Re: [users@httpd] "corrupted content" error, httpd can't access SSL key file [wd-vc]

Mon, 29 Sep 2014 16:36:01 -0700 

Have you tried with a self signed certificate just to see what happens?

# openssl req -new -x509 -days 3650 -nodes -newkey rsa:4096 -out
/etc/ssl/certs/test.pem -keyout /etc/ssl/private/test.pem

# chmod go= /etc/ssl/private/test.pem

httpd.conf

SSLCertificateFile    /etc/ssl/certs/test.pem
SSLCertificateKeyFile /etc/ssl/private/test.pem

On 09/29/2014 05:02 PM, Benjamin Oppermann wrote:
> Ooops, my bad.
>  
> ~$ sudo openssl rsa -in /etc/ssl/private/owncloud.key -check
> RSA key ok
>  
> So the key file itself is not the problem...
>  
> Am Mo, 29. Sep 2014, um 22:15, schrieb Benjamin Oppermann:
>> So should I revoke the changes to permissions I made, or remove
>> permissions for my user, leaving only root?
>>  
>>
>>     ~$ openssl rsa -in /etc/ssl/private/owncloud.key -check
>>     Error opening Private Key /etc/ssl/private/owncloud.key
>>     139748944725664:error:0200100D:system library:fopen:Permission
>>     denied:bss_file.c:398:fopen('/etc/ssl/private/owncloud.key','r')
>>     139748944725664:error:20074002:BIO routines:FILE_CTRL:system
>>     lib:bss_file.c:400:
>>     unable to load Private Key
>>
>>  
>> I take it this means the key file is broken?
>>  
>>  
>> Am Mo, 29. Sep 2014, um 21:57, schrieb Daniel:
>>> a private key should never be accesible to groups or others, just
>>> root as read only.
>>>  
>>> Having said this... have you checked the key file is correct?
>>>  
>>> try this:
>>> openssl rsa -in /etc/ssl/private/owncloud.key -check
>>>  
>>> 2014-09-29 21:22 GMT+02:00 Benjamin Oppermann <ben....@eml.cc
>>> <mailto:ben....@eml.cc>>:
>>>
>>>     Ok, I tried this. The permissions are now:
>>>      
>>>     ~$ sudo ls -l /etc/ssl/private/owncloud.key
>>>     -rw-r--r-- 1 root ben 1704 Sep 28 04:01
>>>     /etc/ssl/private/owncloud.key
>>>      
>>>     I still get the same error.
>>>     Regards Ben
>>>      
>>>      
>>>     Am Mo, 29. Sep 2014, um 14:12, schrieb Bremser, Kurt (AMOS Austria
>>>     GmbH):
>>>     > The first thing that I'd try is
>>>     > sudo chmod go+r /etc/ssl/private/owncloud.key
>>>     >
>>>     > Kurt Bremser
>>>     > AMOS Austria
>>>     >
>>>     > Newton was wrong. There is no gravity. The Earth sucks.
>>>     > ________________________________________
>>>     > Von: Benjamin Oppermann [ben....@eml.cc]
>>>     > Gesendet: Montag, 29. September 2014 13:31
>>>     > An: users@httpd.apache.org <mailto:users@httpd.apache.org>
>>>     > Betreff: **SPAM?** [users@httpd] "corrupted content" error,
>>>     httpd can't
>>>     > access SSL key file [wd-vc]
>>>     >
>>>     > Hi,
>>>     > I can't reach my website, I get a "corrupted content" error
>>>     message in
>>>     > the browser.
>>>     > Looking into apache (version 2.4.7 on Ubuntu 14.04), I get
>>>     >
>>>     > ~$ apachectl -S
>>>     >     AH00526: Syntax error on line 22 of
>>>     >     /etc/apache2/sites-enabled/000-default.conf:
>>>     >     SSLCertificateKeyFile: file
>>>     '/etc/ssl/private/owncloud.key' does not
>>>     >     exist or is empty
>>>     >     Action '-S' failed.
>>>     >
>>>     > However, I double checked that the file is in the appropriate
>>>     location
>>>     > and does contain the key, so maybe apache has no permission.
>>>     afaik, it
>>>     > doesn't run as root all the time - or only for a short time?
>>>     > permissions for the key file are as follows:
>>>     >
>>>     > ~$ sudo ls -l /etc/ssl/private/owncloud.key
>>>     >     -rw------- 1 root ben 1704 Sep 28 04:01
>>>     >     /etc/ssl/private/owncloud.key
>>>     >
>>>     > , where ben is my normal user.
>>>     > It was suggested to me on the httpd IRC channel that maybe
>>>     apparmor was
>>>     > doing something wrong, but I don't know how to investigate that.
>>>     > I did have a working configuration and made no changes to it
>>>     before this
>>>     > happened. The only change I made was to put a router between
>>>     the second
>>>     > gateway and the server and resolved the domain name to its
>>>     local IP
>>>     > inside the network (the page isn't reachable from inside either).
>>>     > Just so you know, this is the first time I am setting up a
>>>     server, and I
>>>     > am all self-taught.
>>>     > Reading suggestions for a good start are appreciated, but of
>>>     course a
>>>     > how-to or specific section of a manual would be more helpful
>>>     than a
>>>     > generic exhortation to rtfm :-)
>>>     > Any hints?
>>>     > Thanks, Ben
>>>     >
>>>     >
>>>     ---------------------------------------------------------------------
>>>     > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>>     <mailto:users-unsubscr...@httpd.apache.org>
>>>     > For additional commands, e-mail: users-h...@httpd.apache.org
>>>     <mailto:users-h...@httpd.apache.org>
>>>      
>>>     >
>>>     ---------------------------------------------------------------------
>>>     > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>>     <mailto:users-unsubscr...@httpd.apache.org>
>>>     > For additional commands, e-mail: users-h...@httpd.apache.org
>>>     <mailto:users-h...@httpd.apache.org>
>>>     >
>>>      
>>>     ---------------------------------------------------------------------
>>>     To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>>     <mailto:users-unsubscr...@httpd.apache.org>
>>>     For additional commands, e-mail: users-h...@httpd.apache.org
>>>     <mailto:users-h...@httpd.apache.org>
>>>      
>>>
>>>  
>>  
>

Reply via email to