find the Private Key?

Thank you everyone for all of your help so far. I really do appreciate it=
I=20
know I must sound pretty foolish with these questions, so thanks. I'd bak=
e=20
you all a cake if I could.




On Thursday 06 March 2003 14:19, Ron Gedye wrote:
> How did you generate the CSR to get the cert? What key file did you us=
e
> for this?
>
> The cert (crt) file perms look ok, (444 would be better) but who owns i=
t?
>
> does this file exist?
> /etc/httpd/ssl.key/server.key (according to your conf)
>
> if so, the permissions should be
> -r-----
>
> This file should be owned by root (in most all cases) and not the webse=
rver
> account (nobody/apache).
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Friday, March 07, 2003 4:20 PM
> Subject: Re: private key not found
>
>
> The permissions for the server.crt file are rw-r--r-- but it still cann=
ot
> find
> the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key. They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam"
> > To:
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try t=
o
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the =
key
>
> in
>
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring er=
ror
>
> in
>
> > here that I missed...
> >
> >
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth 10
> >
> > #
> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > # and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > # and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20 )=
\
> > # or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequ=
ire
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> >
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > ____________________________________________________________ _________=
_
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.or=
g
> > User Support Mailing List modssl-users@modssl.or=
g
> > Automated List Manager majordomo@modssl.or=
g
> >
> >
> > ____________________________________________________________ _________=
_
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.or=
g
> > User Support Mailing List modssl-users@modssl.or=
g
> > Automated List Manager majordomo@modssl.or=
g

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

I'm not too sure what you mean when you ask if the domain was transferred=
.
What domain? All I know I did was that I generated the key/csr/crts and=20
self-signed the CA.

On Thursday 06 March 2003 14:03, Justin Williams wrote:
> was the domain moved over to your server, or did you generate key/csr/c=
rt?
>
> I'm having the same difficulty with one where the domain, cert and key =
were
> transferred; all my others work properly...
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Friday, March 07, 2003 5:20 PM
> Subject: Re: private key not found
>
>
> The permissions for the server.crt file are rw-r--r-- but it still cann=
ot
> find
> the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key. They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam"
> > To:
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try t=
o
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the =
key
>
> in
>
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring er=
ror
>
> in
>
> > here that I missed...
> >
> >
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth 10
> >
> > #
> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > # and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > # and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20 )=
\
> > # or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequ=
ire
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> >
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > ____________________________________________________________ _________=
_
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.or=
g
> > User Support Mailing List modssl-users@modssl.or=
g
> > Automated List Manager majordomo@modssl.or=
g
> >
> >
> > ____________________________________________________________ _________=
_
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.or=
g
> > User Support Mailing List modssl-users@modssl.or=
g
> > Automated List Manager majordomo@modssl.or=
g

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

I had a domain that was transferred to my server, and with it came the key
and crt files from the old server. That particular domain the SSL is
blowing up... More accurately, Apache refuses to start, with the same error
you get, when I try to enable the SSL for that domain...

----- Original Message -----
From: "A. Putnam"
To:
Sent: Saturday, March 08, 2003 4:48 PM
Subject: Re: private key not found


I'm not too sure what you mean when you ask if the domain was transferred.
What domain? All I know I did was that I generated the key/csr/crts and
self-signed the CA.

