Re: Apache HTTPD 2.2.6 + mod_ssl 2.2.6 -- odd error...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

J.Lance Wilkinson wrote:

Sander Temme wrote:

On Nov 30, 2010, at 8:37 PM, J.Lance Wilkinson wrote:
But my httpd log files present an unexpected error each and every time a browser visits an SSL encrypted page (2 examples cited): 

So there is no discernible negative impact on the client?


    Correct.   At the moment, the only negative impact is the considerably
    larger error log files being generated.

    Furthermore, watching the error log with tail -f, I can say that the
    errors are NOT being thrown EVERY time a browser visits an SSL
    encrypted page.



User interface error unable to load Private Key 22439:error:0906A068:PEM
routines:PEM_do_header:bad password read:/on10/build-nd/G10U10B0B/usr/src/common/openssl/crypto/pem/pem_lib.c:401: 

	In hindsight, the fact these messages were not prefixed by typical
	Apache error log tokens like like [timestamp] [severity] [client]
	should have been the tipoff here.

	These errors are being thrown not by Apache, mod_ssl or mod_cosign.
	That explains why they don't appear at server startup, and normal
	client activity doesn't seem to be affected.

	The errors are being thrown by explicit executions of the OPENSSL
	utility from within PHP scripts on the application that was used to
	test out the new certificates -- an application used to, ironically,
	MANAGE SSL CERTIFICATES.  The output from backtick'd calls to the
	OPENSSL utility was being output to syserr which of course PHP (using
	mod_php5) was shunting to the Apache error log for lack of a better
	place to put it.

	Should be safe to proceed with the other applications of these new
	certificates that are so critical today.

	Thanks for everybody's patience and indulgence -- clearly this should
	never have been posted here, but I was desperate.

--
J.Lance Wilkinson ("Lance")		InterNet: Lance.Wilkinson@xxxxxxx
Systems Design Specialist - Lead	Phone: (814) 865-4870
Digital Library Technologies		FAX:   (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux