FW: mod ssl freezes when booting up

FW: mod ssl freezes when booting up

am 21.04.2004 13:42:47 von Boyle Owen

> -----Original Message-----
> From: C G [mailto:csgcsg39@hotmail.com]

Please don't alter the mail header. Keep the messages on-list.

>
> Yes the key the is encrypted. When I start apache as root and
> log on, it
> asks me for a pass phrase. But when apache tries to start at
> boot-up it just
> hangs, no pass-phrase.

This is the problem. Apache is waiting for the passphrase but who is it
supposed to ask? Check out
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC26

Personally, I think there is no point in encrypting the certificate. The
"reason" you do it is to prevent anyone using your cert if they steal it
(so they cannot masquerade your site). However, if you have such an
insecure machine that there is a risk someone can copy a file which is
readable only by root, then you have no business running SSL on it.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

>
> > > Looking at the error log I get the messages:
> > > [Tue Apr 20 13:58:06 2004] [error] mod_ssl: Init: Private key
> > > not found
> >
> >This isn't good. What do you have for SSLCertificateKeyFile? Does the
> >path exist? Is it readable?
> Yes is there, and yes it is readable. I presume that apache
> will start up as
> root. So that shouldn't be the problem.
>
> Someone else suggested that that I make apache boot-up last.
> I changed
> S90apache to S99apache. It didn't work.
>
> Another suggestion was to try $PATH and $LD_LIBRARY_PATH. I
> don't think this
> is the problem as everything is Debian, and I haven't put
> anything in funny
> positions.
>
> Are there any other suggestions?
>
> Thanks for the help
>
> Colin
>
> ____________________________________________________________ _____
> Find a cheaper internet access deal - choose one to suit you.
> http://www.msn.co.uk/internetaccess
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org