Graceful Restart fails because of SSL Keys with Passphrase?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have apache servers with SSL keys which require pass-phrases.
Until recently (maybe a year ago), if I restarted apache gracefully, it kept the old passwords and didn't ask for new ones.

But now, it complains and doesn't restart.  And this doesn't happen all the time either.  Sometimes graceful works fine, other times it fails, even though nothing in the config or the keys has changed.

On one server that only has 1 key, the key is 2048 bits, and is for a wildcard domain.  Not sure if that's relevant or not.

The error message I get is like this:

[Sun Feb 10 06:25:05 2013] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sun Feb 10 06:25:05 2013] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

Any ideas?  Leads?

I've seen people recommending removing the passphrase or using SSLPassPhraseDialog.  But I'd prefer to use pass-phrases and graceful restart if possible.

Thanks for your help,
Shahriar Aghajani.



Apache version:

Server version: Apache/2.2.16 (Debian)
Server built:   Nov 30 2012 08:58:36

Package info:

Package: apache2-mpm-prefork
Version: 2.2.16-6+squeeze10
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux