SSL库错误（密钥值不匹配），但是证书文件确实匹配

Question

My site (Apache 2.4.6 on CentOS 7) was working fine with SSL until yesterday, but now the apache service fails when I try to restart my server:

$  sudo service httpd restart
$  Enter SSL pass phrase for sitename.com:443 (RSA) : ********
$  Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

Neither of those suggested commands give much info, so by checking the ssl_error_log, I find the following relevant entries:

[ssl:debug] ssl_util_ssl.c(495): AH02412: [sitename.com:443] Cert matches for name 'sitename.com' [ ... (certificate details) ... ]
[ssl:debug] ssl_engine_init.c(984): AH02236: Configuring RSA server private key
[ssl:emerg] AH02238: Unable to configure RSA server private key
[ssl:emerg] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

The last two entries indicate that the key and cert files do not match. The configuration is specified in /etc/httpd/conf.d/sitename.conf :

SSLCertificateKeyFile /etc/pki/tls/private/sitename.com.key
SSLCertificateFile /etc/pki/tls/certs/sitename.com.crt
SSLCertificateChainFile /etc/pki/tls/certs/IntermediateCA.crt

I run the following to look at their modulus, and they do indeed match:

$ openssl x509 -noout -modulus -in /etc/pki/tls/certs/sitename.com.crt | openssl md5
$ openssl rsa -noout -modulus -in /etc/pki/tls/private/sitename.com.key | openssl md5

So it seems like everything should be working, but this is where I am stuck and cannot determine the cause of the error.

Any advice is appreciated. Thank you for your time.

Answer 1

I figured it out. Not sure exactly which package changed from my yum update command, but my guess is that one of them was responsible.

Anyways, I had to remove the password protection from my certificate's private key file:

$  openssl rsa -in [sitename.com.key] -out [sitename.com.key]