New password protected certificates & conf reload

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Let's assume a configuration with several HTTPS VirtualHosts.
Each one has its own certificate with its own password protected key.
All keys use the same password to simplify Apache start with "SSLPassPhraseDialog builtin".
Yes goal is to avoid storing the password on the server itself (or any command... which would return the password).

In the life of this server, new VirtualHosts are added, manually, or automatically by the production process.
Then the Apache configuration is reloaded, manually or automatically.
However, when the new VirtualHost uses a certificate with a password protected key, even if it uses the same password as the others, Apache crashes reloading the configuration with the following :

[Mon Jun 13 08:01:39.411230 2016] [ssl:error] [pid 90795] AH02578: Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Mon Jun 13 08:01:39.411260 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jun 13 08:01:39.411277 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Jun 13 08:01:39.411290 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jun 13 08:01:39.411303 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Mon Jun 13 08:01:39.411319 2016] [ssl:error] [pid 90795] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Jun 13 08:01:39.411331 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Jun 13 08:01:39.411344 2016] [ssl:error] [pid 90795] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Mon Jun 13 08:01:39.411355 2016] [ssl:emerg] [pid 90795] AH02312: Fatal error initialising mod_ssl, exiting.
[Mon Jun 13 08:01:39.411363 2016] [ssl:emerg] [pid 90795] AH02564: Failed to configure encrypted (?) private key my.server.com:443:0, check /home/server/my.server.com.key
[Mon Jun 13 08:01:39.411372 2016] [:emerg] [pid 90795] AH00020: Configuration Failed, exiting

I think this is because at the time of the reload, Apache has already intentionally forgotten the password.
Am I right ?

Is there any way to make this work as I am expecting ?

Thank you very much !

Best regards,

Ben


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux