| Author |
|
anandamj
Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA
|
 Posted: Sun 26 Jun '16 20:04 Post subject: Apache server 2.4 and SSL Module unable to load certificate |
 |
|
Hello Friends!
I am unable to load the SSL certificate and key and working with them for a week. I am attaching the error log. Can anyone help me to resolve this issue?
I am running my server on:
Windows 7 64 bit
Your help is greatly appreciated! Thanks.
This is my error log:
Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/KeysSecured/mykey.key)
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] AH02564: Failed to configure encrypted (?) private key www.mysite.com:443:0, check C:/KeysSecured/mykey.key
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO) |
|
| Back to top |
|
mraddi
Joined: 27 Jun 2016
Posts: 152
Location: Schömberg, Baden-Württemberg, Germany
|
|
| Back to top |
|
anandamj
Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA
|
| Posted: Mon 27 Jun '16 22:00 Post subject: |
|
|
Mathias, thanks for your response.
My private key is not password-protected. I don't know, if there is any other glitch.
Thanks again for your help.
Jacob |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 28 Jun '16 11:40 Post subject: |
|
|
make a backup from your keyfile and run
| Code: |
openssl rsa -in mykey.key -out mykey.key
|
However the 0D0680A8:asn1 error says that the key is not valid.
does your key look like the following?
| Code: |
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDSj5qSKJEaWK6p
...
N5GKMN0oqD/ozqTgPjkfAFPqnMWe5A==
-----END PRIVATE KEY-----
|
|
|
| Back to top |
|
mraddi
Joined: 27 Jun 2016
Posts: 152
Location: Schömberg, Baden-Württemberg, Germany
|
| Posted: Tue 28 Jun '16 12:21 Post subject: |
|
|
checked on Windows 7-64 running Apache 2.4.20 (of course the one from apachelounge.com) with a password-protected key and got the following lines in error.log:
| Code: | [Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/Program Files/Apache Software Foundation/Apache 2.4/conf/ssl.key/lcorei5_pw.key)
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] AH02311: Fatal error initialising mod_ssl, exiting. See C:/Program Files/Apache Software Foundation/Apache 2.4/logs/error.log for more information
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] AH02564: Failed to configure encrypted (?) private key corei5.local:443:0, check C:/Program Files/Apache Software Foundation/Apache 2.4/conf/ssl.key/lcorei5_pw.key
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
AH00016: Configuration Failed
|
My valid, but password-protected key starts with
| Code: | -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,8058D175B160179F
GkRdW2qTlUWpdDQWXQV5Iz0qKYrhD8USmj0ytqaBwkREaOOIugqSYqRxpK7uQqui
|
whereas the unprotected key starts with
| Code: | -----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAx295b3d4+Dxc1ZA+y70DZPA1eBOriEeOSs7b2qHBoZaLiJez
|
Using the unprotected key Apache runs fine  .
So I agree with James Blond to run the openssl-command he posted and check what your key looks like. |
|
| Back to top |
|
anandamj
Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA
|
| Posted: Tue 28 Jun '16 15:18 Post subject: |
|
|
Hi James,
When I use windows notepad to open the file, I see the code as non-encrypted
| Code: |
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDSj5qSKJEaWK6p
...
N5GKMN0oqD/ozqTgPjkfAFPqnMWe5A==
-----END PRIVATE KEY-----
|
But,when I type
| Code: | | openssl rsa -in mykey.key -out mykey.key |
I get the following:
| Code: | unable to load Private Key
8240:34494:0906D06C:PEM routines:PEM_read_bio:no start line:.\cryto\pem\pem_lib.c:647:Expecting: ANY PRIVATE KEY |
|
|
| Back to top |
|
anandamj
Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA
|
| Posted: Tue 28 Jun '16 15:25 Post subject: |
|
|
Hi Matthias
As I mentioned to James' response, I am not getting the output when I use openssl command. But, I can view the file in notepas as unprotected key.
Does the key have to begin with:
| Code: | | -----BEGIN RSA PRIVATE KEY----- |
Or, can that just say
| Code: | | -----BEGIN PRIVATE KEY----- |
Jacob  |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 28 Jun '16 16:45 Post subject: |
|
|
| How does your key start then? |
|
| Back to top |
|
anandamj
Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA
|
| Posted: Tue 28 Jun '16 17:57 Post subject: |
|
|
Hello James and Matthias
My private key was invalid. I went ahead and imported the private key through windows utility again. Now, the openssl command gives the correct output. And, I went ahead and loaded the file in the apache configuration file. I got the green signal from my apache monitor. Thank you folks for making me review everything again. Have a good one!
Jacob |
|
| Back to top |
|
