Apache - Init: Can't open server private key file

Question

I am enabling ssl on my apache running on localhost. I generated a self signed certificate and put it in a usual place:

[david@david web]$ ll /etc/ssl/certs/
...
-rwxrwxrwx. 1 david david    977 Mar  7 13:18 localhost.crt
-rwxrwxrwx. 1 david david    712 Mar  7 13:16 localhost.csr
-rwxrwxrwx. 1 david david    963 Mar  7 13:12 localhost.key

But when I restart Apache, the server fails and I receive the following in the error log:

[Fri Mar 07 13:29:17 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Mar 07 13:29:17 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Mar 07 13:29:17 2014] [error] (13)Permission denied: Init: Can't open server private key file /etc/ssl/certs/localhost.key

The permissions look ok to me, what am I doing wrong?

Answer 1

This is because you probably uploaded the file(s) first to one of your home directories and then moved them somewhere in the /etc directory. To correct the context of this file, execute the following command:

restorecon -RvF /etc/ssl/certs/

and restar Apache service httpd restart .

Hope it helps.

Answer 2

David,

I would suggest first to change the permissions and ownership on the key file

Change ownership:
Change permissions:

To fix the problem, I needed to remove the passphrase from the key

Remove passphrase:

After that, just change the SSLCertificateKeyFile parameter to point to localhost_nopp.key and restart Apache.

I am guessing this produces a "clean" file that Apache is now happy to use. Since this appears to a development/test environment, the assumption is that removing the passphrase will not cause a major security issue.

Thanks,

John