On Thursday 06 March 2003 14:03, Justin Williams wrote:
> was the domain moved over to your server, or did you generate key/csr/crt?
>
> I'm having the same difficulty with one where the domain, cert and key
were
> transferred; all my others work properly...
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Friday, March 07, 2003 5:20 PM
> Subject: Re: private key not found
>
>
> The permissions for the server.crt file are rw-r--r-- but it still cannot
> find
> the Private Key.
>
> On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > Please check the permissions on your private key. They should be
> > readable only by owner (400)
> >
> > (knee-jerk first guess reaction)
> >
> > Best of luck
> >
> > ----- Original Message -----
> > From: "A. Putnam"
> > To:
> > Sent: Friday, March 07, 2003 3:42 PM
> > Subject: private key not found
> >
> >
> > I'm trying to get mod_ssl to work on my server, but each time I try to
> > restart
> > apache with mod_ssl activated, it gives me this error:
> >
> > /etc/init.d/apache start returned 7 (Program is not running.)
> > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > Phrase Dialog)
> > Some of your private key files are encrypted for security reasons.
> > In order to read them you have to provide us with the pass phrases.
> >
> > Server matrix.pelathe.org:443 (RSA)
> > Enter pass phrase:
> > Apache:mod_ssl:Error: Private key not found.
> > **Stopped
> > stty: standard input: Inappropriate ioctl for device
> > ..failed
> >
> > What I don't understand is how it can't find the Private key. The
> > SSLCertificateKeyFile path in httpd.conf matches the location of the key
>
> in
>
> > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> >
> > I'm including the Virtual Host code (sans the explination text and a
> > passkey).
> > I'm very new to this so I won't be surprised if there is a glaring error
>
> in
>
> > here that I missed...
> >
> >
> >
> > DocumentRoot "/srv/www/htdocs"
> > ServerName matrix.pelathe.org
> > ServerAdmin tkitchen@pelathe.org
> > ErrorLog /var/log/httpd/error_log
> > TransferLog /var/log/httpd/access_log
> >
> > SSLEngine on
> >
> > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> >
> > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> >
> > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> >
> > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> >
> > #SSLCACertificatePath /etc/httpd/ssl.crt
> > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> >
> > SSLCARevocationPath /etc/httpd/ssl.crl
> > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> >
> > SSLVerifyClient require
> > SSLVerifyDepth 10
> >
> > #
> > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > #
> >
> > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SSLOptions +StdEnvVars
> >
> >
> > SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> > CustomLog /var/log/httpd/ssl_request_log \
> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> >
> >
> >
> > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> >
> > Thanks,
> > -Andrew
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

Oh, I see now. Well, it's nothing like that. Pelathe has had its domain s=
ince=20
'98. We've had a sever that died and had to transfer everything to a new=20
Linux box, but this is the first time we've ever tried to make a ssl serv=
er,=20
so I don't think that would make a difference.=20

It's really strange that the crt for your transferred domain won't work=20
though. Maybe there is some fundamental difference between the two server=
s=20
that would cause problems? Can you just make new keys for the domain inst=
ead?=20
Or is that not how it works?



On Friday 07 March 2003 13:38, Justin Williams wrote:
> I had a domain that was transferred to my server, and with it came the =
key
> and crt files from the old server. That particular domain the SSL is
> blowing up... More accurately, Apache refuses to start, with the same
> error you get, when I try to enable the SSL for that domain...
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Saturday, March 08, 2003 4:48 PM
> Subject: Re: private key not found
>
>
> I'm not too sure what you mean when you ask if the domain was transferr=
ed.
> What domain? All I know I did was that I generated the key/csr/crts and
> self-signed the CA.
>
> On Thursday 06 March 2003 14:03, Justin Williams wrote:
> > was the domain moved over to your server, or did you generate
> > key/csr/crt?
> >
> > I'm having the same difficulty with one where the domain, cert and ke=
y
>
> were
>
> > transferred; all my others work properly...
> >
> > ----- Original Message -----
> > From: "A. Putnam"
> > To:
> > Sent: Friday, March 07, 2003 5:20 PM
> > Subject: Re: private key not found
> >
> >
> > The permissions for the server.crt file are rw-r--r-- but it still ca=
nnot
> > find
> > the Private Key.
> >
> > On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > > Please check the permissions on your private key. They should be
> > > readable only by owner (400)
> > >
> > > (knee-jerk first guess reaction)
> > >
> > > Best of luck
> > >
> > > ----- Original Message -----
> > > From: "A. Putnam"
> > > To:
> > > Sent: Friday, March 07, 2003 3:42 PM
> > > Subject: private key not found
> > >
> > >
> > > I'm trying to get mod_ssl to work on my server, but each time I try=
to
> > > restart
> > > apache with mod_ssl activated, it gives me this error:
> > >
> > > /etc/init.d/apache start returned 7 (Program is not running.)
> > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pa=
ss
> > > Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server matrix.pelathe.org:443 (RSA)
> > > Enter pass phrase:
> > > Apache:mod_ssl:Error: Private key not found.
> > > **Stopped
> > > stty: standard input: Inappropriate ioctl for device
> > > ..failed
> > >
> > > What I don't understand is how it can't find the Private key. The
> > > SSLCertificateKeyFile path in httpd.conf matches the location of th=
e
> > > key
> >
> > in
> >
> > > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> > >
> > > I'm including the Virtual Host code (sans the explination text and =
a
> > > passkey).
> > > I'm very new to this so I won't be surprised if there is a glaring
> > > error
> >
> > in
> >
> > > here that I missed...
> > >
> > >
> > >
> > > DocumentRoot "/srv/www/htdocs"
> > > ServerName matrix.pelathe.org
> > > ServerAdmin tkitchen@pelathe.org
> > > ErrorLog /var/log/httpd/error_log
> > > TransferLog /var/log/httpd/access_log
> > >
> > > SSLEngine on
> > >
> > > SSLCipherSuite
> > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> > >
> > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> > >
> > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> > >
> > > #SSLCACertificatePath /etc/httpd/ssl.crt
> > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> > >
> > > SSLCARevocationPath /etc/httpd/ssl.crl
> > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> > >
> > > SSLVerifyClient require
> > > SSLVerifyDepth 10
> > >
> > > #
> > > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > > # and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
> > > # and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20 =
) \
> > > # or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
> > > #
> > >
> > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
> > > +StrictRequire
> > > SSLOptions +StdEnvVars
> > >
> > >
> > > SSLOptions +StdEnvVars
> > >
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > > nokeepalive ssl-unclean-shutdown \
> > > downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/httpd/ssl_request_log \
> > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > >
> > >
> > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> > >
> > > Thanks,
> > > -Andrew
> > > ____________________________________________________________ _______=
___
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.=
org
> > > User Support Mailing List modssl-users@modssl.=
org
> > > Automated List Manager majordomo@modssl.=
org
> > >
> > >
> > > ____________________________________________________________ _______=
___
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.=
org
> > > User Support Mailing List modssl-users@modssl.=
org
> > > Automated List Manager majordomo@modssl.=
org

