You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Ron Barber (JIRA)" <ji...@apache.org> on 2014/02/18 20:46:21 UTC
[jira] [Updated] (TS-612) ATS does not allow password protected
certificates
[ https://issues.apache.org/jira/browse/TS-612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ron Barber updated TS-612:
--------------------------
Labels: Review (was: )
> ATS does not allow password protected certificates
> --------------------------------------------------
>
> Key: TS-612
> URL: https://issues.apache.org/jira/browse/TS-612
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Affects Versions: 3.0.0
> Environment: Any
> Reporter: Igor Galić
> Assignee: Ron Barber
> Labels: Review
> Fix For: 5.0.0
>
>
> Create a (self-signed) certificate with a password that is non-empty. {cat server.key server.crt > server.pem} and configure it as
> {CONFIG proxy.config.ssl.server.cert.filename STRING server.pem}
> The result will be:
> {noformat}
> Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: --- Server Starting ---
> Jan 3 10:50:16 proveedores traffic_server[2579]: NOTE: Server Version: Apache Traffic Server - traffic_server - 2.0.1 - (build # 113112 on Dec 31 2010 at 12:58:34)
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} STATUS: opened var/log/trafficserver/diags.log
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: updated diags config
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache clustering disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: no cache disks specified in etc/trafficserver/storage.config: cache disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: cache clustering disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} WARNING: unable to open cache disk(s): Cache Disabled
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL ERROR: Cannot use server private key file.
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL::0:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:105:
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL::0:error:0906A068:PEM routines:PEM_do_header:bad password read:pem_lib.c:406:
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL::0:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669:
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} ERROR: SSL ERROR: Can't initialize the SSL library, disabling SSL termination!.
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: logging initialized[7], logging_mode = 3
> Jan 3 10:50:16 proveedores traffic_server[2579]: {1080362352} NOTE: traffic server running
> {noformat}
> A first -- ugly -- shot would be to at least have a password field in the configuration.
> In the end something taking the input of an external program or from a file would be more desirable.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)