Apache SSL error: Private key not found


 
Thread Tools Search this Thread
Operating Systems Linux Apache SSL error: Private key not found
# 1  
Old 09-19-2017
Apache SSL error: Private key not found

I have been given a test server (CentOS 6.6), as part of a job interview-with breaks in the system and to fix them. One of them was getting httpd to work.

This was the initial error I faced whenever I attempted to start httpd

Code:
root@ip-10-138-115-106 html]# service httpd start
Starting httpd: Warning: DocumentRoot [/var/www/html/talent-test] does not exist
                                                           [FAILED]

I then set the selinux mode to permissive

Code:
[root@ip-10-138-115-106 html]# getenforce
Permissive

And now the new error simply shows httpd failed to start

Code:
[root@ip-10-138-115-106 html]# service httpd start
Starting httpd:                                            [FAILED]

These are the Selinux logs, its no longer warning, but just notices

Code:
[root@ip-10-138-115-106 httpd]# tail -f error_log
[Tue Sep 19 13:27:05 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:27:05 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:30:15 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:30:15 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:42:49 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:42:49 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:47:13 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:47:13 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:53:22 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:53:22 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

However, the access_log has these same errors repeating

Code:
[root@ip-10-138-115-106 httpd]# more talent-test-error_log-20170919
[Tue Sep 19 06:10:40 2017] [error] Init: Private key not found
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

1. I checked both the SSL certificate and private key files with notepad, and there are no gaps/space in between the lines at all.

Code:
[root@ip-10-138-115-106 conf]# cat  /etc/pki/tls/certs/talent-test.crt
-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIBADANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJ
...
-----END CERTIFICATE-----

[root@ip-10-138-115-106 conf]# cat /etc/pki/tls/private/talent-test.key
-----BEGIN RSA PRIVATE KEY-----
HIIEpAIBAAKCAQEAxRupoHwZGT4smskhfQrpwejxfV1KCe9R/Llm7ks85otEI3n
...
-----END RSA PRIVATE KEY-----


This is the config file for the virtual host

Code:
[root@ip-10-138-115-106 conf.d]# more talent-test.conf
<VirtualHost *:443>
    ServerAdmin XXX
    DocumentRoot /var/www/html/talent-test
    ServerName XXX

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/pki/tls/certs/talent-test.crt
    SSLCertificateKeyFile /etc/pki/tls/private/talent-test.key


    ErrorLog logs/talent-test-error_log
    CustomLog logs/talent-test-access_log common
</VirtualHost>

Honestly I don't know what to do now, is something wrong with the private key that I have failed to notice? Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Linux

Apache wildcard ssl on subdomain serves same page for non ssl virtualhosts

Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website! please advise if I missed any concept / configs... Thank you! httpd.conf <VirtualHost *:80> ServerName www.my-site.com ServerAdmin... (0 Replies)
Discussion started by: ashokvpp
0 Replies

2. UNIX for Advanced & Expert Users

Private and public key encryption

Hi, we have private and public key, encrypt file using public and want to decrypt using private key. can you please advise below commands are correct or other remedy if unix have? encrypt -a arcfour -k publickey.asc -i TESTFILE.csv -o TESTFILE00.csv decrypt -a arcfour -k privatekey.asc... (2 Replies)
Discussion started by: rizwan.shaukat
2 Replies

3. Shell Programming and Scripting

Private Key

I have two types of files pubring.pkr secring.skr secring.skr is encrypted and not able to read. How can i read secring.skr in text format after decrypting ? is there any way of decrypting this file? Unix HP - UX Version. (4 Replies)
Discussion started by: airesh
4 Replies

4. UNIX for Dummies Questions & Answers

Secure private key

Hello all, We have unix environment and we would like to use ssh public and private key to move between server using ssh. I do know how to test this and have it up and running on some sandbox...but my question is how would one secure the PRIVATE KEY....we are not using a passphrase...and i know... (1 Reply)
Discussion started by: abdul.irfan2
1 Replies

5. UNIX for Dummies Questions & Answers

Extracting a Private key from a keystore?

Hi everyone! I know you can extract public keys from a keystore using the keytool command. But what is the process to extract a private key from a jks keystore and import into another jks keystore using keytool? Any guidance would be greatly appreciated! I can't seem to find anything, I do... (0 Replies)
Discussion started by: Keepcase
0 Replies

6. Web Development

Apache, cgi script run twice when ssl, once when not ssl

I have interesting problem. https:/host/some/x.cgi - this script has run twice when I call this url But http:/host/some/x.cgi work fine, only once. Output is text/plain. If I change output format to the Content-type text/html, then both urls works fine - executed only once. (2 Replies)
Discussion started by: kshji
2 Replies

7. Web Development

Apache:mod_ssl:Error: Private key not found

hi folks, I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga). I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error: # /etc/init.d/httpd start Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) Some of your... (0 Replies)
Discussion started by: nemotech
0 Replies

8. UNIX for Dummies Questions & Answers

SSL Public key/Private question

Hi everyone, I have a quick/newb question: I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys?? Does the Web Server hold both? Does the Web Server have the public key and does the client have the private key? ... (3 Replies)
Discussion started by: tical00
3 Replies

9. Solaris

SSL key Apache

We are running Apache 1.3 on solaris 8 we have renewed our ssl key with verisign. They have confirmed renewel and new ssl certifcate is appended to the end of the email. out apache config file has two directives SSLCertificateFile /export/home/apache/conf/ssl.crt/xxxx.crt SSLCertificationKeyFile... (2 Replies)
Discussion started by: Tirmazi
2 Replies

10. HP-UX

SSL key give coredump error!!

Hi there, After setup my apache server, I have using mkcert.sh file to generate a SSL key. But when I tried to start my apache server it is prompted me to enter the pass phrase password, in fact I had entered the same correct password which I provided during the key generation and it give me the... (0 Replies)
Discussion started by: e_jeffhang
0 Replies
Login or Register to Ask a Question