- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SSL - unable to get private key from /opt/hpws/ap...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2005 01:28 AM
06-21-2005 01:28 AM
SSL - unable to get private key from /opt/hpws/apache/conf/ssl.key/server.key
System is new RP3440 with HP-UX 11iv2 - default install.
I generated client and server keys with:
/opt/hpws/apache/util/mkcert.sh --client
then
/opt/hpws/apache/util/mkcert.sh --server
I sent the /opt/hpws/apache/conf/ssl.crt/server.csr off to Soltrus - they sent back a certificate...
So I replaced /opt/hpws/apache/conf/ssl.crt/server.crt with the one from them...
Apache with ssl won't start - I get:
[Tue Jun 21 07:28:37 2005] [error] Unable to configure RSA server private key
[Tue Jun 21 07:28:37 2005] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
I check with openssl:
# openssl s_server -key /opt/hpws/apache/conf/ssl.key/server.key -cert /opt/hpws/apache/conf/ssl.crt/server.crt
Using default temp DH parameters
unable to get private key from '/opt/hpws/apache/conf/ssl.key/server.key'
19806:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:389:
I can read the certificate with:
openssl x509 -noout -text -in /opt/hpws/apache/conf/ssl.crt/server.crt
and the private key with:
openssl rsa -noout -text -in /opt/hpws/apache/conf/ssl.key/server.key
The modulus do not match...
Any ideas?
Thanks...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2005 01:56 AM
06-21-2005 01:56 AM
Re: SSL - unable to get private key from /opt/hpws/apache/conf/ssl.key/server.key
I found this process baffling when I did it so I was forced to write a cheat sheet script. I think you might manipulate this to automate the task of properly placing your ssl certificate or use it to vette the process you used.
#!/bin/sh
echo "name is: $1"
touch certindex.txt
touch index.txt
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -con
fig /etc/openssl.cnf
openssl req -new -nodes -out ${1}-req.pem -keyout private/${1}-key.pem -config /
etc/openssl.cnf
openssl ca -out ${1}-cert.pem -config /etc/openssl.cnf -infiles ${1}-req.pem
certf="${1}-cert.pem"
keyf="private/${1}-key.pem"
cp $keyf /etc/httpd/conf/ssl.key/
cp $certf /etc/httpd/conf/sss.crt/
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2005 02:10 AM
06-21-2005 02:10 AM
Re: SSL - unable to get private key from /opt/hpws/apache/conf/ssl.key/server.key
Okay - well - I didn't use ftp - I simply cut'n'paste from notepad to putty session...
As far as openssl.cnf - all I have is:
/opt/hpwebadmin/conf/openssl.cnf
/opt/openssl/openssl.cnf
/opt/hpws/webmin/acl/openssl.cnf
For apache, I use:
/opt/hpws/apache/conf/ssl.conf
In that file,
SSLCertificateFile /opt/hpws/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /opt/hpws/apache/conf/ssl.key/server.key
But the openssl.cnf files don't match anything at all...
Should I be configuring them? - which one?
The dir setting in all of them does NOT exist...
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2005 02:23 AM
06-21-2005 02:23 AM
Re: SSL - unable to get private key from /opt/hpws/apache/conf/ssl.key/server.key
I remember having to do this.
I used the docs at openssl.org they are better than what I found in hp's system.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2005 01:11 AM
06-22-2005 01:11 AM
Re: SSL - unable to get private key from /opt/hpws/apache/conf/ssl.key/server.key
# openssl s_server -key /opt/hpws/apache/conf/ssl.key/server.key -cert /opt/hpws/apache/conf/ssl.crt/server.crt
Using default temp DH parameters
ACCEPT
I think part of the issue was - I was using a different server key then the one that was created when I made the CSR...
I also followed these steps to create a key and CSR:
https://digitalid.soltrus.com/csr/v01_ApacheSSL.html
Rgds...Geoff