logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Apache server 2.4 and SSL Module unable to load certificate

 
Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules



View previous topic :: View next topic  
Author Message
anandamj



Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA

PostPosted: Sun 26 Jun '16 20:04    Post subject: Apache server 2.4 and SSL Module unable to load certificate Reply with quote

Hello Friends!

I am unable to load the SSL certificate and key and working with them for a week. I am attaching the error log. Can anyone help me to resolve this issue?

I am running my server on:
Windows 7 64 bit

Your help is greatly appreciated! Thanks.

This is my error log:
Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/KeysSecured/mykey.key)
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] AH02564: Failed to configure encrypted (?) private key www.mysite.com:443:0, check C:/KeysSecured/mykey.key
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Jun 26 12:53:20.621763 2016] [ssl:emerg] [pid 2136:tid 464] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 26
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Mon 27 Jun '16 20:15    Post subject: Key password protected? Reply with quote

Hello,

is the private key of the certificate password-protected? The first line within the error-log sounds like this.
Removing passwords from keys is described here (just picket one of the google-results): http://www.microhowto.info/howto/remove_the_passphrase_from_an_existing_openssl_key_file.html

Greetings
Matthias Very Happy
Back to top
anandamj



Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA

PostPosted: Mon 27 Jun '16 22:00    Post subject: Reply with quote

Mathias, thanks for your response.

My private key is not password-protected. I don't know, if there is any other glitch.

Thanks again for your help.

Jacob
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6202
Location: Germany, Next to Hamburg

PostPosted: Tue 28 Jun '16 11:40    Post subject: Reply with quote

make a backup from your keyfile and run

Code:

openssl rsa -in mykey.key -out mykey.key


However the 0D0680A8:asn1 error says that the key is not valid.

does your key look like the following?

Code:

-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDSj5qSKJEaWK6p
...
N5GKMN0oqD/ozqTgPjkfAFPqnMWe5A==
-----END PRIVATE KEY-----
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 26
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Tue 28 Jun '16 12:21    Post subject: Reply with quote

checked on Windows 7-64 running Apache 2.4.20 (of course the one from apachelounge.com) with a password-protected key and got the following lines in error.log:

Code:
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] AH02577: Init: SSLPassPhraseDialog builtin is not supported on Win32 (key file C:/Program Files/Apache Software Foundation/Apache 2.4/conf/ssl.key/lcorei5_pw.key)
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] AH02311: Fatal error initialising mod_ssl, exiting. See C:/Program Files/Apache Software Foundation/Apache 2.4/logs/error.log for more information
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] AH02564: Failed to configure encrypted (?) private key corei5.local:443:0, check C:/Program Files/Apache Software Foundation/Apache 2.4/conf/ssl.key/lcorei5_pw.key
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jun 28 11:29:19.005833 2016] [ssl:emerg] [pid 5868:tid 360] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
AH00016: Configuration Failed


My valid, but password-protected key starts with
Code:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,8058D175B160179F

GkRdW2qTlUWpdDQWXQV5Iz0qKYrhD8USmj0ytqaBwkREaOOIugqSYqRxpK7uQqui


whereas the unprotected key starts with
Code:
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAx295b3d4+Dxc1ZA+y70DZPA1eBOriEeOSs7b2qHBoZaLiJez


Using the unprotected key Apache runs fine Very Happy.

So I agree with James Blond to run the openssl-command he posted and check what your key looks like.
Back to top
anandamj



Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA

PostPosted: Tue 28 Jun '16 15:18    Post subject: Reply with quote

Hi James,

When I use windows notepad to open the file, I see the code as non-encrypted

Code:
 

 -----BEGIN PRIVATE KEY-----
 MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDSj5qSKJEaWK6p
 ...
 N5GKMN0oqD/ozqTgPjkfAFPqnMWe5A==
 -----END PRIVATE KEY----- 


But,when I type

Code:
openssl rsa -in mykey.key -out mykey.key


I get the following:

Code:
unable to load Private Key
8240:34494:0906D06C:PEM routines:PEM_read_bio:no start line:.\cryto\pem\pem_lib.c:647:Expecting: ANY PRIVATE KEY
Back to top
anandamj



Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA

PostPosted: Tue 28 Jun '16 15:25    Post subject: Reply with quote

Hi Matthias

As I mentioned to James' response, I am not getting the output when I use openssl command. But, I can view the file in notepas as unprotected key.

Does the key have to begin with:

Code:
-----BEGIN RSA PRIVATE KEY-----


Or, can that just say

Code:
-----BEGIN PRIVATE KEY-----


Jacob Crying or Very sad
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6202
Location: Germany, Next to Hamburg

PostPosted: Tue 28 Jun '16 16:45    Post subject: Reply with quote

How does your key start then?
Back to top
anandamj



Joined: 25 May 2016
Posts: 9
Location: Brownsville, TX, USA

PostPosted: Tue 28 Jun '16 17:57    Post subject: Reply with quote

Hello James and Matthias

My private key was invalid. I went ahead and imported the private key through windows utility again. Now, the openssl command gives the correct output. And, I went ahead and loaded the file in the apache configuration file. I got the green signal from my apache monitor. Thank you folks for making me review everything again. Have a good one!

Jacob Very Happy
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules
Page 1 of 1