From owner-freebsd-questions@FreeBSD.ORG Wed Oct 17 12:38:50 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC48916A417 for ; Wed, 17 Oct 2007 12:38:50 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: from catflap.slightlystrange.org (cpc5-cmbg1-0-0-cust497.cmbg.cable.ntl.com [86.6.1.242]) by mx1.freebsd.org (Postfix) with ESMTP id 5253713C461 for ; Wed, 17 Oct 2007 12:38:50 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: by catflap.slightlystrange.org (Postfix, from userid 106) id 3B0BD64B1; Wed, 17 Oct 2007 13:38:48 +0100 (BST) Received: from brick.slightlystrange.org (brick.slightlystrange.org [10.1.3.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by catflap.slightlystrange.org (Postfix) with ESMTP id 376D561DD for ; Wed, 17 Oct 2007 13:38:47 +0100 (BST) Received: (from danielby@localhost) by brick.slightlystrange.org (8.13.4/8.13.4/Submit) id l9HCcj5t001482 for freebsd-questions@freebsd.org; Wed, 17 Oct 2007 13:38:45 +0100 (BST) (envelope-from freebsd-questions@slightlystrange.org) Date: Wed, 17 Oct 2007 13:38:45 +0100 From: Daniel Bye To: freebsd-questions@freebsd.org Message-ID: <20071017123845.GA1393@brick.slightlystrange.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <1192628761.14024.44.camel@beastie.mra.co.id> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Content-Disposition: inline In-Reply-To: <1192628761.14024.44.camel@beastie.mra.co.id> User-Agent: Mutt/1.4.2.3i X-PGP-Fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A Subject: Re: apache mod_ssl chroot problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Oct 2007 12:38:51 -0000 --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 17, 2007 at 08:46:01PM +0700, Muhammad Reza wrote: > Dear List. >=20 > I have problem running apache in chroot mode with ssl enable. > Apache in chroot mode running fine without ssl enable, but when i try to > start with mod_ssl enable, error occured with this message. >=20 > beastie#chroot /chroot/httpd /usr/local/apache2/bin/httpd > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) > Some of your private key files are encrypted for security reasons. > In order to read them you have to provide the pass phrases. >=20 > Server beastie.mra.co.id:443 (RSA) > Enter pass phrase:Apache:mod_ssl:Error: Private key not found. > **Stopped >=20 > and with error log >=20 > [Wed Oct 17 13:37:25 2007] [error] Init: Private key not found > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218710120 > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218595386 > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error > [Wed Oct 17 13:37:25 2007] [error] SSL Library Error: 218734605 > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib > [Wed Oct 17 13:38:32 2007] [error] Init: Private key not found > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218710120 > error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218529960 > error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218595386b > error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error > [Wed Oct 17 13:38:32 2007] [error] SSL Library Error: 218734605 > error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib >=20 > If i escape from chrooted enviroment, apache with mod_ssl work fine=20 >=20 > beastie# /usr/local/apache2/bin/httpd > Apache/2.2.6 mod_ssl/2.2.6 (Pass Phrase Dialog) > Some of your private key files are encrypted for security reasons. > In order to read them you have to provide the pass phrases. >=20 > Server www.example.com:443 (RSA) > Enter pass phrase: >=20 > OK: Pass Phrase Dialog successful. >=20 > Is there something missing here, please enlight me. The first thing that comes to mind - are your keys inside the chroot area you want to run apache in? --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHFgJVixf5fBYiFmoRAuztAJ9Ny3erNwBsf19x+ATCv5EPtw0WBACgnTfh yjtr1h2NVX8OTq08O1F4kyg= =jDL6 -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND--