Hi, I have apache servers with SSL keys which require pass-phrases. Until recently (maybe a year ago), if I restarted apache gracefully, it kept the old passwords and didn't ask for new ones. But now, it complains and doesn't restart. And this doesn't happen all the time either. Sometimes graceful works fine, other times it fails, even though nothing in the config or the keys has changed. On one server that only has 1 key, the key is 2048 bits, and is for a wildcard domain. Not sure if that's relevant or not. The error message I get is like this: [Sun Feb 10 06:25:05 2013] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?] [Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib Any ideas? Leads? I've seen people recommending removing the passphrase or using SSLPassPhraseDialog. But I'd prefer to use pass-phrases and graceful restart if possible. Thanks for your help, Shahriar Aghajani. Apache version: Server version: Apache/2.2.16 (Debian) Server built: Nov 30 2012 08:58:36 Package info: Package: apache2-mpm-prefork Version: 2.2.16-6+squeeze10 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|