Just a slight note, there was a typo on the modssl.org page which got transferred:
openssl rsa -in server.key.org -out server.key should be: openssl rsa -in server.key.orig -out server.keyalso the chmod 0400 should be chmod 400, but neither of those impacted the results: The passphrase was removed but httpd still failed to start.
We KNOW mod_ssl is at fault here, since, beyond the error message, httpd starts when mod_ssl is removed. We also know that when it is removed the VirtualHosts won't accept connections. AND, it appears that the PassPhrase is not responsible. (Note, I said, appears, since I am wondering if I actually need to be logged in as my user and then become root, instead of being logged in as root, which I have been?)
Regardless, there ought to be a process of elimination which will isolate the culprit in here somewhere.
Unfortunately, SSL is not optional. Thanks, Rex
On 5/15/06, Rex Brooks <rexb@xxxxxxxxxxxxxx> wrote:I did specify a pass phrase when I created the key/crt. However, I do not get a request asking me to supply the pass phrase when I enter: service httpd start. I just get the same FAILED notice with the same error in the error_log.You likely wont get a request if you use "service httpd start" -- we will try to resolve this step by step; please read all this mess before attempting any of it. First off before we start please back up everything and place the back up in a safe place; you probably should back it up twice to be safe. :-) Next, before you install my version of your ssl.conf please try this command sequence first: ( Found at: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC30 ) # become root su - # cd to the dircectory where the server key file is and execute cp server.key server.key.PW_BackUp cp server.key server.key.orig # Remove the passphase from the server key openssl rsa -in server.key.org -out server.key # Make sure the server.key file is now only readable by root: chown root:root server.key && chmod 0400 server.key # NOTE - # Make sure you subsitute your file names for the above "server key" # Lastly -- try to start the server service httpd start # various commands to see if its really running - lsof |grep -i tcp |grep -i http netstat -plan |grep 80 tcpdump port 80 If that works then we know that you canot start apache using "service" -- you'll either have to not use a passphrase (which is upto company security policy) or always start the "/etc/init.d/httpd restart" by hand -- so it will prompt you for the passphrase. If the above does not work you are welcome to try out my version of the ssl.conf -- please make two backups of your original first. But I feel strongly that the above passphrase issue is partially, if not completely, at fault. HTH/Sx -- WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/ Content-Type: application/octet-stream; name="ssl.conf" Content-Disposition: attachment; filename="ssl.conf" X-Attachment-Id: f_en9mb1oz Attachment converted: Macintosh HD:ssl 1.conf ( / ) (00130C8B) --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- Rex Brooks President, CEO Starbourne Communications Design GeoAddress: 1361-A Addison Berkeley, CA 94702 Tel: 510-849-2309 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|