3 Replies Latest reply: Feb 7, 2014 3:46 AM by Catch_22 RSS

    SSLPassPhraseDialog

    5fcba440-6222-4f1c-b77f-1e273cd1bf61

      I am using 64-bit Oracle enterprise Linux and am trying to set up HTTPS for the Apache server.  I downloaded the mod_ssl package and tried to change some settings in /etc/httpd/conf.d/ssl.conf because I wanted to use my own SSL certificate instead of the one bundled by mod_ssl.  I have changed SSLPassPhraseDialog from 'buildin' to 'exec:/usr/local/bin/getmypasskey', which provides a one-time password for my SSL private key.  I have changed 'SSLCertificateFile',  'SSLCertificateKeyFile', and 'SSLCACertificateFile' to point to my own self-signed certificate, private key and my root CA certificate.  But when I start Apache, it does not run.  The log file in /var/log/httpd/ssl_error.log has the following entries:

      [Wed Feb 05 17:43:37 2014] [error] Init: Pass phrase incorrect
      [Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
      [Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
      [Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
      [Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
      [Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
      [Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
      [Wed Feb 05 17:43:37 2014] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
      The most puzzling thing is the getmypasskey is never executed.  I can be sure of this because I wrap a shell script around the actual program to log an entry if it is called and the log file does not even get generated.  If I manually run the program /usr/local/bin/getmypasskey, it does generate the log file.  This proves that Apache does not invoke the program specified in the SSLPassPhraseDialog directive in ssl.conf.  I have tried the same setting on Ubuntu 13 and it works as expected.  Has anyone experienced this problem?