Apache with SSL does not work with CA certificate!

Problems with the Linux version of XAMPP, questions, comments, and anything related.

Apache with SSL does not work with CA certificate!

Postby Emad » 22. December 2005 01:22

Hello there,

I wonder if anyone can help in this instance. I have installed XAMPP and it works very good, when we obtained or digital certificate from the CA and placed both the certificate file and the private key in ssl.crt and ssl.key and changed on ssl.conf and httpd.conf as well.
When I run lampp start
it prints out:
Starting XAMPP for Linux 1.5.0
Starting Apache with SSL (and PHP5)...


and it keeps like this forever, niether there is an error message nor correct starting.
If I try to go to http://mydomain.com, it does serve the pages, while if I try https://mydomain.com it gives file not found error. Again if I point to the default files server.crt and server.key it works fine for both http and https.

I have checked error_log file and here is the error log

[Thu Dec 22 00:30:00 2005] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Thu Dec 22 00:30:00 2005] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Thu Dec 22 00:30:00 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Dec 22 00:30:00 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Thu Dec 22 00:30:00 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

It seems like there is error related to the pass phrase but what is it or how can I solve it, I have no idea.

Please if you faced this before or if you have any idea let me know. Any help will be much appreciated.

Thank you.
Emad
User avatar
Emad
 
Posts: 3
Joined: 22. December 2005 01:00

Postby Wiedmann » 22. December 2005 01:47

Code: Select all
[Thu Dec 22 00:30:00 2005] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]

It seems like there is error related to the pass phrase but what is it or how can I solve it, I have no idea.

Normaly you must type in the pass phrase during the server start. But I think there is a problem in XAMPP and you can't do this with the XAMPP startscript (?).

2 resolutions:
- Remove the pass phrase from your private key.
- Or use an alternate SSLPassPhraseDialog. (This can be a simple shellscript which output (echo) the pass phrase to stdout)
Wiedmann
AF Moderator
 
Posts: 17102
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany

Postby Emad » 22. December 2005 02:41

Wiedmann,

Thank you very much for your reply, I removed the pass phrase from the private key and it works fine now. Do you think there is any risk of having the private key without pass phrase??

I hope XAMPP team whould consider this problem to be solved in the start file.

Thank you again for your help.

Emad
User avatar
Emad
 
Posts: 3
Joined: 22. December 2005 01:00

Shell script didn't work

Postby Emad » 22. December 2005 16:35

Hi,

I have tried the second solution by wrting sheel scrit which simply echo the pass phrase .. and I modified ssl.conf to be:

SSLPassPhraseDialog exec:/usr/local/apache/sbin/myscript

instead of the default value: SSLPassPhraseDialog builtin

When I try to runn XAMPP it gives error message :

Error 1! Couldn't start apache!
Starting diagnose...
Sorry, I have no idea what's going wrong.


The error log says :

[Thu Dec 22 15:21:27 2005] [error] Init: Pass phrase incorrect
[Thu Dec 22 15:21:27 2005] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Thu Dec 22 15:21:27 2005] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Dec 22 15:21:27 2005] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Thu Dec 22 15:21:27 2005] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

While I am sure that the pass phrase is correct .. Any idea?

Thanks,
Emad
User avatar
Emad
 
Posts: 3
Joined: 22. December 2005 01:00

Removing Passphrase

Postby jbeck59 » 26. October 2007 04:13

Hi,

I don't know if this would be helpful, but you can use OpenSSL to remove a pass phrase from a digital certificate. There are instructions here that explain the procedure. It looks very simple.

Hope that helps.

-Jeff
jbeck59
 
Posts: 1
Joined: 26. October 2007 04:07


Return to XAMPP for Linux

Who is online

Users browsing this forum: No registered users and 52 guests