--=20
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

don't think you can make a key from a crt... only works the other way
around... Tempted to do that, though...

----- Original Message -----
From: "A. Putnam"
To:
Sent: Saturday, March 08, 2003 6:01 PM
Subject: Re: private key not found


Oh, I see now. Well, it's nothing like that. Pelathe has had its domain
since
'98. We've had a sever that died and had to transfer everything to a new
Linux box, but this is the first time we've ever tried to make a ssl server,
so I don't think that would make a difference.

It's really strange that the crt for your transferred domain won't work
though. Maybe there is some fundamental difference between the two servers
that would cause problems? Can you just make new keys for the domain
instead?
Or is that not how it works?



On Friday 07 March 2003 13:38, Justin Williams wrote:
> I had a domain that was transferred to my server, and with it came the key
> and crt files from the old server. That particular domain the SSL is
> blowing up... More accurately, Apache refuses to start, with the same
> error you get, when I try to enable the SSL for that domain...
>
> ----- Original Message -----
> From: "A. Putnam"
> To:
> Sent: Saturday, March 08, 2003 4:48 PM
> Subject: Re: private key not found
>
>
> I'm not too sure what you mean when you ask if the domain was transferred.
> What domain? All I know I did was that I generated the key/csr/crts and
> self-signed the CA.
>
> On Thursday 06 March 2003 14:03, Justin Williams wrote:
> > was the domain moved over to your server, or did you generate
> > key/csr/crt?
> >
> > I'm having the same difficulty with one where the domain, cert and key
>
> were
>
> > transferred; all my others work properly...
> >
> > ----- Original Message -----
> > From: "A. Putnam"
> > To:
> > Sent: Friday, March 07, 2003 5:20 PM
> > Subject: Re: private key not found
> >
> >
> > The permissions for the server.crt file are rw-r--r-- but it still
cannot
> > find
> > the Private Key.
> >
> > On Thursday 06 March 2003 13:36, Ron Gedye wrote:
> > > Please check the permissions on your private key. They should be
> > > readable only by owner (400)
> > >
> > > (knee-jerk first guess reaction)
> > >
> > > Best of luck
> > >
> > > ----- Original Message -----
> > > From: "A. Putnam"
> > > To:
> > > Sent: Friday, March 07, 2003 3:42 PM
> > > Subject: private key not found
> > >
> > >
> > > I'm trying to get mod_ssl to work on my server, but each time I try to
> > > restart
> > > apache with mod_ssl activated, it gives me this error:
> > >
> > > /etc/init.d/apache start returned 7 (Program is not running.)
> > > Starting httpd [ Mailman PHP4 SSL ]Apache/1.3.26 mod_ssl/2.8.10 (Pass
> > > Phrase Dialog)
> > > Some of your private key files are encrypted for security reasons.
> > > In order to read them you have to provide us with the pass phrases.
> > >
> > > Server matrix.pelathe.org:443 (RSA)
> > > Enter pass phrase:
> > > Apache:mod_ssl:Error: Private key not found.
> > > **Stopped
> > > stty: standard input: Inappropriate ioctl for device
> > > ..failed
> > >
> > > What I don't understand is how it can't find the Private key. The
> > > SSLCertificateKeyFile path in httpd.conf matches the location of the
> > > key
> >
> > in
> >
> > > my directory. Isn't the SSLCertificateKeyFile the Private Key path?
> > >
> > > I'm including the Virtual Host code (sans the explination text and a
> > > passkey).
> > > I'm very new to this so I won't be surprised if there is a glaring
> > > error
> >
> > in
> >
> > > here that I missed...
> > >
> > >
> > >
> > > DocumentRoot "/srv/www/htdocs"
> > > ServerName matrix.pelathe.org
> > > ServerAdmin tkitchen@pelathe.org
> > > ErrorLog /var/log/httpd/error_log
> > > TransferLog /var/log/httpd/access_log
> > >
> > > SSLEngine on
> > >
> > > SSLCipherSuite
> > > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
> > >
> > > SSLCertificateFile /etc/httpd/ssl.crt/server.crt
> > > #SSLCertificateFile /etc/httpd/ssl.crt/server-dsa.crt
> > >
> > > SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
> > > #SSLCertificateKeyFile /etc/httpd/ssl.key/server-dsa.key
> > >
> > > SSLCertificateChainFile /etc/httpd/ssl.crt/ca.crt
> > >
> > > #SSLCACertificatePath /etc/httpd/ssl.crt
> > > SSLCACertificateFile /etc/httpd/ssl.crt/ca-bundle.crt
> > >
> > > SSLCARevocationPath /etc/httpd/ssl.crl
> > > #SSLCARevocationFile /etc/httpd/ssl.crl/ca-bundle.crl
> > >
> > > SSLVerifyClient require
> > > SSLVerifyDepth 10
> > >
> > > #
> > > #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
> > > # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
> > > # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
> > > # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
> > > # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
> > > # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
> > > #
> > >
> > > #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
> > > +StrictRequire
> > > SSLOptions +StdEnvVars
> > >
> > >
> > > SSLOptions +StdEnvVars
> > >
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" \
> > > nokeepalive ssl-unclean-shutdown \
> > > downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/httpd/ssl_request_log \
> > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > >
> > >
> > >
> > > Any help would be greatly appreciated. I'm using Apache 1.3.26 and
> > > Mod_SSL 2.8.10 on a SuSE 8.1 box.
> > >
> > > Thanks,
> > > -Andrew
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org
> > >
> > >
> > > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > > User Support Mailing List modssl-users@modssl.org
> > > Automated List Manager majordomo@modssl.org

--
A. Putnam
Assistant IT Administrator
Pelathe Community Resource Center


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

On Fri, 7 Mar 2003, Justin Williams wrote:

> don't think you can make a key from a crt... only works the other way
> around... Tempted to do that, though...

You're right, it doesn't work the other way around. otherwise SSL would be
worthless...

It seems to me that your keys might be corrupted, my guess is that the
other server was a windows box and this one is unix (or the other way
around, but I doubt it), so you have all the end of lines messed up (with
a bunch of ^M at the end of each line or similar).

Carlos

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: private key not found

oh goody... LOL

The CA tells me it was on an Apache server, and the owner tells me it was on
a *nix system, but, with them downloading the file and tinkering, maybe
something got tinkered the wrong way...

----- Original Message -----
From: "Carlos Villegas"
To:
Sent: Friday, March 07, 2003 4:57 PM
Subject: Re: private key not found


>
> On Fri, 7 Mar 2003, Justin Williams wrote:
>
> > don't think you can make a key from a crt... only works the other way
> > around... Tempted to do that, though...
>
> You're right, it doesn't work the other way around. otherwise SSL would be
> worthless...
>
> It seems to me that your keys might be corrupted, my guess is that the
> other server was a windows box and this one is unix (or the other way
> around, but I doubt it), so you have all the end of lines messed up (with
> a bunch of ^M at the end of each line or similar).
>
> Carlos
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org