mod ssl freezes when booting up

Dear All,

If I restart my computer, the screen always freezes at 'starting up apache'
and I have to remote log on and kill apache for the machine to boot.

Looking at the error log I get the messages:
[Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key not found
(OpenSSL library error follows)
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D094068:asn1 encoding
routines:d2i_ASN1_SET:bad tag
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D09A00D:asn1 encoding
routines:d2i_PrivateKey:ASN1 lib

However, what I don't understand is that I once logged in I can start apache
up with no more errors, i.e.
apachectl configtest
apachectl start [Asks for password here]
there are no more errors in the logs either.

Any ideas?

Thanks

Colin

Versions:
libapache-mod-ssl 2.8.16-7
apache 1.3.29

Under Debian testing

____________________________________________________________ _____
Express yourself with cool emoticons - download MSN Messenger today!
http://www.msn.co.uk/messenger

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod ssl freezes when booting up

Assuming that the box boots apache and you hand-start it both as root,
check variables like $PATH and $LD_LIBRARY_PATH, as well as the permissions
of the files containing your private key.


On Tue, Apr 20, 2004 at 01:39:59PM +0000, C G wrote:
> Dear All,
>
> If I restart my computer, the screen always freezes at 'starting up apache'
> and I have to remote log on and kill apache for the machine to boot.
>
> Looking at the error log I get the messages:
> [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key not found
> (OpenSSL library error follows)
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D094068:asn1 encoding
> routines:d2i_ASN1_SET:bad tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D07803A:asn1 encoding
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL: error:0D09A00D:asn1 encoding
> routines:d2i_PrivateKey:ASN1 lib
>
> However, what I don't understand is that I once logged in I can start
> apache up with no more errors, i.e.
> apachectl configtest
> apachectl start [Asks for password here]
> there are no more errors in the logs either.
>
> Any ideas?
>
> Thanks
>
> Colin
>
> Versions:
> libapache-mod-ssl 2.8.16-7
> apache 1.3.29
>
> Under Debian testing
>
> ____________________________________________________________ _____
> Express yourself with cool emoticons - download MSN Messenger today!
> http://www.msn.co.uk/messenger
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

--
Michael Alberghini
Software Systems Engineer
Georgia State University
mike@gsu.edu
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: mod ssl freezes when booting up

> -----Original Message-----
> From: C G [mailto:csgcsg39@hotmail.com]
>=20
> If I restart my computer, the screen always freezes at=20
> 'starting up apache'=20
> and I have to remote log on and kill apache for the machine to boot.

Is the private key encrypted? If it is, it will prompt for a passphrase
at start-up and wait until it gets one. But read on...

>=20
> Looking at the error log I get the messages:
> [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key=20
> not found=20

This isn't good. What do you have for SSLCertificateKeyFile? Does the
path exist? Is it readable?

Rgds,
Owen Boyle

Disclaimer: Any disclaimer attached to this message may be ignored.=20
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.


> (OpenSSL library error follows)
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D094068:asn1 encoding=20
> routines:d2i_ASN1_SET:bad tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D0680A8:asn1 encoding=20
> routines:ASN1_CHECK_TLEN:wrong tag
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D07803A:asn1 encoding=20
> routines:ASN1_ITEM_EX_D2I:nested asn1 error
> [Tue Apr 20 13:58:06 2004] [error] OpenSSL:=20
> error:0D09A00D:asn1 encoding=20
> routines:d2i_PrivateKey:ASN1 lib
>=20
> However, what I don't understand is that I once logged in I=20
> can start apache=20
> up with no more errors, i.e.
> apachectl configtest
> apachectl start [Asks for password here]
> there are no more errors in the logs either.
>=20
> Any ideas?
>=20
> Thanks
>=20
> Colin
>=20
> Versions:
> libapache-mod-ssl 2.8.16-7
> apache 1.3.29
>=20
> Under Debian testing
>=20
> ____________________________________________________________ _____
> Express yourself with cool emoticons - download MSN Messenger today!=20
> http://www.msn.co.uk/messenger
>=20
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: mod ssl freezes when booting up

> >
> > If I restart my computer, the screen always freezes at
> > 'starting up apache'
> > and I have to remote log on and kill apache for the machine to boot.
>
>Is the private key encrypted? If it is, it will prompt for a passphrase
>at start-up and wait until it gets one. But read on...
Yes the key the is encrypted. When I start apache as root and log on, it
asks me for a pass phrase. But when apache tries to start at boot-up it just
hangs, no pass-phrase.

> > Looking at the error log I get the messages:
> > [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key
> > not found
>
>This isn't good. What do you have for SSLCertificateKeyFile? Does the
>path exist? Is it readable?
Yes is there, and yes it is readable. I presume that apache will start up as
root. So that shouldn't be the problem.

Someone else suggested that that I make apache boot-up last. I changed
S90apache to S99apache. It didn't work.

Another suggestion was to try $PATH and $LD_LIBRARY_PATH. I don't think this
is the problem as everything is Debian, and I haven't put anything in funny
positions.

Are there any other suggestions?

Thanks for the help

Colin

____________________________________________________________ _____
Find a cheaper internet access deal - choose one to suit you.
http://www.msn.co.uk/internetaccess

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: mod ssl freezes when booting up

Hi,

You need to set apache up not to ask for a password.

look at ...

SSLPassPhraseDialog
exec:/usr/local/apache/bin/printkey.pl

where printkey.pl could be ...

#!/usr/bin/perl -w

my $passwords = {
'x.com' => 'pass1',
'y.com' => 'pass2'
};

my $server = (split(/:/, $ARGV[0]))[0];

print "$passwords->{$server}\n";

Regards
Matt

--- C G wrote:
>
> > >
> > > If I restart my computer, the screen always
> freezes at
> > > 'starting up apache'
> > > and I have to remote log on and kill apache for
> the machine to boot.
> >
> >Is the private key encrypted? If it is, it will
> prompt for a passphrase
> >at start-up and wait until it gets one. But read
> on...
> Yes the key the is encrypted. When I start apache as
> root and log on, it
> asks me for a pass phrase. But when apache tries to
> start at boot-up it just
> hangs, no pass-phrase.
>
> > > Looking at the error log I get the messages:
> > > [Tue Apr 20 13:58:06 2004] [error] mod_ssl:
> Init: Private key
> > > not found
> >
> >This isn't good. What do you have for
> SSLCertificateKeyFile? Does the
> >path exist? Is it readable?
> Yes is there, and yes it is readable. I presume that
> apache will start up as
> root. So that shouldn't be the problem.
>
> Someone else suggested that that I make apache
> boot-up last. I changed
> S90apache to S99apache. It didn't work.
>
> Another suggestion was to try $PATH and
> $LD_LIBRARY_PATH. I don't think this
> is the problem as everything is Debian, and I
> haven't put anything in funny
> positions.
>
> Are there any other suggestions?
>
> Thanks for the help
>
> Colin
>
>
____________________________________________________________ _____
> Find a cheaper internet access deal - choose one to
> suit you.
> http://www.msn.co.uk/internetaccess
>
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users@modssl.org
> Automated List Manager
majordomo@modssl.org





__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org