How do I configure Apache httpd to read the private key passphrase from a file?
Issue
- When I (re-)start httpd with SSL, the private key requires a passphrase and the service holds and waits for the user to input the passphrase. I don't want to remove the passphrase of the private key, how can I automate this?
- Is it possible to configure Apache to read the private key passphrase from a file?
- When an incorrect password is entered while starting the HTTPS server, the following error is logged in the
ssl_request_log:
[ssl:emerg] [pid 61062:tid 139814295916224] AH02580: Init: Pass phrase incorrect for key 127.0.0.1:443:0
[ssl:emerg] [pid 61062:tid 139814295916224] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[ssl:emerg] [pid 61062:tid 139814295916224] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
[ssl:emerg] [pid 61062:tid 139814295916224] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[ssl:emerg] [pid 61062:tid 139814295916224] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
[ssl:emerg] [pid 61062:tid 139814295916224] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib
[ssl:emerg] [pid 61062:tid 139814295916224] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
[ssl:emerg] [pid 61062:tid 139814295916224] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[ssl:emerg] [pid 61062:tid 139814295916224] AH02564: Failed to configure encrypted (?) private key 127.0.0.1:443:0, check /etc/pki/tls/private/localhost.key
Environment
- Red Hat Enterprise Linux (RHEL)
- Apache httpd
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
