Apache:mod_ssl:Error: Private key not found
In your config, you have these three lines:
SSLCertificateFile /etc/ssl/certs/mycert.crt
SSLCertificateKeyFile /etc/ssl/private/mycert.key
SSLCertificateFile /etc/ssl/certs/sub.class1.server.ca.pem
You are repeating SSLCertificateFile
. That means that Apache will use the second instance of the variable, i.e. /etc/ssl/certs/sub.class1.server.ca.pem
- but your key is the one for /etc/ssl/certs/mycert.crt
, so it doesn't match the CA cert. Thus, Apache isn't able to find the key for the certificate.
Probably your config should instead look like this:
# Server certificate
SSLCertificateFile /etc/ssl/certs/mycert.crt
# Key to server certificate
SSLCertificateKeyFile /etc/ssl/private/mycert.key
# Glue certificate to CA
SSLCACertificateFile /etc/ssl/certs/sub.class1.server.ca.pem
Note that the second certificate starts with SSLCA
instead of just SSL
.
Related videos on Youtube
Comments
-
davids over 1 year
I'm installing a SSL certificate to serve HTTPS. I'm using
Apache 2.4
inAmazon Linux
and got the certificate in Startssl. My Vhost config is the following:<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin [email protected] ServerName myweb.com DocumentRoot /var/www/html/myapp <Directory /var/www/htmlmyapp> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog /var/log/httpd/error_log LogLevel warn CustomLog /var/log/httpd/ssl_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/mycert.crt SSLCertificateKeyFile /etc/ssl/private/mycert.key SSLCertificateFile /etc/ssl/certs/sub.class1.server.ca.pem BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1. BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
When I restart Apache, I get this output:
Stopping httpd: [ OK ] Starting httpd: Apache/2.4.12 mod_ssl (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Private key myweb.com:443:0 (/etc/ssl/private/mycert.key) Enter pass phrase: OK: Pass Phrase Dialog successful. Apache:mod_ssl:Error: Private key not found. **Stopped [FAILED]
So, it asks me for the passphrase of a key, the passphrase is ok and then it says that it can't find it. What am I missing?
-
davids about 9 yearsThe paths are ok, it was a typo, because I changed the actual certificate names. Sorry!
-
davids about 9 yearsThat did it. Actually, I was using the
SSLCertificateChainFile
before, but Apache complained and told me to useSSLCertificateFile
(The SSLCertificateChainFile directive (/etc/httpd/conf.d/ssl.conf:22) is deprecated, SSLCertificateFile should be used instead
). Thank you! -
Jenny D about 9 yearsThat was a misleading error message!
-
davids about 9 yearsIt was!! And an expensive one too, it made me waste a couple of hours :(