My site (Apache 2.4.6 on CentOS 7) was working fine with SSL until yesterday, but now the apache service fails when I try to restart my server:
$ sudo service httpd restart
$ Enter SSL pass phrase for sitename.com:443 (RSA) : ********
$ Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Neither of those suggested commands give much info, so by checking the ssl_error_log, I find the following relevant entries:
[ssl:debug] ssl_util_ssl.c(495): AH02412: [sitename.com:443] Cert matches for name 'sitename.com' [ ... (certificate details) ... ]
[ssl:debug] ssl_engine_init.c(984): AH02236: Configuring RSA server private key
[ssl:emerg] AH02238: Unable to configure RSA server private key
[ssl:emerg] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
The last two entries indicate that the key and cert files do not match. The configuration is specified in /etc/httpd/conf.d/sitename.conf
:
SSLCertificateKeyFile /etc/pki/tls/private/sitename.com.key
SSLCertificateFile /etc/pki/tls/certs/sitename.com.crt
SSLCertificateChainFile /etc/pki/tls/certs/IntermediateCA.crt
I run the following to look at their modulus, and they do indeed match:
$ openssl x509 -noout -modulus -in /etc/pki/tls/certs/sitename.com.crt | openssl md5
$ openssl rsa -noout -modulus -in /etc/pki/tls/private/sitename.com.key | openssl md5
So it seems like everything should be working, but this is where I am stuck and cannot determine the cause of the error.
Any advice is appreciated. Thank you for your time.
I figured it out. Not sure exactly which package changed from my yum update
command, but my guess is that one of them was responsible.
Anyways, I had to remove the password protection from my certificate's private key file:
$ openssl rsa -in [sitename.com.key] -out [sitename.com.key]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.