Thanks Bill,I will be running Bill Jones' suggestion first in the a.m. around 4:00 a.m. We'll see where I go from there. I will post the results as soon as I know. Given the project this effort is designed for, security concerns are going to get more, not less important, but I will just have to deal with that when I get there.
Thanks very much, Rex At 10:35 PM -0500 5/15/06, William A. Rowe, Jr. wrote:
Rex Brooks wrote:I have Apache2 in RHEL4, so I am assuming that the SSL Sections you refer to are in ssl.conf which is loaded as a DSO.I understand that httpd must be able to read the crt/pem file.I did specify a pass phrase when I created the key/crt. However, I do not get a request asking me to supply the pass phrase when I enter: service httpd start. I just get the same FAILED notice with the same error in the error_log.If it is in fact 'tripping' over the passphrase, and stdin/stdout aren't providing access to the console from 'service httpd start' in redhat, you might want to look at the SSLPassphraseDialog applet. One option is to pass a pipe:/path/to/binary that can invoke a pipe program which queries all of the passphrases. I wrote support/win32/wintty.c to create a console window on the fly for such a dialog, letting the service speak with the user at the console. Obviously, it's win32 specific. But I can't imagine it would be impossible to create a similar tty piped window applet on Unix, if someone is up to the challenge. There are simpler SSLPassphraseDialog alternatives, see... http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslpassphrasedialog (I just noticed the pipe:/path/to/pipe is undocumented; whoops!) Bill Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- Rex Brooks President, CEO Starbourne Communications Design GeoAddress: 1361-A Addison Berkeley, CA 94702 Tel: 510-849-2309 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|