You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by IT Professional <zh...@yahoo.com.sg> on 2006/11/03 08:15:46 UTC

[users@httpd] Can't start Apache 2.0.59

I've compiled Apache 2.0.59 with OpenSSL 0.9.9[dev].
The server can run well with RSA cert but when I tried to run it with ECC cert, the server refused to start.
Log files are showing:
[Fri Nov 03 14:52:20 2006] [info] Init: Initializing OpenSSL library
[Fri Nov 03 14:52:20 2006] [info] Init: Seeding PRNG with 144 bytes of entropy
[Fri Nov 03 14:52:20 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Fri Nov 03 14:52:21 2006] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Fri Nov 03 14:52:21 2006] [debug] ssl_scache_dbm.c(406): Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[Fri Nov 03 14:52:21 2006] [info] Init: Initializing (virtual) servers for SSL

[Fri Nov 03 14:52:20 2006] [info] Loading certificate & private key of SSL-aware server
[Fri Nov 03 14:52:20 2006] [debug] ssl_engine_pphrase.c(469): unencrypted UNKNOWN private key - pass phrase not required
[Fri Nov 03 14:52:21 2006] [info] Configuring server for SSL protocol
[Fri Nov 03 14:52:21 2006] [debug] ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Nov 03 14:52:21 2006] [debug] ssl_engine_init.c(588): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Fri Nov 03 14:52:21 2006] [error] Oops, no RSA or DSA server certificate found?!

The only thing I've changed in ssl.conf is:
SSLCertificateFile conf/secp521r1.crt
SSLCertificateKeyFile conf/secp521r1.key

Anyone has similar problem? 

Thanks in advance!


		
__________________________________ 
What will the world find in 2020? 
Leave a part of your 2006 in the Yahoo! Time Capsule. Contribute now! 
http://timecapsule.yahoo.com/capsule.php?intl=sg

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Can't start Apache 2.0.59

Posted by Kenneth Svee <k....@usit.uio.no>.

[ IT Professional ]

> I've compiled Apache 2.0.59 with OpenSSL 0.9.9[dev].
> The server can run well with RSA cert but when I tried to run it
> with ECC cert, the server refused to start.
> Log files are showing:
...
> [Fri Nov 03 14:52:21 2006] [error] Oops, no RSA or DSA server certificate found?!
>
> The only thing I've changed in ssl.conf is:
> SSLCertificateFile conf/secp521r1.crt
> SSLCertificateKeyFile conf/secp521r1.key
>
> Anyone has similar problem? 

Did you check to see if Apache supports ECC-certificates. AFAICT only
RSA/DSA-based PEM-encoded certificates are supported:

  http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslcertificatefile

Rgds,
Kenneth Svee

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org