hi folks, I have Apache 2.2.8 running on Red Hat Enterprise Linux Server release 5 (Tikanga). I have installed a purchased certificate on my server. Upon restarting httpd, I get the following error: # /etc/init.d/httpd start Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server myserver.mydomain.com:443 (RSA) Enter pass phrase:Apache:mod_ssl:Error: Private key not found. **Stopped In the log files, I can see the messages below: [Mon Dec 21 21:21:23 2009] [error] Init: Private key not found [Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Mon Dec 21 21:21:23 2009] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib [Mon Dec 21 22:18:34 2009] [info] Loading certificate & private key of SSL-aware server [Mon Dec 21 22:18:34 2009] [info] Init: Requesting pass phrase via builtin terminal dialog Apache is chrooted and the crt, csr and key files are found in the conf folder. I used the commands below to check my .crt, .csr and .key files and they do match: $ openssl x509 -noout -modulus -in server.crt | openssl md5 $ openssl rsa -noout -modulus -in server.key | openssl md5 $ openssl req -noout -modulus -in server.csr | openssl md5 I have even given the .key file 777 permissions. I have read that there can be 3 workarounds to this problem, but none of these are suitable for me: 1. Buy a new certificate 2. Disable the pass-phrase 3. Unencrypt the .key file I would appreciate any help I could get from you. Below are my config files found at /chROOT/usr/local/lamp/httpd.2.2.8/conf Thanks beforehand Nemo ********************************** httpd.conf****************************** ServerRoot "/usr/local/lamp/httpd-2.2.8" Listen 443 Listen 80 LoadModule perl_module modules/mod_perl.so LoadModule php5_module modules/libphp5.so <IfModule !mpm_netware_module> User myuser Group mygroup </IfModule> ServerAdmin serveradmin@mydomain.com ServerName xxx.yyy.com:80 DocumentRoot "/websites/yyy/" <Directory /> Options FollowSymLinks AllowOverride AuthConfig Order deny,allow Deny from all </Directory> <Directory "/websites"> Options -Indexes FollowSymLinks AllowOverride AuthConfig FileInfo Options Indexes Order allow,deny Allow from all </Directory> <IfModule dir_module> DirectoryIndex index.php index.html </IfModule> <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> ErrorLog "logs/error_log" LogLevel debug <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" common </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/usr/local/lamp/httpd-2.2.8/cgi-bin/" </IfModule> <IfModule cgid_module> </IfModule> <Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> DefaultType text/plain <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php php AddType application/x-httpd-php php3 AddType application/x-httpd-php-source phps </IfModule> ErrorDocument 403 http://xxx.yyy.com/error/ ErrorDocument 404 http://xxx.yyy.com/error/ Include conf/extra/httpd-vhosts.conf Include conf/extra/httpd-default.conf <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> SetOutputFilter DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary FileETag None TraceEnable Off ***********************************httpd-vhosts.conf*********************************** NameVirtualHost *:443 NameVirtualHost *:80 <VirtualHost *:80> ServerName xxx.yyy.com DocumentRoot /websites/yyy/ ErrorLog logs/xxx-error_log CustomLog logs/xxx-access_log common ServerAdmin serveradmin@mydomain.com </VirtualHost> <VirtualHost *:443> DocumentRoot "/websites/myserver/" ServerName myserver.mydomain.com ErrorLog logs/myserver.mydomain-error_log CustomLog logs/myserver.mydomain-access_log common ServerAdmin serveradmin@mydomain.com </VirtualHost> ********************************httpd-ssl.conf****************************************** AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/lamp/httpd-2.2.8/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/usr/local/lamp/httpd-2.2.8/logs/ssl_mutex" <VirtualHost _default_:443> DocumentRoot "/websites/myserver/" ServerName myserver.mydomain.com:443 ServerAdmin serveradmin@mydomain.com ErrorLog "logs/myserver.mydomain.com.ssl-error_log" TransferLog "logs/myserver.mydomain.com.ssl-transfer_log" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.crt" SSLCertificateKeyFile "/usr/local/lamp/httpd-2.2.8/conf/myserver.mydomain.com.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/lamp/httpd-2.2.8/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/usr/local/lamp/httpd-2.2.8/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>